moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 16:36:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-55476 auth: remove loginpasswordautocomplete

Browse source
This commit is contained in:
Jade Telford 2017-01-19 05:03:29 +00:00
parent d97582fd27
commit 8380658219
11 changed files with 22 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

1
admin/settings/security.php
View file

@ -117,7 +117,6 @@ if ($hassiteconfig) { // speedup for non-admins, add all caps used on this page
$temp->add(new admin_setting_configcheckbox('cookiesecure', new lang_string('cookiesecure', 'admin'), new lang_string('configcookiesecure', 'admin'), 1)); $temp->add(new admin_setting_configcheckbox('cookiesecure', new lang_string('cookiesecure', 'admin'), new lang_string('configcookiesecure', 'admin'), 1));
$temp->add(new admin_setting_configcheckbox('cookiehttponly', new lang_string('cookiehttponly', 'admin'), new lang_string('configcookiehttponly', 'admin'), 0)); $temp->add(new admin_setting_configcheckbox('cookiehttponly', new lang_string('cookiehttponly', 'admin'), new lang_string('configcookiehttponly', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('allowframembedding', new lang_string('allowframembedding', 'admin'), new lang_string('allowframembedding_help', 'admin'), 0)); $temp->add(new admin_setting_configcheckbox('allowframembedding', new lang_string('allowframembedding', 'admin'), new lang_string('allowframembedding_help', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('loginpasswordautocomplete', new lang_string('loginpasswordautocomplete', 'admin'), new lang_string('loginpasswordautocomplete_help', 'admin'), 0));
// Settings elements used by the \core\files\curl_security_helper class. // Settings elements used by the \core\files\curl_security_helper class.
$temp->add(new admin_setting_configmixedhostiplist('curlsecurityblockedhosts', $temp->add(new admin_setting_configmixedhostiplist('curlsecurityblockedhosts',

4
auth/classes/output/login.php
View file

@ -64,8 +64,6 @@ class login implements renderable, templatable {
public $instructions; public $instructions;
/** @var moodle_url The form action login URL. */ /** @var moodle_url The form action login URL. */
public $loginurl; public $loginurl;
/** @var bool Whether the password can be auto completed. */
public $passwordautocomplete;
/** @var bool Whether the username should be remembered. */ /** @var bool Whether the username should be remembered. */
public $rememberusername; public $rememberusername;
/** @var moodle_url The sign-up URL. */ /** @var moodle_url The sign-up URL. */
@ -90,7 +88,6 @@ class login implements renderable, templatable {
$this->cookieshelpicon = new help_icon('cookiesenabled', 'core'); $this->cookieshelpicon = new help_icon('cookiesenabled', 'core');
$this->autofocusform = !empty($CFG->loginpageautofocus); $this->autofocusform = !empty($CFG->loginpageautofocus);
$this->passwordautocomplete = !empty($CFG->loginpasswordautocomplete);
$this->rememberusername = isset($CFG->rememberusername) and $CFG->rememberusername == 2; $this->rememberusername = isset($CFG->rememberusername) and $CFG->rememberusername == 2;
$this->forgotpasswordurl = new moodle_url($CFG->httpswwwroot . '/login/forgot_password.php'); $this->forgotpasswordurl = new moodle_url($CFG->httpswwwroot . '/login/forgot_password.php');
@ -149,7 +146,6 @@ class login implements renderable, templatable {
context_system::instance()->id); context_system::instance()->id);
$data->loginurl = $this->loginurl->out(false); $data->loginurl = $this->loginurl->out(false);
$data->rememberusername = $this->rememberusername; $data->rememberusername = $this->rememberusername;
$data->passwordautocomplete = $this->passwordautocomplete;
$data->signupurl = $this->signupurl->out(false); $data->signupurl = $this->signupurl->out(false);
$data->username = $this->username; $data->username = $this->username;

