use HTML5 autocomplete values to better handle password managers

2019-03-02 23:19:58 +01:00 · 2019-03-02 23:19:58 +01:00 · 54427f7c68
parent 35eef9c28d
commit 54427f7c68
3 changed files with 9 additions and 6 deletions
--- a/passbook/core/forms/authentication.py
+++ b/passbook/core/forms/authentication.py
@ -81,8 +81,6 @@ class SignUpForm(forms.Form):
        password_repeat = self.cleaned_data.get('password_repeat')
        if password != password_repeat:
            raise ValidationError(_("Passwords don't match"))
-        # TODO: Password policy? Via Plugin? via Policy?
-        # return check_password(self)
        return self.cleaned_data.get('password_repeat')


@ -91,5 +89,6 @@ class PasswordFactorForm(forms.Form):

    password = forms.CharField(widget=forms.PasswordInput(attrs={
        'placeholder': _('Password'),
-        'autofocus': 'autofocus'
+        'autofocus': 'autofocus',
+        'autocomplete': 'current-password'
        }))
--- a/passbook/core/forms/users.py
+++ b/passbook/core/forms/users.py
@ -22,10 +22,14 @@ class PasswordChangeForm(forms.Form):
    """Form to update password"""

    password = forms.CharField(label=_('Password'),
-                               widget=forms.PasswordInput(attrs={'placeholder': _('New Password')}))
+                               widget=forms.PasswordInput(attrs={
+                                   'placeholder': _('New Password'),
+                                   'autocomplete': 'new-password'
+                                   }))
    password_repeat = forms.CharField(label=_('Repeat Password'),
                                      widget=forms.PasswordInput(attrs={
-                                          'placeholder': _('Repeat Password')
+                                          'placeholder': _('Repeat Password'),
+                                          'autocomplete': 'new-password'
                                      }))

    def clean_password_repeat(self):
@ -34,5 +38,4 @@ class PasswordChangeForm(forms.Form):
        password_repeat = self.cleaned_data.get('password_repeat')
        if password != password_repeat:
            raise ValidationError(_("Passwords don't match"))
-        # TODO: Password policy check
        return self.cleaned_data.get('password_repeat')
--- a/passbook/core/views/user.py
+++ b/passbook/core/views/user.py
@ -46,6 +46,7 @@ class UserChangePasswordView(FormView):

    def form_valid(self, form: PasswordChangeForm):
        try:
+            # user.set_password checks against Policies so we don't need to manually do it here
            self.request.user.set_password(form.cleaned_data.get('password'))
            self.request.user.save()
            update_session_auth_hash(self.request, self.request.user)