Password confirmation does not have password input type
Reported by Iain | November 6th, 2009 @ 02:50 AM | in Hobo 1.0 - Final
There seems to be a problem with password confirmation fields not being obfuscated with the password input type.
I've just reset the database for my hobo app, and loaded up the front index page which still has the default form for inputting the administrator's details. When I initially put in the details everything's fine, but I've noticed that if the form fails validation (I put in two different passwords by accident) when the form reloads the password confirmation field does not have the password input type, and so the confirmation appears on the screen in clear text (the regular password field is "starred out" as normal).
I can't investigate at the moment so I'm not sure what the problem might be, but something seems to be done differently the second time that the form gets displayed.
Comments and changes to this ticket
-
Bryan Larsen November 6th, 2009 @ 07:36 PM
- Tag changed from defect, security, signup to defect, rapid, security, signup
I closed a bug last week claiming the same thing because I couldn't reproduce it. I'm still having problems. But obviously, there's a problem somewhere. So the more detail you provide, the better. Thanks. What browser are you using? What version of Hobo, rails, et cetera?
-
Bryan Larsen November 16th, 2009 @ 02:58 PM
- Milestone set to Hobo 1.0 - Final
- Assigned user set to Bryan Larsen
Thanks, that was easy to reproduce this time.
-
Tom Locke November 16th, 2009 @ 04:15 PM
- State changed from new to resolved
(from [17247eac8a78f8b36dcc3b9684a3e4ec8da32a23]) [#530 state:resolved]
This is the fix for bug 530. The fix is in the hobo_user_model
template, so you will have to runscript/generate hobo_user_model User --invite-only
or
rake hobo:run_standard_generators
or you can patch app/models/user.rb from
validates_confirmation_of :password, :if => "User.count == 0"
to
def new_password_required_with_invite_only? new_password_required_without_invite_only? || User.count==0 end alias_method_chain :new_password_required?, :invite_only
http://github.com/tablatom/hobo/commit/17247eac8a78f8b36dcc3b9684a3...
-
Bryan Larsen November 16th, 2009 @ 04:17 PM
Note for those tuning in: this bug affects all password dialogs, but only for invite-only projects.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
People watching this ticket
Attachments
Referenced by
- 530 Password confirmation does not have password input type (from [17247eac8a78f8b36dcc3b9684a3e4ec8da32a23]) [#530 s...
- 462 Password confirmation fields become type='text' after validation errors This is a duplicate of #530, which has more information a...