-
Notifications
You must be signed in to change notification settings - Fork 357
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
clear user name and password on failed login attempt. #2514
Conversation
cb92023
to
011c257
Compare
@@ -722,6 +722,8 @@ function miqAjaxAuth(url) { | |||
}) | |||
.then(null, function() { | |||
add_flash(__('Incorrect username or password'), 'error', { id: 'auth_failed' }); | |||
$('#user_name').val(''); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've noticed the service UI does not clear the username, in the sake of consistency it probably makes sense to do the same or change in both. any opinions? /cc @serenamarie125
test failures seems unrelated? |
See related PR in Service UI |
@ohadlevy I can check if there are any conventions on the PatternFly side, but I would guess just clearing the password is enough. Can you change the button label to "Log In" as part of this PR ? |
b930de4
to
f2e3c91
Compare
@serenamarie125 updated to only reset password field, changed all login buttons text (and hover) to "Log in" |
@ohadlevy I did check with PatternFly, and although there is currently no "guidance" on what to do about clearing, the consensus is to add documentation around clearing BOTH the username and password upon failed login attempt. My initial suggestion of only clearing password was around the user experience, meaning if i type in my password incorrectly, do I really have to retype both user name and password ?! But Catherine brought up the fact that she has had discussions with security folks around this, and that the suggestion was to clear both. Sorry bout that! Thanks for updating the "Log In" as well for button label & tooltip! |
f2e3c91
to
3b0f116
Compare
@serenamarie125 re-added user field. this is now also consistent with other projects (such as foreman) :) |
based on discussion on a similar PR on the ops UI (ManageIQ/manageiq-ui-classic#2514 (comment)) I'm suggesting we align across the two.
I see the updated video with the new behavior, but "Login" doesn't seem to be updated? |
@serenamarie125 I didnt update the video, but here is an image |
@ohadlevy this looks good. Verified in UI. |
@h-kataria any idea why tests are failing? doesn't seem related - is there any better way to test this kind of change? thanks. |
@ohadlevy spec test failures seem related to changes in this PR, maybe there is a syntax error in the html string. i will try to look into it. |
it('removes password field form log in form', function () { | ||
deferred = $q.defer(); | ||
// simulate authentication api call | ||
spyOn(API 'get').andReturn(deferred.promise); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ohadlevy comma missing here
spyOn(API, 'get').andReturn(deferred.promise);
that should fix the test failures
3b0f116
to
2b3e093
Compare
This is odd, same tests pass for me locally. |
80ccdc8
to
fb6e25f
Compare
FWIW, I've seen all 3 scenarios on web based logins: clear both, clear password only, clear none. Since we only clear password in the SUI PR linked above, we should match that for now. Unless we want to change SUI to clear both. I tend towards only clearing the password, to make it easier for the user, since the user can actually see the userid to know if it's correct. |
@dclarizio SUI was updated at ManageIQ/manageiq-ui-service#1162 |
fb6e25f
to
ab806c1
Compare
Also renamed Login to Log in
ab806c1
to
5c0c24d
Compare
Checked commit ohadlevy@5c0c24d with ruby 2.3.3, rubocop 0.47.1, and haml-lint 0.20.0 app/views/dashboard/login.html.haml
|
@h-kataria fixed the test failure issue - this is mostly due to the fact that our javascript test infrastructure does not support ES6 js / babel. going forward I would suggest to check alternatives to the way we currently do JS testing. hopefully its ready to merge now - thanks! |
"Log In" should have a capital "I" @ohadlevy can you do a separate PR to update? |
@serenamarie125 fixed at #2539 |
deferred = $q.defer(); | ||
|
||
// simulate failed authentication api call | ||
spyOn(API, 'get').and.callFake(function() {return deferred.reject();}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the late response.. this spec doesn't do anything... (thanks @mzazrivec for noticing :))
Fixed in #3355, but just so you know :)
- can't use
inject(API)
because this is not angular code - login is usingvanillaJsAPI
, not the angular service - can't mock
API.get
because it is not actually used,vanillaJsAPI.login
is called and does theget
internally - any time we use a promise.then/catch, the code is run asynchronously - and asynchronous expects are ignored in synchronous tests - missing a
done
param for theit
function, jasmine uses the arity of the function to determine whether it's synchronous (arity 0) or asynchronous (arity 1 and you need to call the provided callback when done), so this was a synchronous spec with 0 expects - having the mock return a fake promise would make sense if we didn't have to wait, but we can't wait on a then.then.then of a promise without getting the new promise - so
miqAjaxAuth
needs to return the right promise so that we can wait on it - missing spy on
miqClearLoginFields
- badly escaped quotes-within-quotes-within-apostrophes (but we can't really use the onclick anyway)
I've cleared both user and password, but maybe clearing
just the password is sufficent.
also, this is my first attempt in writing jasmin specs
any comments are welcomed
https://bugzilla.redhat.com/show_bug.cgi?id=1089786
https://www.pivotaltracker.com/n/projects/1613907/stories/152252967