Having upgraded an app (in progress) to 3.1 I had to change a test for clearing the password and password confirmation fields. Rather than testing for an empty value attribute I had to test for a missing value attribute.
That was fine, but when I went to turn off the field clearing to make the test fail, it still passed, because the fields were still cleared (the value was still missing). Previously I had lines in the appropriate controller under create to clear the fields if user creation failed (so the fields would be empty when the form was redisplayed). Now it appears that is no longer necessary.
Is this default behavior now for password and confirmation fields?
Yes.
From the changelog:
Rails 3.0.0 (August 29, 2010)
password_field renders with nil value by default making the use of passwords secure by default
And the original commit here.
Related
I am configuring a custom message in the amplify-authenticator sign-up confirmation by using the supplied slot and passing a "header-text" to my <amplify-confirm-sign-up> as per the docs:
<amplify-authenticator username-alias="email">
<amplify-confirm-sign-up slot="confirm-sign-up" username-alias="email" header-text="Custom Confirm Text"/>
</amplify-authenticator>
This works fine for the custom header-text, but it changes the default behaviour of the <amplify-confirm-sign-up> component. Specifically, when the user confirms the sign-up (in my case, supplies the one-time-confirmation code emailed):
it then no longer auto-populates the email address for the confirm-sign up
once user enters the code (thus confirming the sign-up) it doesn't log them in automatically.
I want to retain the above default workflow - what can I do to customise the header title and keep it?
ASP.net Core 2.2 MVC Web Application
I have a number of forms where I do NOT want the browser to cache/show any previous entered data when the user return to the page. I want the elements/form to NOT cache any information. I do not simply want the browser not to show previously entered information, I want it not to be cached for security reasons.
I tried decorating the controller method with:
[ResponseCache(NoStore = true, Location = ResponseCacheLocation.None)]
to no avail, when I again navigate to the page/form and start typing, previously entered values keep showing up as autocomplete options.
I've tried playing with every nuance of this as well:
Response Caching Middleware in ASP.NET Core
How is this done for all browsers nowadays?
Sounds like it is caused by the autocompletion feature of browser:
By default, browsers remember information that the user submits through fields on websites. This enables the browser to offer autocompletion (that is, suggest possible completions for fields that the user has started typing in) or autofill (that is, pre-populate certain fields upon load).
To disable this feature for a form:
<form autocomplete="off">
...
</form>
Or disable a field :
<input ... autocomplete="off">
Here's a detailed explanation on off
The "off" keyword indicates either that the control’s input data is particularly sensitive (for example the activation code for a nuclear weapon); or that it is a value that will never be reused (for example a one-time-key for a bank login) and the user will therefore have to explicitly enter the data each time, instead of being able to rely on the user agent to prefill the value for him; or that the document provides its own autocomplete mechanism and does not want the user agent to provide autocompletion values.
For more details, see how to disable autocompletion on MDN and w3c.org
Hope it helps.
You can use autocomplete="off" for html elements but chrome prevent this for some names like "name", "address" etc.
This topic was discussed earlier. Chrome ignores autocomplete="off"
I have created two modals (loginModal and registerModal), where a user can switch between them dynamically.
There is an issue with the "VeeValidate" plugin, it's only validating the first field if I added something to the error bag.
I have created a demo for the problem here:
https://2o2z51km00.codesandbox.io/
Source:
https://codesandbox.io/s/2o2z51km00
Open loginModal (it will open by default).
Submit the default login info (you will see a "you have entered invalid
credentials" message).
Switch to register modal after seeing that message.
Submit register modal (with empty inputs)
As you can see, it highlight the first field only (full name field) while ignoring other fields.
Why does that happen?
After a lot of time spent, and not aware of recent changes in the later versions from 2.1 til 2.2.3.
