Commit 83806582 authored by Jade Telford's avatar Jade Telford
Browse files

MDL-55476 auth: remove loginpasswordautocomplete

parent d97582fd
......@@ -117,7 +117,6 @@ if ($hassiteconfig) { // speedup for non-admins, add all caps used on this page
$temp->add(new admin_setting_configcheckbox('cookiesecure', new lang_string('cookiesecure', 'admin'), new lang_string('configcookiesecure', 'admin'), 1));
$temp->add(new admin_setting_configcheckbox('cookiehttponly', new lang_string('cookiehttponly', 'admin'), new lang_string('configcookiehttponly', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('allowframembedding', new lang_string('allowframembedding', 'admin'), new lang_string('allowframembedding_help', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('loginpasswordautocomplete', new lang_string('loginpasswordautocomplete', 'admin'), new lang_string('loginpasswordautocomplete_help', 'admin'), 0));
// Settings elements used by the \core\files\curl_security_helper class.
$temp->add(new admin_setting_configmixedhostiplist('curlsecurityblockedhosts',
......
......@@ -64,8 +64,6 @@ class login implements renderable, templatable {
public $instructions;
/** @var moodle_url The form action login URL. */
public $loginurl;
/** @var bool Whether the password can be auto completed. */
public $passwordautocomplete;
/** @var bool Whether the username should be remembered. */
public $rememberusername;
/** @var moodle_url The sign-up URL. */
......@@ -90,7 +88,6 @@ class login implements renderable, templatable {
$this->cookieshelpicon = new help_icon('cookiesenabled', 'core');
$this->autofocusform = !empty($CFG->loginpageautofocus);
$this->passwordautocomplete = !empty($CFG->loginpasswordautocomplete);
$this->rememberusername = isset($CFG->rememberusername) and $CFG->rememberusername == 2;
$this->forgotpasswordurl = new moodle_url($CFG->httpswwwroot . '/login/forgot_password.php');
......@@ -149,7 +146,6 @@ class login implements renderable, templatable {
context_system::instance()->id);
$data->loginurl = $this->loginurl->out(false);
$data->rememberusername = $this->rememberusername;
$data->passwordautocomplete = $this->passwordautocomplete;
$data->signupurl = $this->signupurl->out(false);
$data->username = $this->username;
......
......@@ -56,11 +56,6 @@ class block_login extends block_base {
// TODO: now that we have multiauth it is hard to find out if there is a way to change password
$forgot = $wwwroot . '/login/forgot_password.php';
if (!empty($CFG->loginpasswordautocomplete)) {
$autocomplete = 'autocomplete="off"';
} else {
$autocomplete = '';
}
$username = get_moodle_cookie();
......@@ -75,14 +70,15 @@ class block_login extends block_base {
$strusername = get_string('usernameemail');
}
$this->content->text .= "\n".'<form class="loginform" id="login" method="post" action="'.get_login_url().'" '.$autocomplete.'>';
$this->content->text .= "\n".'<form class="loginform" id="login" method="post" action="'.get_login_url().'">';
$this->content->text .= '<div class="form-group"><label for="login_username">'.$strusername.'</label>';
$this->content->text .= '<input type="text" name="username" id="login_username" class="form-control" value="'.s($username).'" /></div>';
$this->content->text .= '<div class="form-group"><label for="login_password">'.get_string('password').'</label>';
$this->content->text .= '<input type="password" name="password" id="login_password" class="form-control" value="" '.$autocomplete.' /></div>';
$this->content->text .= '<input type="password" name="password" id="login_password" class="form-control"
value="" /></div>';
if (isset($CFG->rememberusername) and $CFG->rememberusername == 2) {
$checked = $username ? 'checked="checked"' : '';
......
......@@ -674,8 +674,6 @@ $string['logguests_help'] = 'This setting enables logging of actions by guest ac
$string['loginhttps'] = 'Use HTTPS for logins';
$string['loginpageautofocus'] = 'Autofocus login page form';
$string['loginpageautofocus_help'] = 'Enabling this option improves usability of the login page, but automatically focusing fields may be considered an accessibility issue.';
$string['loginpasswordautocomplete'] = 'Prevent password autocompletion on login form';
$string['loginpasswordautocomplete_help'] = 'If enabled, users are not allowed to save their account password in their browser.';
$string['loglifetime'] = 'Keep logs for';
$string['logo'] = 'Logo';
$string['logo_desc'] = 'A full logo to be used as decoration by some themes (such as core themes). This image can be quite high resolution because it will be scaled down for use (and cached for performance). Logos that are wider than they are high usually give better results. Formats accepted: PNG and JPG.';
......@@ -1241,3 +1239,6 @@ $string['cacheapplication'] = 'Application cache';
$string['cacheapplicationhelp'] = 'Cached items are shared among all users and expire by a determined time to live (ttl).';
// Deprecated since Moodle 3.2.
$string['mobile'] = 'Mobile';
// Deprecated since Moodle 3.3.
