[toolkit] Empty PIN/password/passphrase field appears to contain 4 characters

Bug #1357548 reported by kevin gunn on 2014-08-15
70
This bug affects 10 people
Affects Status Importance Assigned to Milestone
Canonical System Image
High
Unassigned
Ubuntu UX
High
Matthew Paul Thomas
ubuntu-system-settings (Ubuntu)
Undecided
Jonas G. Drange
ubuntu-system-settings (Ubuntu RTM)
High
Jonas G. Drange
ubuntu-ui-toolkit (Ubuntu)
Wishlist
Unassigned

Bug Description

minor interrelated issues & probably needs design input
1) visual inconsistency of the pin text box prompt shows 4 "bullets" implying needing 4 characters, but the passphrase is text box is empty
2) selecting the pin text box prompt, the "bullets" remain, and don't respond to delete, they don't disappear once typing begins (i would think dissappear on text box selection)
3) having a "show password" would be nice

------------
Desired resolution: Passcode/password fields should never contain bullets when you haven't entered anything in them.

Related branches

lp:~jonas-drange/ubuntu-system-settings/security-pass-input-fix-1357548
Merged into lp:ubuntu-system-settings at revision 1253
Ken VanDine: Approve on 2015-01-12
Matthew Paul Thomas: Needs Information on 2015-01-12
PS Jenkins bot: Needs Fixing (continuous-integration) on 2015-01-12
kevin gunn (kgunn72) on 2014-08-15
Changed in unity8:
importance: Undecided → Medium
description: updated
Michał Sawicz (saviq) wrote :

It's the hint that you can see, bug in SDK that they don't disappear.

This is not only a problem in the first-run setup, but in every password field, for example the "Switch to Passcode"/"Switch to Passphrase" dialog.

summary: - [WelcomeWiz] text box bullets in pin/passphrase prompt
+ Empty PIN/password/passphrase field appears to contain 4 characters
Changed in ubuntu-ui-toolkit:
status: New → Confirmed
Changed in ubuntu-ux:
assignee: nobody → Matthew Paul Thomas (mpt)
Michał Sawicz (saviq) on 2014-09-03
Changed in unity8 (Ubuntu):
importance: Undecided → Medium
Matthew Paul Thomas (mpt) wrote :

Fields should never contain bullets as hints. Hints are a bad idea in general, but bullets as hints aren't even telling you anything. Please just remove them.

Changed in ubuntu-ux:
status: New → Fix Committed
description: updated
Michał Sawicz (saviq) on 2014-09-09
no longer affects: unity8
Sebastien Bacher (seb128) wrote :

that's a duplicate of bug #1352953, not sure if it should be marked this way though since that one has design recommendations

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubuntu-ui-toolkit (Ubuntu):
status: New → Confirmed
Changed in unity8 (Ubuntu):
status: New → Confirmed
Changed in ubuntu-ux:
importance: Undecided → High
summary: - Empty PIN/password/passphrase field appears to contain 4 characters
+ [settings] Empty PIN/password/passphrase field appears to contain 4
+ characters
Zoltan Balogh (bzoltan) on 2014-11-17
no longer affects: ubuntu-ui-toolkit (Ubuntu)
Zoltan Balogh (bzoltan) on 2014-11-24
Changed in ubuntu-ui-toolkit (Ubuntu):
status: New → Confirmed
Zoltan Balogh (bzoltan) on 2014-11-24
no longer affects: ubuntu-ui-toolkit
Michał Sawicz (saviq) on 2015-01-05
no longer affects: unity8 (Ubuntu)
Pat McGowan (pat-mcgowan) wrote :

This is a bug in the dialog's use of textfield. We currently set an inputMask of "9999" which causes the pre-population of asterisks. The correct thing to do is set maximumLength to 4 and not set an inputMask. The experience is that the field stops taking input after the 4th digit, and properly displays the digits one at a time as they are input to a blank field.

Changed in ubuntu-system-settings (Ubuntu RTM):
assignee: nobody → Jonas G. Drange (jonas-drange)
importance: Undecided → High
status: New → Confirmed
Changed in canonical-devices-system-image:
importance: Undecided → High
milestone: none → ww03-2015
status: New → Confirmed
Changed in ubuntu-ui-toolkit (Ubuntu):
status: Confirmed → Invalid
Iain Lane (laney) wrote :

The point of the input mask is to make the field only accept digits.

Ken VanDine (ken-vandine) wrote :

I agree with laney, the inputMask is needed. I think this is probably an SDK issue.

Pat McGowan (pat-mcgowan) wrote :

There is no way to enter other than digits already, the field has inputMethodHints set to Qt.ImhDigitsOnly and the OSK is shown in digits mode,

Ken VanDine (ken-vandine) wrote :

That only works around the issue, and will work properly in the case of the OSK. But on a desktop, or a device with a keyboard attached, it won't work.

