search

apache / cloudstack

Apache CloudStack is an opensource Infrastructure as a Service (IaaS) cloud computing platform
https://cloudstack.apache.org/
Apache License 2.0
1.99k stars 1.09k forks source link

2FA code entry form already submitted while password manager (1password) not done filling the code yet #9510

Open hrak opened 1 month ago

hrak commented 1 month ago
ISSUE TYPE
COMPONENT NAME
UI
CLOUDSTACK VERSION
4.18
CONFIGURATION

N/A

OS / ENVIRONMENT

Mac OS X Sonoma, 1password 8 for Mac

SUMMARY

When using 1password as password manager, and using the TOTP feature in 1password to have it fill in the 2FA code, the 2FA code entry form gets submitted prematurely (before 1password is done filling the form) causing a failed login.

STEPS TO REPRODUCE
EXPECTED RESULTS

Successful login

ACTUAL RESULTS

Failed login due to form already being submitted before 2fa code is fully filled in by 1password

hrak commented 1 month ago

Looked into this a bit, and currently the form element for the 2FA code is defined as this, which does not seem to be the right approach for a 2FA code form input element

<input placeholder="xxxxxx" type="password" id="code" class="ant-input">

A better approach would be something like this (derived from this blog post):

<input
  type="text"
  name="token"
  id="token"
  inputmode="numeric"
  pattern="[0-9]*"
  autocomplete="one-time-code"
/>
rohityadavcloud commented 1 month ago

@hrak sounds like the credential filling is something the app does? Feel free to experiment if cloudstack UI can be changed with your suggested changes, and raise a PR !