search

desec-io / desec-stack

Backbone of the deSEC Free Secure DNS Hosting Service
https://desec.io/
MIT License
399 stars 48 forks source link

Add OTP Attribute to OTP Field #959

Open slalabs opened 2 months ago

slalabs commented 2 months ago

The login form is missing an OTP attribute. This would be a nice enhancement for users with password-mangers. It should look like this:

<input type="text" autocomplete="one-time-code">

peterthomassen commented 2 months ago

Which mobile OS and browser did you experience this with?

I've tried looking into this, and have found that the autocomplete attribute is already present. OTOH, I did not get KeePassDX (Android) to fill in the OTP (although things worked for username/password).

I looked into how things work internally in Vuetify, and could not immediately find a reason why things would be broken. However, I don't think the time to dig into this further would be well spent, as we still have our Vuetify 2->3 migration on the agenda. It's possible that this upgrade would already solve the issue. I'm just putting this on the side for now, and we can see later if anything needs to be done.

nils-wisiol commented 2 months ago

For me, Android does not offer an password manager auto fill option on the OTP page. I have Keepass2Android installed and correctly configured for desec.io.

However, Keepass2Android puts the OTP in my clipboard when I auto fill the username/password form.

slalabs commented 2 months ago

I use Firefox and KeePassXC with the official browser extension

Also iOS could not auto-fill anything (Strongbox)