Pat McGowan (pat-mcgowan) wrote :

fwiw this seems to work everywhere although may be better solutions

            TextField {
                id: currentInput
                echoMode: TextInput.Password
                inputMethodHints: Qt.ImhNoAutoUppercase |
                                  Qt.ImhSensitiveData |
                                  Qt.ImhDigitsOnly

                maximumLength: 4
                validator: IntValidator{bottom: 0; top: 9999;}
                onTextChanged: {
                        confirmButton.enabled = text.length == 4
                }

            }

Changed in ubuntu-system-settings (Ubuntu):
status: New → In Progress
assignee: nobody → Jonas G. Drange (jonas-drange)
Ken VanDine (ken-vandine) wrote :

A slight improvement, instead of changing confirmButton.enabled with onTextChanged, you can use the acceptableInput property to control enabled for confirmButton.

    enabled: currentInput.acceptableInput

<email address hidden> wrote:

> A slight improvement, instead of changing confirmButton.enabled with
> onTextChanged, you can use the acceptableInput property to control
> enabled for confirmButton.
>
Do we get a chance to restrict passcode input to exactly four digits, then?
The input mask did this for us, while the IntValidator does not.

Jonas G. Drange (jonas-drange) wrote :

Maybe we'll just change bottom to 1000.

acceptableInput doesn't ensure 4 digits which is why I used the length check, and there is no way to specify minimum length.
Using 1000 as a bottom would not allow a 0 in the first digit so do not think that works.

Pat McGowan (pat-mcgowan) wrote :

acceptableInput would work if the validator was extended to include a length check

We can define a custom validator, not sure if there is also a way to combine validators

Pat McGowan (pat-mcgowan) wrote :

Here's the better way

                validator: RegExpValidator { regExp: /\d{4}/ }
                onTextChanged: confirmButton.enabled = acceptableInput

Ken VanDine (ken-vandine) wrote :

I'm reopening the uitk task for this. We've worked around this in system-settings, but I think we should handle this in the toolkit so we get consistent behavior across the platform.

Changed in ubuntu-ui-toolkit (Ubuntu):
status: Invalid → New
Pat McGowan (pat-mcgowan) wrote :

@ken are you suggesting a shared "passcode" component?
Where else are we presenting this? Login, wizard, ...

Iain Lane (laney) wrote :

The correct solution is to not have the bullets displayed for a TextField in TextInput.Password mode using an inputMask. No placeholders are displayed when echoMode is TextInput.Normal.

See: https://code.launchpad.net/~jonas-drange/ubuntu-system-settings/security-pass-input-fix-1357548/+merge/245980/comments/607924

I don't see any analysis of the work required to have a fix in the SDK, instead jumping straight to a workaround in u-s-s. Did this happen somewhere else?

Ken VanDine (ken-vandine) wrote :

@laney the sdk component behaves the same was TextField does in Qt, it's currently as designed (afaict). I think this is more of a design issue, if we don't want to display those for passcodes then we should handle that in the SDK. So we get a consistent experience.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-system-settings - 0.3+15.04.20150112-0ubuntu1

---------------
ubuntu-system-settings (0.3+15.04.20150112-0ubuntu1) vivid; urgency=low

  [ jonas-drange ]
  * [security] replace inputmask for validator and maximum length (LP:
    #1357548)
 -- Ubuntu daily release <email address hidden> Mon, 12 Jan 2015 16:43:30 +0000

Changed in ubuntu-system-settings (Ubuntu):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-system-settings - 0.3+15.04.20150112~rtm-0ubuntu1

---------------
ubuntu-system-settings (0.3+15.04.20150112~rtm-0ubuntu1) 14.09; urgency=low

  [ Ken VanDine ]
  * [security] replace inputmask for validator and maximum length (LP:
    #1357548)
 -- Ubuntu daily release <email address hidden> Mon, 12 Jan 2015 21:51:55 +0000

Changed in ubuntu-system-settings (Ubuntu RTM):
status: Confirmed → Fix Released
Changed in canonical-devices-system-image:
status: Confirmed → Fix Released
Noemí (noemi-gallego) wrote :

This is still a bug in R7 Version. Could you tell me more or less in which version this is going fixed?

Jonas G. Drange (jonas-drange) wrote :

@noemi-gallego this landed in RTM 14-Jan-2015 09:40 [1] so I assume the next RTM image produced after that date.

[1] http://people.canonical.com/~lzemczak/landing-team/ubuntu-rtm/192.commitlog

Matthew Paul Thomas (mpt) wrote :

Verified in Ubuntu 15.04 devel-proposed r78.

Changed in ubuntu-ux:
status: Fix Committed → Fix Released
summary: - [settings] Empty PIN/password/passphrase field appears to contain 4
+ [toolkit] Empty PIN/password/passphrase field appears to contain 4
characters
Zsombor Egri (zsombi) on 2015-02-04
Changed in ubuntu-ui-toolkit (Ubuntu):
status: New → Invalid
Changed in ubuntu-ui-toolkit (Ubuntu):
status: Invalid → New
Zsombor Egri (zsombi) wrote :

To handle this in SDK we would need to have a separate PasswordField component, which can have the design requested functionality in case that is different from the one provided by Qt TextInput.

Changed in ubuntu-ui-toolkit (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
Matthew Paul Thomas (mpt) wrote :

Zsombor, a separate PasswordField component would not fix the bug at all. On the contrary, it would make the situation even worse. There would now be two ways of creating a password field rather than one, for no benefit, making the SDK harder for developers to learn and understand. And TextInput.Password would *still* do the wrong thing every time you use an inputMask.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers