Include an invisible username field in password change forms #3032

matrixbot · 2024-09-10T07:37:25Z

This issue was originally created by @sandhose at matrix-org/matrix-authentication-service#3032.

We had that originally in the server-side rendered password recovery form: if you include a hidden <input type="text" value="alice" autocomplete="username" /> so that password manager can detect which account the password was just changed.

This means:

we need an anonymous GraphQL API to fetch infos about the recovery ticket
we need to implement that on the password recovery form
we need to implement that on the password change form (easier because we already know the user here)

The text was updated successfully, but these errors were encountered:

matrixbot added A-Account-Management Related to self-service account management A-GraphQL Changes to the GraphQL API A-Local-Password Related to the local password database labels Sep 10, 2024

matrixbot mentioned this issue Sep 10, 2024

Include an invisible username field in password change forms matrix-org/matrix-authentication-service#3032

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Include an invisible username field in password change forms #3032

Include an invisible username field in password change forms #3032

matrixbot commented Sep 10, 2024

Include an invisible username field in password change forms #3032

Include an invisible username field in password change forms #3032

Comments

matrixbot commented Sep 10, 2024