WordPress.org
Get WordPress

Make WordPress Core

Opened 6 months ago

Last modified 5 months ago

#63897 new defect (bug)

Generate Password button requires two clicks to update the password field on Add New User screen

Reported by: parthvataliya's profile parthvataliya Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.6
Component: Users Keywords: has-patch has-test-info dev-feedback
Focuses: javascript Cc:

Description

When creating a new user in WordPress (Users → Add New), the "Generate Password" button does not update the password field value on the first click.

Steps to reproduce:

  1. Go to Users → Add New.
  2. Scroll to the Password field and click Generate Password.
  3. Notice that the password input value remains unchanged.
  4. Click Generate Password again. This time, the password input updates correctly with a previously created password.

Expected behavior:

The password input field should be updated with a generated password immediately on the first click.

Actual behavior:

The password input field only updates after the second click on the Generate Password button.

Attachments (1)

63897.patch (389 bytes) - added by parthvataliya 6 months ago.
This patch resolves the issue.

Download all attachments as: .zip

Change History (12)

@parthvataliya
6 months ago

This patch resolves the issue.

#1 @sabernhardt
6 months ago

  • Focuses javascript added
  • Keywords has-patch added
  • Version set to 5.6

This ticket was mentioned in PR #9674 on WordPress/wordpress-develop by taninakond.
6 months ago #2

This patch fixes the issue where the Generate Password button requires two clicks on the Add New User screen.

  • Moves generatePassword() inside the AJAX callback.
  • Ensures the password field is updated immediately after the new password is generated.
  • Prevents user confusion and improves usability.

Trac ticket: https://core.trac.wordpress.org/ticket/63897#section-pr

#3 @nikunj8866
6 months ago

  • Keywords has-test-info dev-feedback added

Test Report

Patch tested: https://github.com/WordPress/wordpress-develop/pull/9674

Steps to Reproduce or Test

  1. Go to Users -> Add New.
  2. Scroll to the Password field and click Generate Password.
  3. 🐞 Notice that the password input value remains unchanged.
  4. Click Generate Password again. This time, the password input updates correctly with a previously created password.

Expected Results

When testing a patch to validate it works as expected:

  • ✅ The password input field updated with a generated password immediately on the first click.

When reproducing a bug:

  • ❌ The password input field only updates after the second click on the Generate Password button.

Environment

  • WordPress: 6.8.2
  • PHP: 8.2.27
  • Server: nginx/1.26.1
  • Database: mysqli (Server: 8.0.35 / Client: mysqlnd 8.2.27)
  • Browser: Chrome 139.0.0.0
  • OS: Windows 10/11
  • Theme: Storefront 4.6.1
  • MU Plugins: None activated
  • Plugins:
    • Test Reports 1.2.0

Actual Results

When reproducing a bug/defect:

  • ❌ Error condition occurs.

When testing the bugfix patch:

  • ✅ Issue resolved with patch.

#4 @siliconforks
6 months ago

Well, the proposed change fixes the issue, but it creates a new issue: there is now a delay between clicking the button and the generated password appearing in the password field, because there is a network round-trip occurring in between. (This might not be noticeable if you are running WordPress on your local machine, but it will be if you are running it over a slow network connection.)

It looks like the original issue (the issue requiring the button to be clicked twice) has been encountered before, on the "reset password" page, and fixed there (but not on the "add user" page). See the comment in the code here:

https://github.com/WordPress/wordpress-develop/blob/da59c19dcaae731f64c9f512d35157e356e25931/src/js/_enqueues/admin/user-profile.js#L533-L542

#6 follow-up: @siliconforks
6 months ago

PR #9677 is an alternative proposal which takes the fix which was originally applied to the "reset password" page and applies it to the "add user" page too.

#7 in reply to: ↑ 6 ; follow-up: @taninakond
6 months ago

Replying to siliconforks:

PR #9677 is an alternative proposal which takes the fix which was originally applied to the "reset password" page and applies it to the "add user" page too.

Refactor automatic password generation for improved UX and code clarity on the Add New User and Reset Password pages

Remove redundant code:
The block at lines 533–542 that triggered the "Generate Password" button click on page load is no longer needed. Passwords are already automatically filled via the bindPass1 function, which calls generatePassword() on initialization.

Move network password generation:
Move the block at lines 264–268 to line 63, directly under the generatePassword call. This ensures that:

  • The password field is always initialized with the value set in $pass1.data('pw'), which comes from PHP and is set at line 31.
  • Any network request to fetch a new password happens after the initial password is set, so there is no delay in showing a password on page load.
  • When the user clicks the "Generate Password" button, a new password is fetched and stored in data-pw, ensuring the latest password is always available.

Result:
On both the Add New User and Reset Password pages, the password field is immediately filled from the server-provided value. If a new password is needed, it is fetched without delaying the initial UI, and any user-initiated password generation fetches a fresh value as expected.

@taninakond commented on PR #9674:
6 months ago #8

### Refactor automatic password generation for improved UX and code clarity on the Add New User and Reset Password pages

Remove redundant code:
The block at lines 533–542 that triggered the "Generate Password" button click on page load is no longer needed. Passwords are already automatically filled via the bindPass1 function, which calls generatePassword() on initialization.

Move network password generation:
Move the block at lines 264–268 to line 63, directly under the generatePassword call. This ensures that:

  1. The password field is always initialized with the value set in $pass1.data('pw'), which comes from PHP and is set at line 31.
  2. Any network request to fetch a new password happens after the initial password is set, so there is no delay in showing a password on page load.
  3. When the user clicks the "Generate Password" button, a new password is fetched and stored in data-pw, ensuring the latest password is always available.

Result:
On both the Add New User and Reset Password pages, the password field is immediately filled from the server-provided value. If a new password is needed, it is fetched without delaying the initial UI, and any user-initiated password generation fetches a fresh value as expected.

#9 in reply to: ↑ 7 ; follow-up: @siliconforks
6 months ago

Replying to taninakond:

Move network password generation:
Move the block at lines 264–268 to line 63, directly under the generatePassword call.

Note that this results in additional unnecessary AJAX requests on some pages:

  • The Writing Settings admin page (Settings → Writing) now has an unnecessary AJAX request.
  • The installer's "Information needed" page also now has an unnecessary AJAX request. (This one may result in a 404 "not found" error because WordPress is not installed yet and may not be ready to handle AJAX at this point.)

#10 in reply to: ↑ 9 @taninakond
6 months ago

Replying to siliconforks:

Note that this results in additional unnecessary AJAX requests on some pages:

@siliconforks Thank you for pointing this out. To avoid the unnecessary AJAX requests on pages where the password field is not present, we could wrap the AJAX call in a simple condition. For example:

if ( $( '.wp-generate-pw' ).length ) {
    wp.ajax.post( 'generate-password' )
        .done( function( data ) {
            $pass1.data( 'pw', data );
        } );
}

This way, the request will only be triggered when the relevant element exists on the page.

Last edited 6 months ago by taninakond (previous) (diff)

#11 @pmbaldha
5 months ago

Test Report

Patch tested: https://github.com/WordPress/wordpress-develop/pull/9677

Steps to Reproduce or Test

  1. Go to Users -> Add New.
  2. Scroll to the Password field and click Generate Password.
  3. 🐞 Notice that the password input value remains unchanged.
  4. Click Generate Password again. This time, the password input updates correctly with a previously created password.
  1. Install and Activate the "Email Log" plugin.
  2. Log out from Admin Dashboard.
  3. Open http://localhost:8889/wp-login.php and click on the "Lost your password?" link.
  4. Fill either username or email, and then click on the "Get New Password" button.
  5. Login to the Admin Dashboard >

Expected Results

When testing a patch to validate it works as expected:

  • ✅ What should happen when running the test

When reproducing a bug:

  • ❌ Error condition occurs.

Environment

  • WordPress: 6.9-alpha-60093-src
  • PHP: 8.2.29
  • Server: nginx/1.29.1
  • Database: mysqli (Server: 8.4.6 / Client: mysqlnd 8.2.29)
  • Browser: Chrome 140.0.0.0
  • OS: Windows 10/11
  • Theme: Twenty Seventeen 3.9
  • MU Plugins:
    • test.php
  • Plugins:
    • Email Log 2.61
    • Test Reports 1.2.0

Actual Results

When reproducing a bug/defect:

  • ❌ Error condition occurs.

When testing the bugfix patch:

  • ✅ Issue resolved with patch.
Note: See TracTickets for help on using tickets.