From c53c9f68666457365f9294fe944b8491c242ec65 Mon Sep 17 00:00:00 2001 From: Mattic <50807277+ImMattic@users.noreply.github.com> Date: Thu, 15 Feb 2024 09:22:35 -0600 Subject: [PATCH 1/3] Turned off autocomplete for TOTP codes Small QOL change to turn off autocomplete when entering TOTP codes since they're one time use only. --- resources/views/mfa/parts/verify-totp.blade.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/views/mfa/parts/verify-totp.blade.php b/resources/views/mfa/parts/verify-totp.blade.php index a52d9b652..b779465ab 100644 --- a/resources/views/mfa/parts/verify-totp.blade.php +++ b/resources/views/mfa/parts/verify-totp.blade.php @@ -2,7 +2,7 @@

{{ trans('auth.mfa_verify_totp_desc') }}

-
+ {{ csrf_field() }} Date: Sun, 10 Mar 2024 18:24:42 +0000 Subject: [PATCH 2/3] TOTP: Added one-time-code autofill During review of #4849 Tested on Firefox & Chromium desktop. --- resources/views/mfa/parts/verify-totp.blade.php | 1 + 1 file changed, 1 insertion(+) diff --git a/resources/views/mfa/parts/verify-totp.blade.php b/resources/views/mfa/parts/verify-totp.blade.php index b779465ab..78d0fa64d 100644 --- a/resources/views/mfa/parts/verify-totp.blade.php +++ b/resources/views/mfa/parts/verify-totp.blade.php @@ -6,6 +6,7 @@ {{ csrf_field() }} From d5a689366c7ceca8f7949caf0d919bb13fb56499 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Sun, 10 Mar 2024 18:31:01 +0000 Subject: [PATCH 3/3] MFA: Copied autocomplete changes from totp to backup codes Also added tests to cover. Related to #4849 --- .../mfa/parts/verify-backup_codes.blade.php | 3 ++- tests/Auth/MfaVerificationTest.php | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/resources/views/mfa/parts/verify-backup_codes.blade.php b/resources/views/mfa/parts/verify-backup_codes.blade.php index 0e5b82086..3e28f71c6 100644 --- a/resources/views/mfa/parts/verify-backup_codes.blade.php +++ b/resources/views/mfa/parts/verify-backup_codes.blade.php @@ -2,10 +2,11 @@

{{ trans('auth.mfa_verify_backup_code_desc') }}

- + {{ csrf_field() }} @if($errors->has('code')) diff --git a/tests/Auth/MfaVerificationTest.php b/tests/Auth/MfaVerificationTest.php index 2fa272e33..76c59bc74 100644 --- a/tests/Auth/MfaVerificationTest.php +++ b/tests/Auth/MfaVerificationTest.php @@ -57,6 +57,15 @@ class MfaVerificationTest extends TestCase $this->assertNull(auth()->user()); } + public function test_totp_form_has_autofill_configured() + { + [$user, $secret, $loginResp] = $this->startTotpLogin(); + $html = $this->withHtml($this->get('/mfa/verify')); + + $html->assertElementExists('form[autocomplete="off"][action$="/verify"]'); + $html->assertElementExists('input[autocomplete="one-time-code"][name="code"]'); + } + public function test_backup_code_verification() { [$user, $codes, $loginResp] = $this->startBackupCodeLogin(); @@ -138,6 +147,15 @@ class MfaVerificationTest extends TestCase $resp->assertSeeText('You have less than 5 backup codes remaining, Please generate and store a new set before you run out of codes to prevent being locked out of your account.'); } + public function test_backup_code_form_has_autofill_configured() + { + [$user, $codes, $loginResp] = $this->startBackupCodeLogin(); + $html = $this->withHtml($this->get('/mfa/verify')); + + $html->assertElementExists('form[autocomplete="off"][action$="/verify"]'); + $html->assertElementExists('input[autocomplete="one-time-code"][name="code"]'); + } + public function test_both_mfa_options_available_if_set_on_profile() { $user = $this->users->editor();