Add render_value to various PasswordInput fields.

Review Request #5346 — Created Jan. 28, 2014 and submitted

Information

Review Board
release-1.7.x

Reviewers

Add render_value to various PasswordInput fields.

For password inputs that are part of settings (LDAP auth, mail host, and
repository), the password wasn't pre-populated into the form, which meant that
if you changed said settings, you'd need to re-enter the password. This is
highly annoying. I've added render_value=True to the affected PasswordInput
ctors.

Checked that saving a password was "sticky".

chipx86
  1. Looks fine.

    I remember this being the default a long time ago and people complaining about the security of it. Is the password in the HTML when this is on? I think ideally, we'd just not save the password or require it if we already have one stored and it's blank, and show some junk placeholder to make the field not appear empty.

    1. So, it is included in the HTML, but I think given that it's admin-only (and people who are security-conscious should be using HTTPS), I'd much rather trade off the slight security impact for the significant usability gain.

      Possibly we could do some hijinks to show a junk placeholder (not requiring it would mean you couldn't clear it out), but that seems like a lot of complexity for little gain.

  2. 
      
david
Review request changed
Status:
Completed
Change Summary:
Pushed to release-1.7.x (a0eaf37).