10
blocks/login/block_login.php
View file

@ -56,11 +56,6 @@ class block_login extends block_base {
// TODO: now that we have multiauth it is hard to find out if there is a way to change password // TODO: now that we have multiauth it is hard to find out if there is a way to change password
$forgot = $wwwroot . '/login/forgot_password.php'; $forgot = $wwwroot . '/login/forgot_password.php';
if (!empty($CFG->loginpasswordautocomplete)) {
$autocomplete = 'autocomplete="off"';
} else {
$autocomplete = '';
}
$username = get_moodle_cookie(); $username = get_moodle_cookie();
@ -75,14 +70,15 @@ class block_login extends block_base {
$strusername = get_string('usernameemail'); $strusername = get_string('usernameemail');
} }
$this->content->text .= "\n".'<form class="loginform" id="login" method="post" action="'.get_login_url().'" '.$autocomplete.'>'; $this->content->text .= "\n".'<form class="loginform" id="login" method="post" action="'.get_login_url().'">';
$this->content->text .= '<div class="form-group"><label for="login_username">'.$strusername.'</label>'; $this->content->text .= '<div class="form-group"><label for="login_username">'.$strusername.'</label>';
$this->content->text .= '<input type="text" name="username" id="login_username" class="form-control" value="'.s($username).'" /></div>'; $this->content->text .= '<input type="text" name="username" id="login_username" class="form-control" value="'.s($username).'" /></div>';
$this->content->text .= '<div class="form-group"><label for="login_password">'.get_string('password').'</label>'; $this->content->text .= '<div class="form-group"><label for="login_password">'.get_string('password').'</label>';
$this->content->text .= '<input type="password" name="password" id="login_password" class="form-control" value="" '.$autocomplete.' /></div>'; $this->content->text .= '<input type="password" name="password" id="login_password" class="form-control"
value="" /></div>';
if (isset($CFG->rememberusername) and $CFG->rememberusername == 2) { if (isset($CFG->rememberusername) and $CFG->rememberusername == 2) {
$checked = $username ? 'checked="checked"' : ''; $checked = $username ? 'checked="checked"' : '';

5
lang/en/admin.php
View file

@ -674,8 +674,6 @@ $string['logguests_help'] = 'This setting enables logging of actions by guest ac
$string['loginhttps'] = 'Use HTTPS for logins'; $string['loginhttps'] = 'Use HTTPS for logins';
$string['loginpageautofocus'] = 'Autofocus login page form'; $string['loginpageautofocus'] = 'Autofocus login page form';
$string['loginpageautofocus_help'] = 'Enabling this option improves usability of the login page, but automatically focusing fields may be considered an accessibility issue.'; $string['loginpageautofocus_help'] = 'Enabling this option improves usability of the login page, but automatically focusing fields may be considered an accessibility issue.';
$string['loginpasswordautocomplete'] = 'Prevent password autocompletion on login form';
$string['loginpasswordautocomplete_help'] = 'If enabled, users are not allowed to save their account password in their browser.';
$string['loglifetime'] = 'Keep logs for'; $string['loglifetime'] = 'Keep logs for';
$string['logo'] = 'Logo'; $string['logo'] = 'Logo';
$string['logo_desc'] = 'A full logo to be used as decoration by some themes (such as core themes). This image can be quite high resolution because it will be scaled down for use (and cached for performance). Logos that are wider than they are high usually give better results. Formats accepted: PNG and JPG.'; $string['logo_desc'] = 'A full logo to be used as decoration by some themes (such as core themes). This image can be quite high resolution because it will be scaled down for use (and cached for performance). Logos that are wider than they are high usually give better results. Formats accepted: PNG and JPG.';
@ -1241,3 +1239,6 @@ $string['cacheapplication'] = 'Application cache';
$string['cacheapplicationhelp'] = 'Cached items are shared among all users and expire by a determined time to live (ttl).'; $string['cacheapplicationhelp'] = 'Cached items are shared among all users and expire by a determined time to live (ttl).';
// Deprecated since Moodle 3.2. // Deprecated since Moodle 3.2.
$string['mobile'] = 'Mobile'; $string['mobile'] = 'Mobile';
// Deprecated since Moodle 3.3.
$string['loginpasswordautocomplete'] = 'Prevent password autocompletion on login form';
$string['loginpasswordautocomplete_help'] = 'If enabled, users are not allowed to save their account password in their browser.';

2
lang/en/deprecated.txt
View file

@ -59,3 +59,5 @@ strftimedaydatetime,core_message
timenosee,core_message timenosee,core_message
timesent,core_message timesent,core_message
userssearchresults,core_message userssearchresults,core_message
loginpasswordautocomplete,core_admin
loginpasswordautocomplete_help,core_admin

5
lib/db/upgrade.php
View file

@ -2465,5 +2465,10 @@ function xmldb_main_upgrade($oldversion) {
upgrade_main_savepoint(true, 2016122800.00); upgrade_main_savepoint(true, 2016122800.00);
} }
if ($oldversion < 2017011900.00) {
unset_config('loginpasswordautocomplete');
upgrade_main_savepoint(true, 2017011900.00);
}
return true; return true;
} }

5
lib/templates/login.mustache
View file

@ -33,7 +33,6 @@
"instructions": "For full access to this site, you first need to create an account.", "instructions": "For full access to this site, you first need to create an account.",
"loginurl": "http://example.com/stable_master/login/index.php", "loginurl": "http://example.com/stable_master/login/index.php",
"rememberusername": true, "rememberusername": true,
"passwordautocomplete": false,
"signupurl": "http://localhost/stable_master/login/signup.php", "signupurl": "http://localhost/stable_master/login/signup.php",
"cookieshelpiconformatted": "", "cookieshelpiconformatted": "",
"username": "" "username": ""
@ -62,7 +61,7 @@
{{{errorformatted}}} {{{errorformatted}}}
</div> </div>
{{/error}} {{/error}}
<form action="{{loginurl}}" method="post" id="login" {{^passwordautocomplete}}autocomplete="off"{{/passwordautocomplete}}> <form action="{{loginurl}}" method="post" id="login">
<div class="loginform"> <div class="loginform">
<div class="form-label"> <div class="form-label">
<label for="username"> <label for="username">
@ -82,7 +81,7 @@
<label for="password">{{#str}} password {{/str}}</label> <label for="password">{{#str}} password {{/str}}</label>
</div> </div>
<div class="form-input"> <div class="form-input">
<input type="password" name="password" id="password" size="15" value="" {{^passwordautocomplete}}autocomplete="off"{{/passwordautocomplete}}> <input type="password" name="password" id="password" size="15" value=">
</div> </div>
</div> </div>

2
login/lib.php
View file

@ -217,7 +217,7 @@ function core_login_process_password_set($token) {
} }
// Token is correct, and unexpired. // Token is correct, and unexpired.
$mform = new login_set_password_form(null, $user, 'post', '', 'autocomplete="yes"'); $mform = new login_set_password_form(null, $user);
$data = $mform->get_data(); $data = $mform->get_data();
if (empty($data)) { if (empty($data)) {
// User hasn't submitted form, they got here directly from email link. // User hasn't submitted form, they got here directly from email link.

12
login/set_password_form.php
View file

@ -44,19 +44,13 @@ class login_set_password_form extends moodleform {
*/ */
public function definition() { public function definition() {
global $CFG; global $CFG;
// Prepare a string showing whether the site wants login password autocompletion to be available to user.
if (empty($CFG->loginpasswordautocomplete)) {
$autocomplete = 'autocomplete="on"';
} else {
$autocomplete = '';
}
$mform = $this->_form; $mform = $this->_form;
$mform->setDisableShortforms(true); $mform->setDisableShortforms(true);
$mform->addElement('header', 'setpassword', get_string('setpassword'), ''); $mform->addElement('header', 'setpassword', get_string('setpassword'), '');
// Include the username in the form so browsers will recognise that a password is being set. // Include the username in the form so browsers will recognise that a password is being set.
$mform->addElement('text', 'username', '', 'style="display: none;" ' . $autocomplete); $mform->addElement('text', 'username', '', 'style="display: none;"');
$mform->setType('username', PARAM_RAW); $mform->setType('username', PARAM_RAW);
// Token gives authority to change password. // Token gives authority to change password.
$mform->addElement('hidden', 'token', ''); $mform->addElement('hidden', 'token', '');
@ -75,12 +69,12 @@ class login_set_password_form extends moodleform {
if ($policies) { if ($policies) {
$mform->addElement('static', 'passwordpolicyinfo', '', implode('<br />', $policies)); $mform->addElement('static', 'passwordpolicyinfo', '', implode('<br />', $policies));
} }
$mform->addElement('password', 'password', get_string('newpassword'), $autocomplete); $mform->addElement('password', 'password', get_string('newpassword'));
$mform->addRule('password', get_string('required'), 'required', null, 'client'); $mform->addRule('password', get_string('required'), 'required', null, 'client');
$mform->setType('password', PARAM_RAW); $mform->setType('password', PARAM_RAW);
$strpasswordagain = get_string('newpassword') . ' (' . get_string('again') . ')'; $strpasswordagain = get_string('newpassword') . ' (' . get_string('again') . ')';
$mform->addElement('password', 'password2', $strpasswordagain, $autocomplete); $mform->addElement('password', 'password2', $strpasswordagain);
$mform->addRule('password2', get_string('required'), 'required', null, 'client'); $mform->addRule('password2', get_string('required'), 'required', null, 'client');
$mform->setType('password2', PARAM_RAW); $mform->setType('password2', PARAM_RAW);

