fix(a11y): add autocomplete=username/current-password to login inputs#219
Merged
Merged
Conversation
The sign-in inputs lacked autocomplete attributes, producing a browser DOM warning and degraded password-manager behaviour. - LoginPage email field: autoComplete email -> username (the identifier field on a sign-in form should be username for password managers). - PasswordStep (hosted verify.fivucsas flow via LoginMfaFlow): add autoComplete=username to the email field and current-password to the password field (both were missing entirely). - IdentifierStep (shared opening identity entry, both surfaces): add autoComplete=username. Scope is strictly the login/identifier/password sign-in path; register and reset-password flows are untouched. Typecheck clean; npm run build passes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The login form inputs lacked
autocompleteattributes, producing a browser DOM warning and degraded password-manager UX (no credential fill / save prompts).This adds the correct WHATWG autocomplete tokens to the identifier and password inputs across all sign-in surfaces:
LoginPage.tsx(app.fivucsas dashboard)emailusernamePasswordStep.tsx(verify.fivucsas hosted flow viaLoginMfaFlow)usernamePasswordStep.tsxcurrent-passwordIdentifierStep.tsx(shared opening identity entry, both surfaces)usernamePassword managers expect
usernameon the identifier field of a sign-in form (notemail), paired withcurrent-passwordon the password field.LoginPage.tsxalready hadcurrent-passwordon its password field and a paired hiddenusernameinput for the identifier-first step; the gaps were the visible identifier token and the hostedPasswordStep(which had no autocomplete at all — the real source of the DOM warning on verify.fivucsas).Scope
Strictly the login / identifier / password sign-in path. Register and reset-password flows are intentionally untouched (those use
new-passwordsemantics and are out of scope).Idiom
Uses the
autoCompleteMUITextFieldprop directly, matching the existing idiom already present inLoginPage.tsx.Verification
tsc --noEmit: cleannpm run build: passes (full prebuild/fetch-models ran successfully)