Swap the order of pin and password fields (!112176) · Merge requests · GitLab.org / GitLab

Eduardo Sanz García requested to merge eduardosanz/reorder-password-field into master Feb 16, 2023

What does this MR do and why?

Swap the order of pin (authenticator code) and password fields. Hence when registering a new time-based one time password (TOTP) authenticator display first the password field above the pin field.

From Slack:

Problem: User scans the QR code, types in the 6 digit number, the 6 digit number refreshes as it’s timed based, the user types in their password, they get a “invalid pin code” error, the screen refreshes, therefore a new QR code is generated, they have to delete the existing entry in their auth app and start all over again.

For reference, the new WebAuthn workflow displays the password on top of other fields too:

Closes #390886 (closed)

Screenshots or screen recordings

Before

After

How to set up and validate locally

Go to https://gdk.test:3443/-/profile/two_factor_auth
Register a TOTP

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Feb 16, 2023 by Eduardo Sanz García

Swap the order of pin and password fields