7
theme/boost/templates/core/login.mustache
View file

@ -34,7 +34,6 @@
* instructionsformat - Format of instructions, * instructionsformat - Format of instructions,
* loginurl - Login url, * loginurl - Login url,
* rememberusername - Remeber username?, * rememberusername - Remeber username?,
* passwordautocomplete - Allow password autocomplete?,
* signupurl - Signup url, * signupurl - Signup url,
* cookieshelpiconformatted - Formatted html of cookies help icon, * cookieshelpiconformatted - Formatted html of cookies help icon,
* errorformatted - Formatted error, * errorformatted - Formatted error,
@ -84,7 +83,6 @@
"instructionsformat": "1", "instructionsformat": "1",
"loginurl": "http://localhost/stable_master/login/index.php", "loginurl": "http://localhost/stable_master/login/index.php",
"rememberusername": true, "rememberusername": true,
"passwordautocomplete": false,
"signupurl": "http://localhost/stable_master/login/signup.php", "signupurl": "http://localhost/stable_master/login/signup.php",
"cookieshelpiconformatted": "", "cookieshelpiconformatted": "",
"errorformatted": "", "errorformatted": "",
@ -123,7 +121,7 @@
<div class="row"> <div class="row">
<div class="col-md-4 push-md-1"> <div class="col-md-4 push-md-1">
<form class="m-t-1" action="{{loginurl}}" method="post" id="login" {{^passwordautocomplete}}autocomplete="off"{{/passwordautocomplete}}> <form class="m-t-1" action="{{loginurl}}" method="post" id="login">
<input id="anchor" type="hidden" name="anchor" value=""> <input id="anchor" type="hidden" name="anchor" value="">
<script>document.getElementById('anchor').value = location.hash;</script> <script>document.getElementById('anchor').value = location.hash;</script>
@ -142,8 +140,7 @@
<label for="password" class="sr-only">{{#str}} password {{/str}}</label> <label for="password" class="sr-only">{{#str}} password {{/str}}</label>
<input type="password" name="password" id="password" value="" <input type="password" name="password" id="password" value=""
class="form-control" class="form-control"
placeholder={{#quote}}{{#str}}password{{/str}}{{/quote}} placeholder={{#quote}}{{#str}}password{{/str}}{{/quote}}>
{{^passwordautocomplete}}autocomplete="off"{{/passwordautocomplete}}>
{{#rememberusername}} {{#rememberusername}}
<div class="rememberpass m-t-1"> <div class="rememberpass m-t-1">

2
version.php
View file

@ -29,7 +29,7 @@
defined('MOODLE_INTERNAL') || die(); defined('MOODLE_INTERNAL') || die();
$version = 2017011200.00; // YYYYMMDD = weekly release date of this DEV branch. $version = 2017011900.00; // YYYYMMDD = weekly release date of this DEV branch.
// RR = release increments - 00 in DEV branches. // RR = release increments - 00 in DEV branches.
// .XX = incremental changes. // .XX = incremental changes.