-
Notifications
You must be signed in to change notification settings - Fork 630
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with LastPass auto-fill on User permission pages' password prompt #7177
Comments
According to this Manage Your Form Fills KB article, LastPass will avoid autofilling any fields with a Would appreciate if you could test it out. Change your |
Hey BK, appreciate the quick response. I was trying to test this out yesterday but ran into a perfect storm of problems. I hope to be able to resolve them soon. |
Ok, finally managed to get this tested. It does prevent the username from inadvertently getting changed, but it also prevents auto-generation of a new password for the current user. LastPass does both password generation and autofill of saved username/email & password values. The password generation is certainly valuable and shouldn't be prevented. To date, the only time I've run into a problem has been when editing some other user's account in a way that triggers a prompt for my password. So, in the interest of not fixing what ain't broke, I'd suggest preventing LP autofill on other users' fields only, not from the current user. |
Alright, just made that change. Run |
Looks perfect! I've never used any of the other password managers like 1password or KeePass or whatever others there are, but it might be worth implementing the same precautions for them as well. |
We’ve done what we can for 1Password, although unfortunately they don’t support an explicit data attribute like LP does, so it goes in and out of working depending on the 1P version. (#5365) |
Craft 3.5.17 is out now with the LastPass improvement. |
Description
I use LastPass to manage my passwords, and have the LastPass addon installed in Chrome. What it does is look for username and password fields on the current page, and offer to fill them.
This is great, except for when that password field has no relation to the username field. O.O
When editing a user's permissions and clicking "Save", Craft wisely pops-up a modal box asking for the currently logged-in user's password. This means that on the same page, we have both a username field (the user being edited), and a completely unrelated password field ("me", aka. the currently logged-in user).
So when I then use LastPass to fill out the password field, it also "helpfully" fills out the user's username field with my username. Trying to submit from that state, thankfully, always results in an error about the username already being taken.
The simplest solution I can think of would be to enhance what Craft does when modal windows are shown, and mark all other fields not in the modal as
readonly
. I think that should fix it.Steps to reproduce
Additional info
The text was updated successfully, but these errors were encountered: