Moodle 3.9.3 - Password autocomplete off discrepancy

This forum post has been removed

Number of replies: 6
The content of this forum post has been removed and can no longer be accessed.
In reply to Deleted user

Re: Moodle 3.9.3 - Password autocomplete off discrepancy

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers
You should create a tracker issue for this at tracker.moodle.org.
Average of ratings: -
In reply to Deleted user

Re: Moodle 3.9.3 - Password autocomplete off discrepancy

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

The password field in lib/templates/loginform.mustache and blocks/login/block_login.php is for the Moodle user's password when logging into the site.

The MoodleQuickForm_password in lib/form/password.php has been never used for the Moodle user's password as far as I can see. In fact MoodleQuickForm_password does not appear to be used by core Moodle at all. Presumably it could be used by additional plugins, e.g. for the password for some external service set by the site admin. I think the QuickForm code is retained for backward compatibility.

So the different autocomplete settings makes sense given that the two types of field – loginform.mustache/block_login.php and password.php – have two different use cases: Moodle user passwords and external system/service passwords.

Unless you're seeing the MoodleQuickForm_password field prompting for the user's password somewhere?

Average of ratings: -
In reply to Leon Stringer

This forum post has been removed

The content of this forum post has been removed and can no longer be accessed.
In reply to Deleted user

Re: Moodle 3.9.3 - Password autocomplete off discrepancy

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

I don't understand what you're asking. The template lib/templates/loginform.mustache has:

146                             <input type="password" name="password" id="password" value=""
147                                 class="form-control"
148                                 placeholder={{#quote}}{{#str}}password{{/str}}{{/quote}}
149                                 autocomplete="current-password">

The HTML source is:

                            <input type="password" name="password" id="password" value=""
                                class="form-control"
                                placeholder="Password"
                                autocomplete="current-password">

when I inspect the element it's:

<input type="password" name="password" id="password" value="" class="form-control" placeholder="Password" autocomplete="current-password">

which all matches.

What is it that's unexpected in what you're seeing?

Average of ratings: -
In reply to Leon Stringer

This forum post has been removed

The content of this forum post has been removed and can no longer be accessed.
In reply to Deleted user

Re: Moodle 3.9.3 - Password autocomplete off discrepancy

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

I've tested with Firefox 76.0 and Chrome 86.0.4240.111 and I see autocomplete="current-password" in both which is what I'd expect given the Moodle source code. And it's also what you're seeing with Curl. Could your browsers be going through some proxy which is modifying the source? The proxy would have to be intercepting the secure connection somehow. Or maybe there's a browser add-on modifying this?

"Is this HTML actually coming from two different files in Moodle then?" – lib/templates/loginform.mustache is for the login page, blocks/login/block_login.php is for the optional Login block. Does that answer this question?


Average of ratings: -