Rename profile password fields so password managers understand
What does this MR do and why?
Fixes an issue where Chrome (and probably other browsers) and password managers may be confused about which field is the current password field on /-/profile/password/edit
and /-/profile/password/new
pages/forms.
This is related to a discussion on setting autocomplete
HTML value to new-password
and current-password
, which Firefox respects - #27125 (closed). This MR addresses both Chrome and Firefox.
Screenshots or screen recordings
Before
Notice the current password was autofilled by the browser in 'New password'.
After
How to set up and validate locally
- Sign in as a user
- Visit Profile -> Password
- Enter current password, new password and confirmation. Submit to change password.
- Observe password change is successful.
Observe that your password manager and/or Chrome now correctly see the 'Current password' field as one to fill, while the 'New password' and 'Password confirmation' are seen by password manager as one to generate a new password for.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.