#13316 closed (fixed)
AuthenticationForm shouldn't prefill user's password on failure
| Reported by: | Wil Clouser | Owned by: | Russell Keith-Magee |
|---|---|---|---|
| Component: | contrib.auth | Version: | dev |
| Severity: | Keywords: | ||
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
contrib.auth.forms.AuthenticationForm should be passing render_value=False to the PasswordInput widget to prevent incorrect passwords from being passed back to the page. I'm attaching a patch.
Attachments (2)
Change History (11)
by , 15 years ago
| Attachment: | authform.diff added |
|---|
comment:1 by , 15 years ago
| Needs tests: | set |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
comment:2 by , 15 years ago
| milestone: | → 1.3 |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
comment:3 by , 15 years ago
| Needs tests: | unset |
|---|
comment:4 by , 15 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
comment:5 by , 15 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:6 by , 15 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
comment:7 by , 14 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
(In [13498]) Fixed #13316 -- Modified the default behavior of PasswordInput to prevent reflecting passwords on form failure. Thanks to clouserw for the report.
Although this changes nothing at a functional level, this is BACKWARDS INCOMPATIBLE from a UX perspective for anyone that wants passwords to be reflected to the user on form failure. See the 1.3 release notes for details.
Note:
See TracTickets
for help on using tickets.
pass render_value=False to PasswordInput