New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial setup login page should hide password input #814
base: master
Are you sure you want to change the base?
Conversation
The form field for password `type` property wasn't set correctly, so passwords would display in browser as user typed them in
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #814 +/- ##
=======================================
Coverage 65.53% 65.53%
=======================================
Files 138 138
Lines 12895 12896 +1
Branches 533 533
=======================================
+ Hits 8451 8452 +1
Misses 4288 4288
Partials 156 156
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
If we hide the password field, I think we should also add a "repeat password" field, as it would be a hazzle if users made a typo and had to reset Photoview fix it. |
or maybe add a preview button to the field, can toggle password hide/display when you click it |
I agree with the two comments, however the current state is a security vulnerability, and the current PR fixes it, so in my opinion the two other mentions should be implemented separately to allow this small, more vital, change to be merged more immediately upon approval (and be easier to review). |
Another issue with the non-password type field is that it's not detected by password managers. And even worse is the fact that the browser might store the password in clear text for input suggestions on the site. In my opinion a single password field, without "repeat password" is still way better than using a plain text field. |
@komali2, I've created the #910 as a temporary alternative to the |
I shall make a password confirmation component in the UI under #918 I think it's good to get this one in in the meantime. @kkovaletp Are you happy for this to be merged or should we wait until the password confirmation piece is done? |
I'd like to wait until we have a solid solution |
The form field for password
type
property wasn't set correctly, so passwords would display in browser as user typed them in