Opened 7 years ago

Closed 5 years ago

Last modified 5 years ago

#29379 closed New feature (fixed)

Add autocomplete attribute to contrib.auth fields

Reported by: CHI Cheng Owned by: Hasan Ramezani
Component: contrib.auth Version: dev
Severity: Normal Keywords:
Cc: Jeff Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by CHI Cheng)

Add autocomplete=username/email/current-password/new-password to contrib.auth builtin forms.

Pull request: https://github.com/django/django/pull/9921

The most useful one is autocomplete=new-password, which prevents browsers prefill with current password, Chrome will also suggest a random strong password for users who turned on account sync.

Related docs:
https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill
https://www.chromium.org/developers/design-documents/form-styles-that-chromium-understands
https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields

Change History (16)

comment:1 by CHI Cheng, 7 years ago

Description: modified (diff)

comment:2 by Carlton Gibson, 6 years ago

Patch needs improvement: set

This seems OK/good in theory. We're a bit ahead of the curve in terms of current browser support so there's a question about when (and whether) this gets adopted.

PR has failures that need addressing.

comment:3 by Carlton Gibson, 6 years ago

Triage Stage: UnreviewedAccepted

comment:4 by Jeff, 6 years ago

Cc: Jeff added

comment:5 by sedrubal, 6 years ago

Hi, what is the status of this pull request? I just wanted to open the same pull request and then I found this ticket...

comment:6 by Claude Paroz, 6 years ago

After months of inactivity, feel free to take over the patch (crediting the original author), and polish it so as it can get in the review queue again.

comment:7 by Hasan Ramezani, 6 years ago

Owner: changed from nobody to Hasan Ramezani
Status: newassigned

PR https://github.com/django/django/pull/11070

Just a little change in https://github.com/django/django/pull/9921 so tests are passed.
Do we need to add tests for it? how?

comment:8 by Johannes Maron, 6 years ago

Needs documentation: set
Patch needs improvement: unset

Since this is marked as a new feature, you might want to add a line or two to the 3.0 release notes. I don't think you need to add anything to the documentation.

comment:9 by Johannes Maron, 6 years ago

Needs documentation: unset

comment:10 by Nick Pope, 6 years ago

Needs tests: set

comment:11 by Hasan Ramezani, 6 years ago

@Johannes Hoppe , I did your requested changes on the PR.
Any suggestion for the tests?

comment:12 by Hasan Ramezani, 6 years ago

Needs tests: unset

Tests added to PR!

comment:13 by Carlton Gibson, 5 years ago

Triage Stage: AcceptedReady for checkin

comment:14 by Carlton Gibson <carlton@…>, 5 years ago

Resolution: fixed
Status: assignedclosed

In dcb8f00:

Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.

Thank you to Nick Pope for review.

Co-authored-by: CHI Cheng <cloudream@…>

comment:15 by Nick Pope, 5 years ago

PR moving autocomplete attribute into UsernameField.

comment:16 by Carlton Gibson <carlton.gibson@…>, 5 years ago

In 999891bd:

Refs #29379 -- Moved autocomplete attribute to UsernameField.

Moving the autocomplete attribute into UsernameField allows this to work
for custom forms making use of UsernameField, removes some duplication
in the code, and keeps consistency with the autocapitalize attribute
that is already defined on UsernameField.

Note: See TracTickets for help on using tickets.
Back to Top