Password is shown in clear text

[vahtras]

If a first login fails, you are prompted for values a second time. In that case, the previously entered password is shown in clear text as well as when typing a new one. Probably not what you want.

[dbosk]

Yes and no. This is actually by design, but could probably be improved.

The thing is, we don't know what the fields are called (as this can be run on any university in Sweden). We guess they're called username and password. However, if the request fails, we don't know if it's due to a wrong password or that we guessed the names of the fields wrongly. So the user must figure that out based on the available names.

At the time I implemented this, I thought that the user should see the password, in case they typed it wrongly. So that they don't try to experiment with the other fields for nothing, if it was just the password that was typed wrongly. That's why I added the warning that the password will be shown on screen in the event of an unsuccessful login.

But, I suppose this could be improved.

Maybe it would be an improvement to not print what was typed in as the password. And to also guess field names that might be a password so that we don't see what is typed there. Or ask the user if they intend to write their password in any of the fields and in that case hide it.

I'll have to think about it. You can see the details of the current approach in Section 15.5 of the documented source code:

https://github.com/dbosk/ladok3/releases/download/v4.9/ladok3.pdf