WordPress.org

Make WordPress Core

Opened 4 weeks ago

Closed 3 days ago

#47924 closed defect (bug) (fixed)

Reset password: The submit button is enabled when the password input field is empty

Reported by: henry.wright Owned by: adamsilverstein
Milestone: 5.3 Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords: has-patch commit
Focuses: ui Cc:

Description

When resetting a password, the password input field is populated with a strong password suggestion. The submit button is enabled in this case.

If you decide to type a weak password the submit button is disabled and a "Confirm use of weak password" box is shown on the form.

If you remove the password completely so the input field is empty the "Confirm use of weak password" box is removed and the submit button is enabled again.

I think the "Confirm use of weak password" box should be removed but I think the button should remain disabled. This will stop the user submitting an empty form.

Please see the attached images.

Attachments (5)

Screenshot 2019-08-22 at 20.49.54.png (36.1 KB) - added by henry.wright 4 weeks ago.
Screenshot 2019-08-22 at 20.49.45.png (39.9 KB) - added by henry.wright 4 weeks ago.
47924.diff (556 bytes) - added by adamsilverstein 4 weeks ago.
Screen Recording 2019-08-22 at 04.58 PM.gif (407.1 KB) - added by adamsilverstein 4 weeks ago.
47924.2.diff (964 bytes) - added by adamsilverstein 3 days ago.

Download all attachments as: .zip

Change History (14)

#1 @SergeyBiryukov
4 weeks ago

  • Component changed from General to Login and Registration
  • Focuses ui added
  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release

#2 @adamsilverstein
4 weeks ago

@henrywright Thanks for the bug report! That does seem like unexpected behavior.

I have attempted a fix in 47924.diff - in this patch, when the password field is emptied we

  • uncheck weak password checkbox
  • disable the submit button

I found that the checkbox needed to be unchecked, otherwise as you start typing again the submit button would remain disabled. This feels a little more natural as well - after clearing the field and the checkbox disappears, it seems right that it reappears unchecked.

Can you give this a test?

#3 @adamsilverstein
4 weeks ago

  • Keywords has-patch added; needs-patch removed
  • Owner set to adamsilverstein
  • Status changed from new to reviewing

#4 @SergeyBiryukov
3 weeks ago

  • Milestone changed from Future Release to 5.3

#5 @henry.wright
3 weeks ago

Hi @adamsilverstein

The patch is looking good to me. What are your thoughts on adding an additional password strength state?

I believe we have short, bad, good and strong currently. If we added an empty state we could make use of it in places:

if ( $( passStrength ).is( '.empty, .short, .bad' ) ) {
    // Do something
}

#6 @adamsilverstein
3 weeks ago

I believe we have short, bad, good and strong currently. If we added an empty state we could make use of it in places

Interesting suggestion, I can try that out. In this case the behaviour for 'empty' is quite distinct from non empty, so we may want to keep the conditional as it is in the patch,

#7 @adamsilverstein
3 days ago

In 47924.2.diff:

  • Add a new 'empty' password strength where we were already detecting the empty password field.
  • Keep existing logic for disabling submit button, using the 'empty' strength instead of checking the password length (again)

#8 @adamsilverstein
3 days ago

  • Keywords commit added

#9 @adamsilverstein
3 days ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 46103:

Login and Registration: reset password - ensure submit button disabled when field empty.

Fix an issue where the submit button was enabled with an empty password when the user previously checked "Confirm use of weak password" for a weak password, then cleared the password field.

Props henry.wright.
Fixes #47924.

Note: See TracTickets for help on using tickets.