summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDennis1993 <Dennis1993@users.noreply.github.com>2018-10-31 09:19:02 +0100
committerGitHub <noreply@github.com>2018-10-31 09:19:02 +0100
commit708658afa34612667191fe06560ec1f37b1cab43 (patch)
tree5dc91dbc3f454122d354c1b57d16116023425f43
parent426641a795c41aaa1e48715c9fa2c39d2a8cb387 (diff)
parent2a9b56f77bf4622b4dbc8e954fcfc2a3226d3110 (diff)
downloadnextcloud-server-708658afa34612667191fe06560ec1f37b1cab43.tar.gz
nextcloud-server-708658afa34612667191fe06560ec1f37b1cab43.zip
Merge pull request #12089 from Rayn0r/master
added possibility to disable autocomplete in login form
-rw-r--r--config/config.sample.php10
-rw-r--r--core/Controller/LoginController.php8
-rw-r--r--core/templates/login.php4
-rw-r--r--tests/Core/Controller/LoginControllerTest.php20
4 files changed, 34 insertions, 8 deletions
diff --git a/config/config.sample.php b/config/config.sample.php
index 25f56904dc4..902bfa6e44d 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -1663,4 +1663,14 @@ $CONFIG = array(
* If this is set to "false" it will not show the link.
*/
'simpleSignUpLink.shown' => true,
+
+/**
+ * By default autocompletion is enabled for the login form on Nextcloud's login page.
+ * While this is enabled, browsers are allowed to "remember" login names and such.
+ * Some companies require it to be disabled to comply with their security policy.
+ *
+ * Simply set this property to "false", if you want to turn this feature off.
+ */
+
+'login_form_autocomplete' => true,
);
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index a9fb22f21b7..d34f243f15f 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -171,6 +171,14 @@ class LoginController extends Controller {
$parameters['loginName'] = '';
$parameters['user_autofocus'] = true;
}
+
+ $autocomplete = $this->config->getSystemValue('login_form_autocomplete', true);
+ if ($autocomplete){
+ $parameters['login_form_autocomplete'] = 'on';
+ } else {
+ $parameters['login_form_autocomplete'] = 'off';
+ }
+
if (!empty($redirect_url)) {
$parameters['redirect_url'] = $redirect_url;
}
diff --git a/core/templates/login.php b/core/templates/login.php
index 989ea1eaad5..3035d23da70 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -42,7 +42,7 @@ use OC\Core\Controller\LoginController;
aria-label="<?php p($l->t('Username or email')); ?>"
value="<?php p($_['loginName']); ?>"
<?php p($_['user_autofocus'] ? 'autofocus' : ''); ?>
- autocomplete="on" autocapitalize="none" autocorrect="off" required>
+ autocomplete="<?php p($_['login_form_autocomplete']); ?>" autocapitalize="none" autocorrect="off" required>
<label for="user" class="infield"><?php p($l->t('Username or email')); ?></label>
</p>
@@ -51,7 +51,7 @@ use OC\Core\Controller\LoginController;
placeholder="<?php p($l->t('Password')); ?>"
aria-label="<?php p($l->t('Password')); ?>"
<?php p($_['user_autofocus'] ? '' : 'autofocus'); ?>
- autocomplete="on" autocapitalize="off" autocorrect="none" required>
+ autocomplete="<?php p($_['login_form_autocomplete']); ?>" autocapitalize="none" autocorrect="off" required>
<label for="password" class="infield"><?php p($l->t('Password')); ?></label>
</p>
diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php
index f2e8d112b64..efe85d81e1c 100644
--- a/tests/Core/Controller/LoginControllerTest.php
+++ b/tests/Core/Controller/LoginControllerTest.php
@@ -199,6 +199,7 @@ class LoginControllerTest extends TestCase {
'alt_login' => [],
'resetPasswordLink' => null,
'throttle_delay' => 1000,
+ 'login_form_autocomplete' => 'off',
],
'guest'
);
@@ -223,6 +224,7 @@ class LoginControllerTest extends TestCase {
'alt_login' => [],
'resetPasswordLink' => null,
'throttle_delay' => 1000,
+ 'login_form_autocomplete' => 'off',
],
'guest'
);
@@ -255,10 +257,12 @@ class LoginControllerTest extends TestCase {
->method('isLoggedIn')
->willReturn(false);
$this->config
- ->expects($this->once())
+ ->expects($this->exactly(2))
->method('getSystemValue')
- ->with('lost_password_link')
- ->willReturn(false);
+ ->will($this->returnValueMap([
+ ['login_form_autocomplete', true, true],
+ ['lost_password_link', '', false],
+ ]));
$user = $this->createMock(IUser::class);
$user
->expects($this->once())
@@ -281,6 +285,7 @@ class LoginControllerTest extends TestCase {
'alt_login' => [],
'resetPasswordLink' => false,
'throttle_delay' => 1000,
+ 'login_form_autocomplete' => 'on',
],
'guest'
);
@@ -338,10 +343,12 @@ class LoginControllerTest extends TestCase {
->method('isLoggedIn')
->willReturn(false);
$this->config
- ->expects($this->once())
+ ->expects($this->exactly(2))
->method('getSystemValue')
- ->with('lost_password_link')
- ->willReturn(false);
+ ->will($this->returnValueMap([
+ ['login_form_autocomplete', true, true],
+ ['lost_password_link', '', false],
+ ]));
$user = $this->createMock(IUser::class);
$user->expects($this->once())
->method('canChangePassword')
@@ -363,6 +370,7 @@ class LoginControllerTest extends TestCase {
'alt_login' => [],
'resetPasswordLink' => false,
'throttle_delay' => 1000,
+ 'login_form_autocomplete' => 'on',
],
'guest'
);