Rename profile password fields so password managers understand (!71237) · Merge requests · GitLab.org / GitLab

Drew Blessing requested to merge dblessing_password_autocomplete_chrome into master Sep 27, 2021

What does this MR do and why?

Fixes an issue where Chrome (and probably other browsers) and password managers may be confused about which field is the current password field on /-/profile/password/edit and /-/profile/password/new pages/forms.

This is related to a discussion on setting autocomplete HTML value to new-password and current-password, which Firefox respects - #27125 (closed). This MR addresses both Chrome and Firefox.

Screenshots or screen recordings

Before

Notice the current password was autofilled by the browser in 'New password'.

After

How to set up and validate locally

Sign in as a user
Visit Profile -> Password
Enter current password, new password and confirmation. Submit to change password.
Observe password change is successful.

Observe that your password manager and/or Chrome now correctly see the 'Current password' field as one to fill, while the 'New password' and 'Password confirmation' are seen by password manager as one to generate a new password for.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Oct 08, 2021 by Drew Blessing

Rename profile password fields so password managers understand