search

tapis-project / authenticator

BSD 3-Clause "New" or "Revised" License
1 stars 3 forks source link

enhance: GH-82 do not autofill old mfa tokens #87

Closed wesleyboar closed 2 months ago

wesleyboar commented 2 months ago

Overview

Do not let browser autocomplete "Token" field with old value.

[!NOTE] The solution I used is a dynamic field name. To use autocomplete="off" would cancel #85's autocomplete="one-time-pass" solution.

Related

Testing & UI

Prerequisites - Have [MFA](https://docs.tacc.utexas.edu/basics/mfa/) enabled for a Tapis tenant.
  1. Open http://localhost:5000/v3/oauth2/tenant.
  2. Select any tenant for which MFA is enabled.
  3. Log in.
  4. Submit valid MFA token.
  5. ✅ Verify MFA succeeds.
  6. Log out (via http://localhost:5000/v3/oauth2/logout).
  7. Repeat steps 1 through 3.
  8. Focus on MFA Token field.
  9. ✅✅ Verify previously filled value is not shown.
  10. Enter incorrect value.
  11. Submit.
  12. Page/Form reloads with error.
  13. Submit valid MFA token.
  14. ✅ Verify MFA succeeds.
GH-82