#13316 closed (fixed)
AuthenticationForm shouldn't prefill user's password on failure
Reported by: | Wil Clouser | Owned by: | Russell Keith-Magee |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
contrib.auth.forms.AuthenticationForm should be passing render_value=False to the PasswordInput widget to prevent incorrect passwords from being passed back to the page. I'm attaching a patch.
Attachments (2)
Change History (11)
by , 15 years ago
Attachment: | authform.diff added |
---|
comment:1 by , 15 years ago
Needs tests: | set |
---|---|
Owner: | changed from | to
Status: | new → assigned |
comment:2 by , 15 years ago
milestone: | → 1.3 |
---|---|
Triage Stage: | Unreviewed → Accepted |
comment:3 by , 15 years ago
Needs tests: | unset |
---|
comment:4 by , 15 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
comment:5 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
comment:6 by , 15 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
comment:7 by , 14 years ago
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
(In [13498]) Fixed #13316 -- Modified the default behavior of PasswordInput to prevent reflecting passwords on form failure. Thanks to clouserw for the report.
Although this changes nothing at a functional level, this is BACKWARDS INCOMPATIBLE from a UX perspective for anyone that wants passwords to be reflected to the user on form failure. See the 1.3 release notes for details.
pass render_value=False to PasswordInput