Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add autocomplete "one-time-code" attribute #657

Merged
merged 3 commits into from
Jan 9, 2025
Merged

Add autocomplete "one-time-code" attribute #657

merged 3 commits into from
Jan 9, 2025

Conversation

stefanmomm
Copy link
Contributor

What?

This PR disables autocompletion for authcode input fields.

Why?

Since authcode are always unique, autocompletion is not useful here.

How?

Testing Instructions

Screenshots or screencast

Changelog Entry

Added - Disabled autocompletion for authcode input fields.
Fixed - Corrected input type.

@stefanmomm stefanmomm changed the title Disable autocomplete Disable authcode input autocompletion Jan 6, 2025
@jeffpaul jeffpaul requested a review from kasparsd January 8, 2025 20:43
@jeffpaul jeffpaul added this to the 0.11.0 milestone Jan 8, 2025
kasparsd
kasparsd reviewed Jan 9, 2025
View reviewed changes
Copy link
Collaborator

@kasparsd kasparsd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reviewed a few of the industry examples like GitHub and it appears that there is an update spec for the autocomplete values so we could use those instead:

https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete#one-time-code

Any concerns with this approach?

providers/class-two-factor-totp.php
@@ -349,7 +349,7 @@ public function user_two_factor_options( $user ) {
/* translators: Example auth code. */
$placeholder = sprintf( __( 'eg. %s', 'two-factor' ), '123456' );
?>
<input type="tel" name="two-factor-totp-authcode" id="two-factor-totp-authcode" class="input" value="" size="20" pattern="[0-9 ]*" placeholder="<?php echo esc_attr( $placeholder ); ?>" />
<input type="text" inputmode="numeric" name="two-factor-totp-authcode" id="two-factor-totp-authcode" class="input" value="" size="20" pattern="[0-9 ]*" placeholder="<?php echo esc_attr( $placeholder ); ?>" autocomplete="off" />
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just confirmed that GitHub is also using text input type with numeric inputmode:

totp-input-github

But they also have autocomplete="one-time-code" (per spec), so I wonder if we actually need to change that to match.

@stefanmomm
Copy link
Contributor Author

@kasparsd Looks good to me, I just changed autocomplete to one-time-code.

@stefanmomm stefanmomm changed the title Disable authcode input autocompletion Add autocomplete "one-time-code" attribute Jan 9, 2025
kasparsd
kasparsd approved these changes Jan 9, 2025
View reviewed changes
Copy link
Collaborator

@kasparsd kasparsd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great, thank you!

@kasparsd kasparsd merged commit 3c85963 into WordPress:master Jan 9, 2025
24 checks passed
@kasparsd kasparsd mentioned this pull request Jan 9, 2025
Merged
@jeffpaul jeffpaul modified the milestones: 0.12.0, 0.11.0 Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kasparsd kasparsd kasparsd approved these changes

Assignees

@stefanmomm stefanmomm

Labels
None yet
Projects
None yet
Milestone
0.11.0
Development

Successfully merging this pull request may close these issues.
3 participants
@stefanmomm @kasparsd @jeffpaul