$string['loginpasswordautocomplete'] = 'Prevent password autocompletion on login form';
$string['loginpasswordautocomplete_help'] = 'If enabled, users are not allowed to save their account password in their browser.';
\ No newline at end of file
......@@ -59,3 +59,5 @@ strftimedaydatetime,core_message
timenosee,core_message
timesent,core_message
userssearchresults,core_message
loginpasswordautocomplete,core_admin
loginpasswordautocomplete_help,core_admin
\ No newline at end of file
......@@ -2465,5 +2465,10 @@ function xmldb_main_upgrade($oldversion) {
upgrade_main_savepoint(true, 2016122800.00);
}
if ($oldversion < 2017011900.00) {
unset_config('loginpasswordautocomplete');
upgrade_main_savepoint(true, 2017011900.00);
}
return true;
}
......@@ -33,7 +33,6 @@
"instructions": "For full access to this site, you first need to create an account.",
"loginurl": "http://example.com/stable_master/login/index.php",
"rememberusername": true,
"passwordautocomplete": false,
"signupurl": "http://localhost/stable_master/login/signup.php",
"cookieshelpiconformatted": "",
"username": ""
......@@ -62,7 +61,7 @@
{{{errorformatted}}}
</div>
{{/error}}
<form action="{{loginurl}}" method="post" id="login" {{^passwordautocomplete}}autocomplete="off"{{/passwordautocomplete}}>
<form action="{{loginurl}}" method="post" id="login">
<div class="loginform">
<div class="form-label">
<label for="username">
......@@ -82,7 +81,7 @@
<label for="password">{{#str}} password {{/str}}</label>
</div>
<div class="form-input">
<input type="password" name="password" id="password" size="15" value="" {{^passwordautocomplete}}autocomplete="off"{{/passwordautocomplete}}>
<input type="password" name="password" id="password" size="15" value=">
</div>
</div>
......
......@@ -217,7 +217,7 @@ function core_login_process_password_set($token) {
}
// Token is correct, and unexpired.
$mform = new login_set_password_form(null, $user, 'post', '', 'autocomplete="yes"');
$mform = new login_set_password_form(null, $user);
$data = $mform->get_data();
if (empty($data)) {
// User hasn't submitted form, they got here directly from email link.
......
......@@ -44,19 +44,13 @@ class login_set_password_form extends moodleform {
*/
public function definition() {
global $CFG;
// Prepare a string showing whether the site wants login password autocompletion to be available to user.
if (empty($CFG->loginpasswordautocomplete)) {
$autocomplete = 'autocomplete="on"';
} else {
$autocomplete = '';
}
$mform = $this->_form;
$mform->setDisableShortforms(true);
$mform->addElement('header', 'setpassword', get_string('setpassword'), '');
// Include the username in the form so browsers will recognise that a password is being set.
$mform->addElement('text', 'username', '', 'style="display: none;" ' . $autocomplete);
$mform->addElement('text', 'username', '', 'style="display: none;"');
$mform->setType('username', PARAM_RAW);
// Token gives authority to change password.
$mform->addElement('hidden', 'token', '');
......@@ -75,12 +69,12 @@ class login_set_password_form extends moodleform {
if ($policies) {
$mform->addElement('static', 'passwordpolicyinfo', '', implode('<br />', $policies));
}
$mform->addElement('password', 'password', get_string('newpassword'), $autocomplete);
$mform->addElement('password', 'password', get_string('newpassword'));
$mform->addRule('password', get_string('required'), 'required', null, 'client');
$mform->setType('password', PARAM_RAW);
$strpasswordagain = get_string('newpassword') . ' (' . get_string('again') . ')';
$mform->addElement('password', 'password2', $strpasswordagain, $autocomplete);
$mform->addElement('password', 'password2', $strpasswordagain);
$mform->addRule('password2', get_string('required'), 'required', null, 'client');
$mform->setType('password2', PARAM_RAW);
......
......@@ -34,7 +34,6 @@
* instructionsformat - Format of instructions,
* loginurl - Login url,
* rememberusername - Remeber username?,
* passwordautocomplete - Allow password autocomplete?,
* signupurl - Signup url,
* cookieshelpiconformatted - Formatted html of cookies help icon,
* errorformatted - Formatted error,
......@@ -84,7 +83,6 @@
"instructionsformat": "1",
"loginurl": "http://localhost/stable_master/login/index.php",
"rememberusername": true,
"passwordautocomplete": false,
"signupurl": "http://localhost/stable_master/login/signup.php",
"cookieshelpiconformatted": "",
"errorformatted": "",
......@@ -123,7 +121,7 @@
<div class="row">
<div class="col-md-4 push-md-1">
<form class="m-t-1" action="{{loginurl}}" method="post" id="login" {{^passwordautocomplete}}autocomplete="off"{{/passwordautocomplete}}>
<form class="m-t-1" action="{{loginurl}}" method="post" id="login">
<input id="anchor" type="hidden" name="anchor" value="">
<script>document.getElementById('anchor').value = location.hash;</script>
......@@ -142,8 +140,7 @@
<label for="password" class="sr-only">{{#str}} password {{/str}}</label>
<input type="password" name="password" id="password" value=""
class="form-control"
placeholder={{#quote}}{{#str}}password{{/str}}{{/quote}}
{{^passwordautocomplete}}autocomplete="off"{{/passwordautocomplete}}>
placeholder={{#quote}}{{#str}}password{{/str}}{{/quote}}>
{{#rememberusername}}
<div class="rememberpass m-t-1">
......
......@@ -29,7 +29,7 @@
defined('MOODLE_INTERNAL') || die();
$version = 2017011200.00; // YYYYMMDD = weekly release date of this DEV branch.
$version = 2017011900.00; // YYYYMMDD = weekly release date of this DEV branch.
// RR = release increments - 00 in DEV branches.
// .XX = incremental changes.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment