WordPress.org

Make WordPress Core

#47924 closed defect (bug) (fixed)

Reset password: The submit button is enabled when the password input field is empty

Reported by: henry.wright Owned by: adamsilverstein
Milestone: 5.3 Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords: has-patch commit
Focuses: ui Cc:

Description

When resetting a password, the password input field is populated with a strong password suggestion. The submit button is enabled in this case.

If you decide to type a weak password the submit button is disabled and a "Confirm use of weak password" box is shown on the form.

If you remove the password completely so the input field is empty the "Confirm use of weak password" box is removed and the submit button is enabled again.

I think the "Confirm use of weak password" box should be removed but I think the button should remain disabled. This will stop the user submitting an empty form.

Please see the attached images.

Attachments (5)

Screenshot 2019-08-22 at 20.49.54.png (36.1 KB) - added by henry.wright 12 months ago.
Screenshot 2019-08-22 at 20.49.45.png (39.9 KB) - added by henry.wright 12 months ago.
47924.diff (556 bytes) - added by adamsilverstein 12 months ago.
Screen Recording 2019-08-22 at 04.58 PM.gif (407.1 KB) - added by adamsilverstein 12 months ago.
47924.2.diff (964 bytes) - added by adamsilverstein 11 months ago.

Download all attachments as: .zip

Change History (14)

#1 @SergeyBiryukov
12 months ago

  • Component changed from General to Login and Registration
  • Focuses ui added
  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release

#2 @adamsilverstein
12 months ago

@henrywright Thanks for the bug report! That does seem like unexpected behavior.

I have attempted a fix in 47924.diff - in this patch, when the password field is emptied we

  • uncheck weak password checkbox
  • disable the submit button

I found that the checkbox needed to be unchecked, otherwise as you start typing again the submit button would remain disabled. This feels a little more natural as well - after clearing the field and the checkbox disappears, it seems right that it reappears unchecked.

Can you give this a test?

#3 @adamsilverstein
12 months ago

  • Keywords has-patch added; needs-patch removed
  • Owner set to adamsilverstein
  • Status changed from new to reviewing

#4 @SergeyBiryukov
12 months ago

  • Milestone changed from Future Release to 5.3

#5 @henry.wright
12 months ago

Hi @adamsilverstein

The patch is looking good to me. What are your thoughts on adding an additional password strength state?

I believe we have short, bad, good and strong currently. If we added an empty state we could make use of it in places:

if ( $( passStrength ).is( '.empty, .short, .bad' ) ) {
    // Do something
}

#6 @adamsilverstein
12 months ago

I believe we have short, bad, good and strong currently. If we added an empty state we could make use of it in places

Interesting suggestion, I can try that out. In this case the behaviour for 'empty' is quite distinct from non empty, so we may want to keep the conditional as it is in the patch,

#7 @adamsilverstein
11 months ago

In 47924.2.diff:

  • Add a new 'empty' password strength where we were already detecting the empty password field.
  • Keep existing logic for disabling submit button, using the 'empty' strength instead of checking the password length (again)

#8 @adamsilverstein
11 months ago

  • Keywords commit added

#9 @adamsilverstein
11 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 46103:

Login and Registration: reset password - ensure submit button disabled when field empty.

Fix an issue where the submit button was enabled with an empty password when the user previously checked "Confirm use of weak password" for a weak password, then cleared the password field.

Props henry.wright.
Fixes #47924.

Note: See TracTickets for help on using tickets.