From 54427f7c6892688e94c8ce3b2fade86734d0dc68 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sat, 2 Mar 2019 23:19:58 +0100
Subject: [PATCH] use HTML5 autocomplete values to better handle password
 managers

---
 passbook/core/forms/authentication.py | 5 ++---
 passbook/core/forms/users.py          | 9 ++++++---
 passbook/core/views/user.py           | 1 +
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/passbook/core/forms/authentication.py b/passbook/core/forms/authentication.py
index 525c89671..0f83059ab 100644
--- a/passbook/core/forms/authentication.py
+++ b/passbook/core/forms/authentication.py
@@ -81,8 +81,6 @@ class SignUpForm(forms.Form):
         password_repeat = self.cleaned_data.get('password_repeat')
         if password != password_repeat:
             raise ValidationError(_("Passwords don't match"))
-        # TODO: Password policy? Via Plugin? via Policy?
-        # return check_password(self)
         return self.cleaned_data.get('password_repeat')
 
 
@@ -91,5 +89,6 @@ class PasswordFactorForm(forms.Form):
 
     password = forms.CharField(widget=forms.PasswordInput(attrs={
         'placeholder': _('Password'),
-        'autofocus': 'autofocus'
+        'autofocus': 'autofocus',
+        'autocomplete': 'current-password'
         }))
diff --git a/passbook/core/forms/users.py b/passbook/core/forms/users.py
index fb3fa92e4..a210fdad3 100644
--- a/passbook/core/forms/users.py
+++ b/passbook/core/forms/users.py
@@ -22,10 +22,14 @@ class PasswordChangeForm(forms.Form):
     """Form to update password"""
 
     password = forms.CharField(label=_('Password'),
-                               widget=forms.PasswordInput(attrs={'placeholder': _('New Password')}))
+                               widget=forms.PasswordInput(attrs={
+                                   'placeholder': _('New Password'),
+                                   'autocomplete': 'new-password'
+                                   }))
     password_repeat = forms.CharField(label=_('Repeat Password'),
                                       widget=forms.PasswordInput(attrs={
-                                          'placeholder': _('Repeat Password')
+                                          'placeholder': _('Repeat Password'),
+                                          'autocomplete': 'new-password'
                                       }))
 
     def clean_password_repeat(self):
@@ -34,5 +38,4 @@ class PasswordChangeForm(forms.Form):
         password_repeat = self.cleaned_data.get('password_repeat')
         if password != password_repeat:
             raise ValidationError(_("Passwords don't match"))
-        # TODO: Password policy check
         return self.cleaned_data.get('password_repeat')
diff --git a/passbook/core/views/user.py b/passbook/core/views/user.py
index ec69c795a..894934a6a 100644
--- a/passbook/core/views/user.py
+++ b/passbook/core/views/user.py
@@ -46,6 +46,7 @@ class UserChangePasswordView(FormView):
 
     def form_valid(self, form: PasswordChangeForm):
         try:
+            # user.set_password checks against Policies so we don't need to manually do it here
             self.request.user.set_password(form.cleaned_data.get('password'))
             self.request.user.save()
             update_session_auth_hash(self.request, self.request.user)