Page MenuHomePhabricator
Create Task
Maniphest T263927

MediaWiki user and password fields should have the proper autocomplete value
Closed, ResolvedPublic
Actions

Description

Username fields should have autocomplete="username". Password fields should have autocomplete="current-password". Password and retype fields where the user is supposed to enter a new password should have autocomplete="new-password". Spec, Chromium guidelines. This will make using browsers' built in password managers a better experience.

See also T263800: Implement .well-known/change-password redirect on Wikimedia sites.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Add autocomplete HTML attribute to common auth form fieldsmediawiki/coreREL1_35+106 -43
Add autocomplete HTML attribute to common auth form fieldsmediawiki/coremaster+106 -43
Add hidden username to password change formsmediawiki/coremaster+29 -5
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tgr created this task.Sep 27 2020, 1:51 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 27 2020, 1:51 AM
Tgr updated the task description. (Show Details)Sep 27 2020, 1:53 AM
Tgr mentioned this in T263800: Implement .well-known/change-password redirect on Wikimedia sites.

https://stackoverflow.com/a/64055089/323407 has an outline of how to do this.

Tgr added a project: good first task.Sep 27 2020, 1:55 AM
DannyS712 subscribed.Sep 27 2020, 2:04 AM
gerritbot added a comment.Sep 27 2020, 5:00 AM

Change 630357 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[mediawiki/core@master] Add autocomplete HTML attribute to common auth form fields

https://gerrit.wikimedia.org/r/630357

gerritbot added a project: Patch-For-Review.Sep 27 2020, 5:00 AM
Tgr added a comment.Sep 27 2020, 5:32 AM

Current behavior in Chrome 85:

  • login form: username + password autofilled, password selection form is offered (ie. works as the user would expect)
  • new password forms (change password special page, forced password change on login): same behavior as login form. There is no autocomplete for the retype field at all.

With the patch:

  • login form: no change
  • new password forms: the username offers the user's stored email addresses; password field offers password selection form with an extra "suggest password" option, password is copied to retype field when selected.

With the patch, but with no "username" hint on the username field in account creation:
the username only offers form history values; password field offers password selection form with an extra "suggest password" option; password is not copied to retype field when selected.

Tgr added a subtask: T150983: Support arbitrary autocomplete values in OOUI\TextInputWidget.Sep 27 2020, 5:35 AM
gerritbot added a comment.Sep 27 2020, 7:14 AM

Change 630359 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[mediawiki/core@master] Add hidden username to password change forms

https://gerrit.wikimedia.org/r/630359

Peachey88 subscribed.Sep 27 2020, 7:45 AM
Tgr closed subtask T150983: Support arbitrary autocomplete values in OOUI\TextInputWidget as Resolved.Nov 12 2020, 7:39 PM
Tgr added a project: Platform Engineering.Nov 12 2020, 7:52 PM

Tagging Platform Engineering for review, as they are the maintainers for MediaWiki-Core-AuthManager.

AMooney edited projects, added Platform Team Workboards (External Code Reviews); removed Platform Engineering.Nov 17 2020, 2:13 PM
Clarakosi moved this task from External Code Review Needed to External Code Review Completed on the Platform Team Workboards (External Code Reviews) board.Nov 17 2020, 10:05 PM
gerritbot added a comment.Nov 17 2020, 10:27 PM

Change 630357 merged by jenkins-bot:
[mediawiki/core@master] Add autocomplete HTML attribute to common auth form fields

https://gerrit.wikimedia.org/r/630357

gerritbot added a comment.Nov 17 2020, 10:34 PM

Change 630359 merged by jenkins-bot:
[mediawiki/core@master] Add hidden username to password change forms

https://gerrit.wikimedia.org/r/630359

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.20; 2020-12-01).Nov 17 2020, 11:00 PM
Maintenance_bot removed a project: Patch-For-Review.Nov 17 2020, 11:10 PM
BPirkle subscribed.Jan 8 2021, 7:15 PM

Is this task complete?

Tgr added a comment.Jan 9 2021, 12:25 AM

I'd like to test the behavior more and maybe file some bug reports / support questions with browser if I ever get around to it. The code change is complete but at a glance it did not seem to have all the effects I hoped. (For example, if you log in with a weak password and get the password change dialog, Chrome won't offer generating a new password, even though as far as I can see the form follows all their recommendations.)

Sam1905571 subscribed.Jan 23 2021, 2:13 AM

Hello,
I'm a first time contributor here. I would like to work on this issue. Can someone please guide me?

Thanks,
Sam

Tgr removed a project: good first task.Jan 23 2021, 2:31 AM

@Sam1905571 I think the easy part is already done (apologies, I forgot to update the tags). That said if you are interested in proceeding with the task, the next step would be testing the various password forms (login, login with a weak password, signup, password change) in Chrome and checking how much they work as it's expected - does Chrome offer to generate a random password for new password fields? Does it retrieve a saved password for the old password fields? Does it properly save passwords?

Sam1905571 added a comment.Jan 23 2021, 2:36 AM

@Tgr Thank you for responding. I will start testing the feature on Chrome and get back with observations.

Sam1905571 claimed this task.Jan 23 2021, 11:08 AM
Sam1905571 removed Sam1905571 as the assignee of this task.Jan 23 2021, 11:13 AM
gerritbot added a comment.Aug 8 2022, 12:44 PM

Change 820877 had a related patch set uploaded (by Reedy; author: Gergő Tisza):

[mediawiki/core@REL1_35] Add autocomplete HTML attribute to common auth form fields

https://gerrit.wikimedia.org/r/820877

gerritbot added a project: Patch-For-Review.Aug 8 2022, 12:44 PM
gerritbot added a comment.Aug 14 2022, 2:11 PM

Change 820877 merged by jenkins-bot:

[mediawiki/core@REL1_35] Add autocomplete HTML attribute to common auth form fields

https://gerrit.wikimedia.org/r/820877

ReleaseTaggerBot added a project: MW-1.35-notes.Aug 14 2022, 3:00 PM
Aklapper closed this task as Resolved.Apr 24 2023, 6:52 PM
Aklapper assigned this task to Tgr.
Aklapper removed a project: Patch-For-Review.

Assuming this is resolved. If not, please reopen.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits