use HTML5 autocomplete values to better handle password managers

This commit is contained in:
Jens Langhammer 2019-03-02 23:19:58 +01:00
parent 35eef9c28d
commit 54427f7c68
3 changed files with 9 additions and 6 deletions

View file

@ -81,8 +81,6 @@ class SignUpForm(forms.Form):
password_repeat = self.cleaned_data.get('password_repeat') password_repeat = self.cleaned_data.get('password_repeat')
if password != password_repeat: if password != password_repeat:
raise ValidationError(_("Passwords don't match")) raise ValidationError(_("Passwords don't match"))
# TODO: Password policy? Via Plugin? via Policy?
# return check_password(self)
return self.cleaned_data.get('password_repeat') return self.cleaned_data.get('password_repeat')
@ -91,5 +89,6 @@ class PasswordFactorForm(forms.Form):
password = forms.CharField(widget=forms.PasswordInput(attrs={ password = forms.CharField(widget=forms.PasswordInput(attrs={
'placeholder': _('Password'), 'placeholder': _('Password'),
'autofocus': 'autofocus' 'autofocus': 'autofocus',
'autocomplete': 'current-password'
})) }))

View file

@ -22,10 +22,14 @@ class PasswordChangeForm(forms.Form):
"""Form to update password""" """Form to update password"""
password = forms.CharField(label=_('Password'), password = forms.CharField(label=_('Password'),
widget=forms.PasswordInput(attrs={'placeholder': _('New Password')})) widget=forms.PasswordInput(attrs={
'placeholder': _('New Password'),
'autocomplete': 'new-password'
}))
password_repeat = forms.CharField(label=_('Repeat Password'), password_repeat = forms.CharField(label=_('Repeat Password'),
widget=forms.PasswordInput(attrs={ widget=forms.PasswordInput(attrs={
'placeholder': _('Repeat Password') 'placeholder': _('Repeat Password'),
'autocomplete': 'new-password'
})) }))
def clean_password_repeat(self): def clean_password_repeat(self):
@ -34,5 +38,4 @@ class PasswordChangeForm(forms.Form):
password_repeat = self.cleaned_data.get('password_repeat') password_repeat = self.cleaned_data.get('password_repeat')
if password != password_repeat: if password != password_repeat:
raise ValidationError(_("Passwords don't match")) raise ValidationError(_("Passwords don't match"))
# TODO: Password policy check
return self.cleaned_data.get('password_repeat') return self.cleaned_data.get('password_repeat')

View file

@ -46,6 +46,7 @@ class UserChangePasswordView(FormView):
def form_valid(self, form: PasswordChangeForm): def form_valid(self, form: PasswordChangeForm):
try: try:
# user.set_password checks against Policies so we don't need to manually do it here
self.request.user.set_password(form.cleaned_data.get('password')) self.request.user.set_password(form.cleaned_data.get('password'))
self.request.user.save() self.request.user.save()
update_session_auth_hash(self.request, self.request.user) update_session_auth_hash(self.request, self.request.user)