#530 ✓resolved
Iain

Password confirmation does not have password input type

Reported by Iain | November 6th, 2009 @ 02:50 AM | in Hobo 1.0 - Final

There seems to be a problem with password confirmation fields not being obfuscated with the password input type.

I've just reset the database for my hobo app, and loaded up the front index page which still has the default form for inputting the administrator's details. When I initially put in the details everything's fine, but I've noticed that if the form fails validation (I put in two different passwords by accident) when the form reloads the password confirmation field does not have the password input type, and so the confirmation appears on the screen in clear text (the regular password field is "starred out" as normal).

I can't investigate at the moment so I'm not sure what the problem might be, but something seems to be done differently the second time that the form gets displayed.

Comments and changes to this ticket

  • Bryan Larsen

    Bryan Larsen November 6th, 2009 @ 07:36 PM

    • Tag changed from defect, security, signup to defect, rapid, security, signup

    I closed a bug last week claiming the same thing because I couldn't reproduce it. I'm still having problems. But obviously, there's a problem somewhere. So the more detail you provide, the better. Thanks. What browser are you using? What version of Hobo, rails, et cetera?

  • Bryan Larsen

    Bryan Larsen November 16th, 2009 @ 02:58 PM

    • Milestone set to Hobo 1.0 - Final
    • Assigned user set to “Bryan Larsen”

    Thanks, that was easy to reproduce this time.

  • Tom Locke

    Tom Locke November 16th, 2009 @ 04:15 PM

    • State changed from “new” to “resolved”

    (from [17247eac8a78f8b36dcc3b9684a3e4ec8da32a23]) [#530 state:resolved]

    This is the fix for bug 530. The fix is in the hobo_user_model
    template, so you will have to run

    script/generate hobo_user_model User --invite-only

    or

    rake hobo:run_standard_generators

    or you can patch app/models/user.rb from

    validates_confirmation_of :password, :if => "User.count == 0"

    to

    def new_password_required_with_invite_only?
  new_password_required_without_invite_only? || User.count==0
  end
alias_method_chain :new_password_required?, :invite_only

    http://github.com/tablatom/hobo/commit/17247eac8a78f8b36dcc3b9684a3...

  • Bryan Larsen

    Bryan Larsen November 16th, 2009 @ 04:17 PM

    Note for those tuning in: this bug affects all password dialogs, but only for invite-only projects.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

People watching this ticket

Attachments

Tags

Referenced by

Pages