HTML password fields #926
HTML password fields #926
Conversation
| @@ -24,7 +24,7 @@ | |||
| <td class="key"><%= pwd_label %></td> | |||
| <td> | |||
| <%= password_field_tag("#{pfx}_password", | |||
| @edit[:new]["#{pfx}_password".to_sym], | |||
| '', | |||
There was a problem hiding this comment.
This makes it appear like no password was ever entered which can be confusing. On other applications I used to put a literal 8 stars ********, then on submission if it was an update it meant keep the existing password, and if it's a new entry, reject 8 stars as a possibility for a password.
There was a problem hiding this comment.
This is such a common thing with password fields that I'm surprised a solution doesn't already exist. It almost feels like the HTML tag itself should have a "populated" parameter or something, so you can leave the value blank, but it will display 8 stars or maybe a faded background string like "password saved" or something.
Perhaps you can use the placeholder attribute with 8 stars? or 8 dots: placeholder="●●●●●●●●"
There was a problem hiding this comment.
@Fryguy: Maybe I could play with the placeholder: make it "password saved" when, there already is a password and "password empty" when there's empty password or none was entered. What do you think?
In the future I'd address this with a new control such as a field with or w/o stars and button "Set password" that would open a modal overlay with the password entry fields and a button or something similar. But I'd do that as part of the Angular project.
Here I just aim to have that stuff working (not necessary pretty) and have id merged ASAP.
|
@h-kataria : can you review this, please? |
|
@martinpovolny verified fix, it makes me think as if there is no value entered in password fields even tho there is a value but not being displayed. @Fryguy you can merge if you are good with these changes. |
|
@h-kataria : yes, it's far from perfect, we shall work on this, but I'd merge this and carry on from there |
|
I'm ok with merging if the rest is done in a follow up PR. I just don't want us to forget because the user experience is not good...feels weird. Is it hard to add something like Or make an application_helper method like |
martinpovolny
force-pushed
the
login_password
branch
from
ceed337
to
5420876
Compare
|
@Fryguy : added the placeholders as you wanted. Thx! |
|
@martinpovolny when there is no value saved in password field it shows blurred out ●●●●●●●● in the text field, i guess you will be fixing that in a separate PR but other than that it looks good. |
|
@h-kataria : I understood that that was what @Fryguy suggested -- displaying the image. But really we should discuss that as a separate problem and address in a new PR. |
|
Yeah, placeholder will show as grey, but that's better than showing nothing at all. I guess you could use CSS styling to make it black if necessary, but that can be a follow up PR too. @martinpovolny did you test all form submission cases?
If all those cases work, then I think this is good to merge. |
|
@Fryguy : the forms are not submitted normally. The viewstate in the session is updated upon DOM event. The "submit" logic does not have to do anything about the field being empty because normal form submission is not the source of the password values. Therefor the patch is so simple and the logic remained unchanged. For that reason I did not test all the cases you enumerate in all forms. I made sure the password do change in the view state when changed in the browser and I tested some saving loading etc. I went through all the forms but did not do a checklist as you enumerated it. |
|
Oh interesting. I think I'm just concerned really about the last use case mentioned. Because the value is blank, I was concerned it would set the password to blank. Based on what you described I could see another issue with the following workflow:
If the view state is changing as they type, will this cause a blank to be set to the password field? Will that cause a validation error, and be weird in the UI? |
|
The password would be blank in that case and based on the logic of the particular task either a validation error would occur (and a flash) or successful saving of the blank password would occur. |
|
So, is that a problem preventing merge, or you're ok with that? Is that how the functionality works now, and thus nothing changed? |
|
@Fryguy : from my point of view the current status is not ideal, but works for me. That applies also for the status w/o the last patch. So if you agree I would merge. We can improve the user experience in a follow up patch. |
|
I reread the code and am confused. Is the placeholder dots there when a password has not been entered yet? That's not what I was expecting. I was expecting the placeholder to only be there is we actually had a password saved. It is an indicator to the user that they entered a password before. |
|
@Fryguy yes, it shows dots in the field even when password has not been entered. |
|
Oh, that's just as bad in the opposite way. Sorry, maybe I wasn't clear but I expected the placeholder to only have dots when we have a saved password. It is a visual indicator to the user that some value is present. |
|
@Fryguy it looked odd to me which is why i had mentioned that in my comment above but my understanding was that @martinpovolny is going to fix that in a separate PR. |
|
@h-kataria I misunderstood your comment. If it's in a follow up PR, I guess that's ok, I just don't want it to be forgotten. It's still not a good UX. |
|
The fact that there's no password is also an information about the password. So it might actually not be a bad thing that the dots are there even for an empty password if we want to prevent "sharing" password information even among people who have admin access. But as I said, I think that this needs more discussion we shall get back to what functionality in each of the cases so I'd leave that for future work and another PR. |
|
You can't have an empty password as a legit value IIRC. It would only
|
martinpovolny
force-pushed
the
login_password
branch
from
5420876
to
6105cd6
Compare
|
@h-kataria : based on @Fryguy input and our short discussion. What about doing it like this? |
| "data-miq_observe"=>{:interval=>'.5', :url=>url}.to_json) %> | ||
| <%= password_field_tag("authentication_amazon_secret", '', | ||
| :maxlength => 50, | ||
| :placeholder => "●●●●●●●●", |
|
@martinpovolny I like this. I found 2 more locations that aren't using the new method, but after that I think this is good to go if @h-kataria is good with it. |
|
Checked commits martinpovolny@fd3beeb .. martinpovolny@67e4c94 with rubocop 0.21.0 |
|
@Fryguy : fixed |
|
Looks good to me. Thanks for fixing this one @martinpovolny . EDIT: wow, autocorrect fail. |
|
@martinpovolny i found an issue while testing changes in this PR, it was not introduced by changes in this PR but i feel it should be fixed, either in this PR or we can open a separate issue for that. |
|
@h-kataria : I can fix it tomorrow. On the question of doing this in a separate PR: I don't have a strong opinion and slightly incline to doing a separate PR for that. @dclarizio : Can you decide that, please? p.s. Thx for the review! |
|
Sure, separate PR is best. |
|
Yes, separate PR is fine. I thought there was a method we could call on the model like |
Fix topology view styling issues (cherry picked from commit 021a839) https://bugzilla.redhat.com/show_bug.cgi?id=1440400 https://bugzilla.redhat.com/show_bug.cgi?id=1440399
Do not pass values to HTML form input type password fields.