Skip to content
Permalink
Browse files

issue: Authentication Autocomplete

This addresses an annoying issue where Chrome autofills the Username and
Password for Email Authentication even though we have the
`autocomplete="off"` attribute set. This changes the attribute from
`autocomplete="off"` to `autocomplete="new-password"` so that Chrome will
not attempt to autofill the credentials. More information on this can be
found [here](https://bugs.chromium.org/p/chromium/issues/detail?id=468153).
  • Loading branch information...
JediKev committed Oct 24, 2019
1 parent edb8ac6 commit d2cb614a63883661b27c3341d4921c7762135b83
Showing with 21 additions and 25 deletions.
  1. +19 −23 include/class.email.php
  2. +2 −2 include/staff/email.inc.php
@@ -289,30 +289,13 @@ function update($vars, &$errors=false) {
if($topic && !$topic->isActive())
$errors['topic_id'] = '';
if($vars['mail_active'] || ($vars['smtp_active'] && $vars['smtp_auth']
&& !$vars['smtp_auth_creds'])) {
if(!$vars['userid'])
$errors['userid']=__('Username missing');
if(!$id && !$vars['passwd'])
$errors['passwd']=__('Password required');
elseif($vars['passwd']
&& $vars['userid']
&& !Crypto::encrypt($vars['passwd'], SECRET_SALT, $vars['userid'])
)
$errors['passwd'] = sprintf('%s - %s', __('Unable to encrypt password'), __('Get technical help!'));
}
if ($vars['smtp_active'] && $vars['smtp_auth'] && $vars['smtp_auth_creds']) {
if (!$vars['smtp_userid'])
$errors['smtp_userid'] = __('Username missing');
// Validate Credentials
if ($vars['mail_active'] || ($vars['smtp_active'] && $vars['smtp_auth']
&& !$vars['smtp_auth_creds']))
$errors = self::validateCredentials($vars['userid'], $vars['passwd'], $id, $errors, false);
if (!$vars['smtp_passwd'])
$errors['smtp_passwd'] = __('Password Required');
elseif ($vars['smtp_passwd'] && $vars['smtp_userid']
&& !Crypto::encrypt($vars['smtp_passwd'], SECRET_SALT, $vars['smtp_userid']))
$errors['smtp_passwd'] = sprintf('%s - %s', __('Unable to encrypt password'), __('Get technical help!'));
}
if ($vars['smtp_active'] && $vars['smtp_auth'] && $vars['smtp_auth_creds'])
$errors = self::validateCredentials($vars['smtp_userid'], $vars['smtp_passwd'], null, $errors, true);
list($vars['mail_protocol'], $encryption) = explode('/', $vars['mail_proto']);
$vars['mail_encryption'] = $encryption ?: 'NONE';
@@ -484,6 +467,19 @@ function update($vars, &$errors=false) {
return false;
}
static function validateCredentials($username=null, $password=null, $id=null, &$errors, $smtp=false) {
if (!$username)
$errors[$smtp ? 'smtp_userid' : 'userid'] = __('Username missing');
if (!$id && !$password)
$errors[$smtp ? 'smtp_passwd' : 'passwd'] = __('Password Required');
elseif ($password && $username
&& !Crypto::encrypt($password, SECRET_SALT, $username))
$errors[$smtp ? 'smtp_passwd' : 'passwd'] = sprintf('%s - %s', __('Unable to encrypt password'), __('Get technical help!'));
return $errors;
}
static function getPermissions() {
return self::$perms;
}
@@ -197,7 +197,7 @@
</td>
<td>
<input type="password" size="35" name="passwd" value="<?php echo $info['passwd']; ?>"
autocomplete="off">
autocomplete="new-password">
&nbsp;<span class="error">&nbsp;<?php echo $errors['passwd']; ?>&nbsp;</span>
<br><em><?php echo $passwdtxt; ?></em>
</td>
@@ -351,7 +351,7 @@
<tr style="display:none;" class="smtp"><td><?php echo __('Password'); ?></td>
<td>
<input type="password" size="35" name="smtp_passwd" value="<?php echo $info['smtp_passwd']; ?>"
autocomplete="off">
autocomplete="new-password">
&nbsp;<span class="error">&nbsp;<?php echo $errors['smtp_passwd']; ?>&nbsp;</span>
<br><em><?php if ($info['smtp_userpass']) echo $passwdtxt; ?></em>
</td>

0 comments on commit d2cb614

Please sign in to comment.
You can’t perform that action at this time.