Patch #240

views/user/edit, make password fields not-autocomplete (UI fix)

Added by David Reese over 13 years ago. Updated about 8 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:


Target version:-


In the user/edit view, Firefox autofills the first password field. This is not useful behavior for a couple reasons:

  • It fills in MY password, not the password of the user I'm editing
  • The only use for those password fields is for changing passwords -- a user would never want that autofilled
  • It fills in only the first password field, not the confirmation, so either I clear the field before I change any attributes
    on a user, or on validate it tells me the password fields don't match.

I think the best way to fix this is renaming the password form fields so they're not automatically filled in. You could
also clear the fields with javascript onload/dom:ready, and I actually did that at first, but it seemed less elegant.

Pasted the patches for 2 files below... hope this is the right way to do this, it's my first patch.

Index: app/views/users/_form.rhtml ===================================================================
--- app/views/users/_form.rhtml (revision 964)
+++ app/views/users/_form.rhtml (working copy)
@ -22,11 +22,11 @
<p><%= :auth_source_id, ([[l(:label_internal), ""]] + @auth_sources.collect { |a| [,] }), {}, :onchange => "if (this.value=='') {'password_fields');} else {Element.hide('password_fields');}" ></p>
end >
<div id="password_fields" style="<
= 'display:none;' if @user.auth_source >">
<p><label for="password"><
=l(:field_password)%><span class="required">
<%= password_field_tag 'password', nil, :size => 25 ><br />
<p><label for="newpassword"><
=l(:field_password)%><span class="required">
<%= password_field_tag 'newpassword', nil, :size => 25 ><br />
= l(:text_caracters_minimum, 4) ></em></p>
<p><label for="password_confirmation"><
class="required"> *</span></label>
<%= password_field_tag 'password_confirmation', nil, :size => 25 ></p>
<p><label for="newpassword_confirmation"><
class="required"> *</span></label>
<%= password_field_tag 'newpassword_confirmation', nil, :size => 25 %></p>

Index: app/controllers/users_controller.rb ===================================================================
--- app/controllers/users_controller.rb (revision 964)
++ app/controllers/users_controller.rb (working copy)
@ -57,11 +57,11 @
@user =[:user])
@user.admin = params[:user][:admin] || false
@user.login = params[:user][:login]
- @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless
@user.password, @user.password_confirmation = params[:newpassword], params[:newpassword_confirmation] unless
@custom_values = UserCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| => x, :customized => user, :value => (params[:custom_fields]
? params["custom_fields"][] : nil)) }
@user.custom_values = @custom_values
- Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
+ Mailer.deliver_account_information(@user, params[:newpassword]) if params[:send_information]
flash[:notice] = l(:notice_successful_create)
redirect_to :action => 'list'
@ 76,7 76,7 @@
@user.admin = params[:user][:admin] if params[:user][:admin]
@user.login = params[:user][:login] if params[:user][:login]
@user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless
params[:password].nil? or params[:password].empty? or @user.auth_source_id
@user.password, @user.password_confirmation = params[:newpassword], params[:newpassword_confirmation] unless
params[:newpassword].nil? or params[:newpassword].empty? or @user.auth_source_id
if params[:custom_fields]
@custom_values = UserCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| => x, :customized => @user, :value =>
params["custom_fields"][]) }
@user.custom_values = @custom_values

user-pwd-autocomplete.png (11.4 KB) David Reese, 2008-02-03 11:01

Related issues

Related to Redmine - Defect #4043: username/password fields get autocompleted New 2009-10-17
Related to Redmine - Defect #12632: Autofilled custom fields in Firefox Closed


#1 Updated by Felix Schäfer about 11 years ago

  • Category set to UI
  • Assignee set to Jean-Philippe Lang

I'd rather blame that on the user agent, but it's not the first complaint I read about this (can't find the others though). Could we just rename the password fields where they are not actually intended as authentication?

#2 Updated by Filou Centrinov over 8 years ago

+1 Yes, please fix this. I'm using Redmine 2.2 / Firefox 17. It might be related to #4043.

#3 Updated by Filou Centrinov about 8 years ago

Seems to be fixed. Using Redmine 2.3 / Firefox 20 this defect does not occur anymore.

Also available in: Atom PDF