Bug 33253: Turn off autocompletion for 2FA authentication code

The form for entering your authentication code shoudl not suggest previous codes. To test: * Activate TwoFactorAuthentication * Go to your patron account in staff * More > Manage 2-factor authentication * I used "Google authenticator" on my phone, so: * Open app on your phone, add new and scan the QR code * Enter activation code * Log out of staff interface * Log back in, you are now also asked for an authentication code as second step * Look up code in app, enter, get logged in * Log out, log back in - the form now suggests the previous code when you click on it * Apply patch * Reload things (restart_all on ktd) * Verify that you no longer get the suggestion Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-04-16 10:45:06 +00:00 · 2023-04-16 10:45:06 +00:00 · 2496f6373a
commit 2496f6373a
parent 1ba08f87f8
1 changed files with 1 additions and 1 deletions
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt
@ -175,7 +175,7 @@
        [% END %]
    [% END %]
 [% ELSIF TwoFA_prompt %]
-    <form action="[% script_name | html %]" method="post" name="loginform" id="loginform">
+    <form action="[% script_name | html %]" method="post" name="loginform" id="loginform" autocomplete="off">
        <input type="hidden" name="koha_login_context" value="intranet" />
        [% FOREACH INPUT IN INPUTS %]
            <input type="hidden" name="[% INPUT.name | html %]" value="[% INPUT.value | html %]" />