Merge pull request #13457 from snipe/fixes/remove_autocomplete_off_on…

…_login Fixed #13365 - Added LOGIN_AUTOCOMPLETE as env var
snipe · Aug 15, 2023 · 7eaf317 · 7eaf317
2 parents 297390a + 24a3e0e
commit 7eaf317
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 3 deletions.
diff --git a/.env.example b/.env.example
@@ -149,6 +149,7 @@ AWS_DEFAULT_REGION=null
 # --------------------------------------------
 LOGIN_MAX_ATTEMPTS=5
 LOGIN_LOCKOUT_DURATION=60
+LOGIN_AUTOCOMPLETE=false
 
 # --------------------------------------------
 # OPTIONAL: FORGOTTEN PASSWORD SETTINGS

diff --git a/config/auth.php b/config/auth.php
@@ -132,4 +132,16 @@
 
     'password_timeout' =>  env('PASSWORD_CONFIRM_TIMEOUT', 10800),
 
+
+    /*
+    |--------------------------------------------------------------------------
+    | Login form autocomplete
+    |--------------------------------------------------------------------------
+    |
+    | Determine whether to include autocomplete="off" on the login form. Some users may want to disable
+    | autocomplete for compliance with security requirements.
+    |
+    */
+    'login_autocomplete' => env('LOGIN_AUTOCOMPLETE', false),
+
 ];
diff --git a/resources/views/auth/login.blade.php b/resources/views/auth/login.blade.php
@@ -4,9 +4,10 @@
 {{-- Page content --}}
 @section('content')
 
-    <form role="form" action="{{ url('/login') }}" method="POST" autocomplete="false">
+    <form role="form" action="{{ url('/login') }}" method="POST" autocomplete="{{ (config('auth.login_autocomplete') === true) ? 'on' : 'off'  }}">
         <input type="hidden" name="_token" value="{{ csrf_token() }}" />
 
+
         <!-- this is a hack to prevent Chrome from trying to autocomplete fields -->
         <input type="text" name="prevent_autofill" id="prevent_autofill" value="" style="display:none;" aria-hidden="true">
         <input type="password" name="password_fake" id="password_fake" value="" style="display:none;" aria-hidden="true">
@@ -45,12 +46,12 @@
 
                                         <div class="form-group{{ $errors->has('username') ? ' has-error' : '' }}">
                                             <label for="username"><i class="fas fa-user" aria-hidden="true"></i> {{ trans('admin/users/table.username')  }}</label>
-                                            <input class="form-control" placeholder="{{ trans('admin/users/table.username')  }}" name="username" type="text" id="username" autocomplete="off" autofocus>
+                                            <input class="form-control" placeholder="{{ trans('admin/users/table.username')  }}" name="username" type="text" id="username" autocomplete="{{ (config('auth.login_autocomplete') === true) ? 'on' : 'off'  }}" autofocus>
                                             {!! $errors->first('username', '<span class="alert-msg" aria-hidden="true"><i class="fas fa-times" aria-hidden="true"></i> :message</span>') !!}
                                         </div>
                                         <div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
                                             <label for="password"><i class="fa fa-key" aria-hidden="true"></i> {{ trans('admin/users/table.password')  }}</label>
-                                            <input class="form-control" placeholder="{{ trans('admin/users/table.password')  }}" name="password" type="password" id="password" autocomplete="off">
+                                            <input class="form-control" placeholder="{{ trans('admin/users/table.password')  }}" name="password" type="password" id="password" autocomplete="{{ (config('auth.login_autocomplete') === true) ? 'on' : 'off'  }}">
                                             {!! $errors->first('password', '<span class="alert-msg" aria-hidden="true"><i class="fas fa-times" aria-hidden="true"></i> :message</span>') !!}
                                         </div>
                                         <div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">