search

ltb-project / service-desk

Application for support team who need to check and reset user passwords
https://service-desk.readthedocs.io/
GNU General Public License v3.0
49 stars 19 forks source link

Avoid browsers prompting for storing new password #74

Open cmaudoux opened 1 year ago

cmaudoux commented 1 year ago

Admin reset user's password.

Browser proposes to store new password.

Maybe use text input type text instead of input type password and obfuscate by using JS.

coudot commented 1 year ago

I am not very enthusiast of using a text input field.

The best practice is to use the autocomplete property with "new-password" value, see https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion

coudot commented 1 year ago

The latest workaround does not seem to work either. Postponing this issue as the browser behavior is quite hard to trick.

coudot commented 1 week ago

@cmaudoux I found this solution: https://github.com/ltb-project/service-desk/pull/83/commits/cc34eac134f64ca808a442b56f470023da3a63fb

Works for me on Chrome and Firefox

Need to work more on the code to add a configuration option to switch from a standard password field to a text field with hidden characters.