clear user name and password on failed login attempt. #2514
Conversation
|
|
ohadlevy
force-pushed
the
reset-user-pass
branch
from
cb92023
to
011c257
Compare
| @@ -722,6 +722,8 @@ function miqAjaxAuth(url) { | |||
| }) | |||
| .then(null, function() { | |||
| add_flash(__('Incorrect username or password'), 'error', { id: 'auth_failed' }); | |||
| $('#user_name').val(''); | |||
There was a problem hiding this comment.
I've noticed the service UI does not clear the username, in the sake of consistency it probably makes sense to do the same or change in both. any opinions? /cc @serenamarie125
|
test failures seems unrelated? |
|
See related PR in Service UI |
|
@ohadlevy I can check if there are any conventions on the PatternFly side, but I would guess just clearing the password is enough. Can you change the button label to "Log In" as part of this PR ? |
ohadlevy
force-pushed
the
reset-user-pass
branch
2 times, most recently
from
b930de4
to
f2e3c91
Compare
|
@serenamarie125 updated to only reset password field, changed all login buttons text (and hover) to "Log in" |
|
@ohadlevy I did check with PatternFly, and although there is currently no "guidance" on what to do about clearing, the consensus is to add documentation around clearing BOTH the username and password upon failed login attempt. My initial suggestion of only clearing password was around the user experience, meaning if i type in my password incorrectly, do I really have to retype both user name and password ?! But Catherine brought up the fact that she has had discussions with security folks around this, and that the suggestion was to clear both. Sorry bout that! Thanks for updating the "Log In" as well for button label & tooltip! |
ohadlevy
force-pushed
the
reset-user-pass
branch
from
f2e3c91
to
3b0f116
Compare
|
@serenamarie125 re-added user field. this is now also consistent with other projects (such as foreman) :) |
based on discussion on a similar PR on the ops UI (ManageIQ/manageiq-ui-classic#2514 (comment)) I'm suggesting we align across the two.
|
I see the updated video with the new behavior, but "Login" doesn't seem to be updated? |
|
@serenamarie125 I didnt update the video, but here is an image |
|
@ohadlevy this looks good. Verified in UI. |
|
@h-kataria any idea why tests are failing? doesn't seem related - is there any better way to test this kind of change? thanks. |
|
@ohadlevy spec test failures seem related to changes in this PR, maybe there is a syntax error in the html string. i will try to look into it. |
| it('removes password field form log in form', function () { | ||
| deferred = $q.defer(); | ||
| // simulate authentication api call | ||
| spyOn(API 'get').andReturn(deferred.promise); |
There was a problem hiding this comment.
@ohadlevy comma missing here
spyOn(API, 'get').andReturn(deferred.promise);
that should fix the test failures
ohadlevy
force-pushed
the
reset-user-pass
branch
from
3b0f116
to
2b3e093
Compare
|
This is odd, same tests pass for me locally. |
ohadlevy
force-pushed
the
reset-user-pass
branch
3 times, most recently
from
80ccdc8
to
fb6e25f
Compare
|
FWIW, I've seen all 3 scenarios on web based logins: clear both, clear password only, clear none. Since we only clear password in the SUI PR linked above, we should match that for now. Unless we want to change SUI to clear both. I tend towards only clearing the password, to make it easier for the user, since the user can actually see the userid to know if it's correct. |
|
@dclarizio SUI was updated at ManageIQ/manageiq-ui-service#1162 |
ohadlevy
force-pushed
the
reset-user-pass
branch
from
fb6e25f
to
ab806c1
Compare
Also renamed Login to Log in
ohadlevy
force-pushed
the
reset-user-pass
branch
from
ab806c1
to
5c0c24d
Compare
|
Checked commit ohadlevy@5c0c24d with ruby 2.3.3, rubocop 0.47.1, and haml-lint 0.20.0 app/views/dashboard/login.html.haml
|
|
@h-kataria fixed the test failure issue - this is mostly due to the fact that our javascript test infrastructure does not support ES6 js / babel. going forward I would suggest to check alternatives to the way we currently do JS testing. hopefully its ready to merge now - thanks! |
|
"Log In" should have a capital "I" @ohadlevy can you do a separate PR to update? |
|
@serenamarie125 fixed at #2539 |
| deferred = $q.defer(); | ||
|
|
||
| // simulate failed authentication api call | ||
| spyOn(API, 'get').and.callFake(function() {return deferred.reject();}); |
There was a problem hiding this comment.
Sorry for the late response.. this spec doesn't do anything... (thanks @mzazrivec for noticing :))
Fixed in #3355, but just so you know :)
- can't use
inject(API)because this is not angular code - login is usingvanillaJsAPI, not the angular service - can't mock
API.getbecause it is not actually used,vanillaJsAPI.loginis called and does thegetinternally - any time we use a promise.then/catch, the code is run asynchronously - and asynchronous expects are ignored in synchronous tests - missing a
doneparam for theitfunction, jasmine uses the arity of the function to determine whether it's synchronous (arity 0) or asynchronous (arity 1 and you need to call the provided callback when done), so this was a synchronous spec with 0 expects - having the mock return a fake promise would make sense if we didn't have to wait, but we can't wait on a then.then.then of a promise without getting the new promise - so
miqAjaxAuthneeds to return the right promise so that we can wait on it - missing spy on
miqClearLoginFields - badly escaped quotes-within-quotes-within-apostrophes (but we can't really use the onclick anyway)
I've cleared both user and password, but maybe clearing
just the password is sufficent.
also, this is my first attempt in writing jasmin specs
any comments are welcomed
https://bugzilla.redhat.com/show_bug.cgi?id=1089786
https://www.pivotaltracker.com/n/projects/1613907/stories/152252967