save password alert in user administration dialog
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | Goobi.Production |
Medium
|
Unassigned | ||
| | 1.8 |
Medium
|
Unassigned | ||
Bug Description
When, in the “User” page, you click “edit user” and then on the “User groups” link, Firefox alerts and asks if you want to save the password. This is confusing and annoying. When adding a user group, nothing at all happens until you click “close”. In this moment, the dialog to save the password pops up again.
It would be very desirable not to submit the HTML form except when clicking the button “Save”. When clicking an “add” image button in the pop up window, there should be any visible response.
Furthermore, because of the browser considering the user change dialog as a login form, this adds a users credentials to the browser password safe.
Related branches
- Henning Gerhardt: Disapprove on 2012-10-22
- Matthias Ronge: Pending requested 2012-10-20
-
Diff: 55 lines (+14/-3)3 files modifiedconfig/messages_de.properties (+1/-0)
config/messages_en.properties (+1/-0)
newpages/BenutzerBearbeiten.jsp (+12/-3)
| Matthias Ronge (matthias-ronge) wrote : | #1 |
| Changed in goobi-production: | |
| status: | New → Triaged |
| importance: | Undecided → High |
Some findings:
1. Seems like all browsers (except Opera) skip saving the password if the 'autocomplete=
2. All browsers skip password saving if there is more then one password field.
| description: | updated |
As described in https:/
| summary: |
- save password alert in firefox + save password alert in user administration dialog |
Modern browsers will offer a password saving dialog on every submit event if the submitted form contains an input field of type password. There is no way to disable this behavior with plain HTML forms. Maybe a separate password changing dialog is a solution.