This forum post has been removed
Number of replies: 6Re: Moodle 3.9.3 - Password autocomplete off discrepancy
Re: Moodle 3.9.3 - Password autocomplete off discrepancy
The password field in lib/templates/loginform.mustache and blocks/login/block_login.php is for the Moodle user's password when logging into the site.
The MoodleQuickForm_password in lib/form/password.php has been never used for the Moodle user's password as far as I can see. In fact MoodleQuickForm_password does not appear to be used by core Moodle at all. Presumably it could be used by additional plugins, e.g. for the password for some external service set by the site admin. I think the QuickForm code is retained for backward compatibility.
So the different autocomplete settings makes sense given that the two types of field – loginform.mustache/block_login.php and password.php – have two different use cases: Moodle user passwords and external system/service passwords.
Unless you're seeing the MoodleQuickForm_password field prompting for the user's password somewhere?
This forum post has been removed
Re: Moodle 3.9.3 - Password autocomplete off discrepancy
I don't understand what you're asking. The template lib/templates/loginform.mustache has:
146 <input type="password" name="password" id="password" value=""
147 class="form-control"
148 placeholder={{#quote}}{{#str}}password{{/str}}{{/quote}}
149 autocomplete="current-password">
The HTML source is:
<input type="password" name="password" id="password" value=""
class="form-control"
placeholder="Password"
autocomplete="current-password">
when I inspect the element it's:
<input type="password" name="password" id="password" value="" class="form-control" placeholder="Password" autocomplete="current-password">
which all matches.
What is it that's unexpected in what you're seeing?
This forum post has been removed
Re: Moodle 3.9.3 - Password autocomplete off discrepancy
I've tested with Firefox 76.0 and Chrome 86.0.4240.111 and I see autocomplete="current-password" in both which is what I'd expect given the Moodle source code. And it's also what you're seeing with Curl. Could your browsers be going through some proxy which is modifying the source? The proxy would have to be intercepting the secure connection somehow. Or maybe there's a browser add-on modifying this?
"Is this HTML actually coming from two different files in Moodle then?" – lib/templates/loginform.mustache is for the login page, blocks/login/block_login.php is for the optional Login block. Does that answer this question?