The problem was having multiple modals trying to use the same names. This can be fixed by using scopes as i've implemented in a fork to your project.
https://codesandbox.io/s/vv0jqprpj0
So by adding too the input:
data-vv-scope="SCOPE"
And using this to validate the fields
this.$validator.validate('SCOPE.*')
A side note to this is that you were using v-show on the RegisterModal to show errors and v-if on the LoginModal - The correct is to use v-if
There is CAS+LDAP authorization system.
My login page reloads on 5th wrong attempt to login. For example, if I try to login with wrong password from 1 to 4 times, only password field cleared. On 5th attempt page reloads (even if password is right) and both username and password fields cleared.
And there is no log output neither in CAS nor in LDAP at this moment.
I have spent two weeks in search for solution, but nothing found.
Thank for advance.
P.S. Sorry for my english :)
---------- EDIT ----------
After Ioannis Baourdos' answer:
The hidden field name="execution" with value="${flowExecutionKey}" presents in my custom casLoginView.jsp
I have also checked my log on 5th attempt. Here I see the same output if I reload page manually.
In my web-browser I repeatedly checked name="execution" value. Here the values:
Action -> Value
1) opened page -> e1s1
2) 1st wrong attempt -> e1s2
3) 2nd wrong attempt -> e1s3
4) 3rd wrong attempt -> e1s4
5) 4th wrong attempt -> e1s5
6) Next either right or wrong attempt (page reloads after submit) -> e7s1
Logically somewhere there is some parameter with value "5". I have not found it yet...
Question is still open ;)
---------- SOLVED ----------
There was link to not existing .png file in my custom css.
More on Suggestion (2)
I was searching for a 5 parameter all over the place myself.
I then reverted back to using the default UI/theme from jasig and the redirection was not happening. So in my case I was 100% certain that there was something wrong with my code.
I left it as it was, went on production and then I had a new CAS integration case which again was implemented with a different custom form.
The 5 became 2 ... same version etc etc. So I jumped into tamper data on firefox to see exactly what was happening.
In the first case it was a custom CSS I was using, that was trying to load another CSS that did not exist.
In the second case, I had upgraded JQuery to 1.10 and I placed the script tag at /includes/top.jsp. I also did not include the /jsp/cas.js file.
With firebug I noticed that this JS file was asking for
#sourceMappingURL=jquery-1.10.2.min.map
which was missing from my JS folder.
to cut a long story short, when I moved my JS inclusions at the bottom.jsp in the same order as CAS default UI and after I removed / fixed all the related imports/includes from my custom JS/CSS files, the issue stopped.
-- old --
if you are designing you custom login form there may be a view cases that cause the redirect.
new suggestion (1)
there are a few cases when this is happening.
If you enable logging you may notice this popping up after the 5fth time:
'initialFlowSetupAction'
in this case most frequent issue is that you are using a custom form and you forgot to set up the 'flow' hidden field.
<input type="hidden" name="_flowExecutionKey" value="${flowExecutionKey}" />
or on 3.5.2
<input type="hidden" name="execution" value="${flowExecutionKey}" />
new suggestion (2)
I also run into a weird case lately ... I was using a custom CSS which
was properly loaded BUT it contained imports to files that were missing:
#import url(ui.datepicker.css);
this was also evident via TamperData (2 calls to cas/login) and also via firebug, 302 redirect to cas/login from request for ui.datepicker.css
ps. this is my first post :)
I am testing my web application using Selenium. All the form validation in the web application is done by HTML5 and some JS(for safari browser). I want to know what is the proper way to test the form validation.
Currently I am using one approach, i.e Before I filled up a mandatory field I clicked on the submit button. If the page is not refreshed then I assume the form validation working correctly. But I think there should be a better approach to do it. I am unable to find any proper solution. Any suggestion will be highly appreciated.
I also go through this link. But it is not working for me because it is not enough to have required attribute (eg required attribute does not work in older Safari browser).
Rather than checking if the page is refreshed or not, you should instead expect that it is not and that a certain error message or field highlighting or something is applied to the current page. When in an error state, the input fields probably get given an extra class, or an error div/span might be added to the DOM, try checking for that sort of thing