Skip to content

Commit

Permalink
fix(auth): allow password managers to pre-fill input fields (#9390)
Browse files Browse the repository at this point in the history 
HTML disallows having multiple IDs with the same value.

In reality this is for 1Password's feature where you can create
custom fields named like input IDs and 1Password fill pre-fill that.
  • Loading branch information
@sethidden
sethidden committed Nov 22, 2023
1 parent fc8e00c commit 9a7c4c0
Show file tree
Hide file tree
Showing 5 changed files with 14 additions and 14 deletions.
8 changes: 4 additions & 4 deletions src/core/components/auth/oauth2.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,11 +196,11 @@ export default class Oauth2 extends React.Component {
{
( flow === AUTH_FLOW_APPLICATION || flow === AUTH_FLOW_IMPLICIT || flow === AUTH_FLOW_ACCESS_CODE || flow === AUTH_FLOW_PASSWORD ) &&
( !isAuthorized || isAuthorized && this.state.clientId) && <Row>
<label htmlFor="client_id">client_id:</label>
<label htmlFor={ `client_id_${flow}` }>client_id:</label>
{
isAuthorized ? <code> ****** </code>
: <Col tablet={10} desktop={10}>
<InitializedInput id="client_id"
<InitializedInput id={`client_id_${flow}`}
type="text"
required={ flow === AUTH_FLOW_PASSWORD }
initialValue={ this.state.clientId }
Expand All @@ -213,11 +213,11 @@ export default class Oauth2 extends React.Component {

{
( (flow === AUTH_FLOW_APPLICATION || flow === AUTH_FLOW_ACCESS_CODE || flow === AUTH_FLOW_PASSWORD) && <Row>
<label htmlFor="client_secret">client_secret:</label>
<label htmlFor={ `client_secret_${flow}` }>client_secret:</label>
{
isAuthorized ? <code> ****** </code>
: <Col tablet={10} desktop={10}>
<InitializedInput id="client_secret"
<InitializedInput id={ `client_secret_${flow}` }
initialValue={ this.state.clientSecret }
type="password"
data-name="clientSecret"
Expand Down
4 changes: 2 additions & 2 deletions test/e2e-cypress/e2e/features/auth-code-flow-pkce-without-secret.cy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ describe("Check client_secret for OAuth2 Authorization Code flow with and withou
.contains("authorizationCode with PKCE")
.get(".flow")
.contains("authorizationCode with PKCE")
.get("#client_secret")
.get("#client_secret_authorizationCode")
.should("exist")
})

Expand All @@ -41,7 +41,7 @@ describe("Check client_secret for OAuth2 Authorization Code flow with and withou
.contains("authorizationCode")
.get(".flow")
.contains("authorizationCode")
.get("#client_secret")
.get("#client_secret_authorizationCode")
.should("exist")
})
})
4 changes: 2 additions & 2 deletions test/e2e-cypress/e2e/features/oauth2-flows/application.cy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@ describe("OAuth2 Application flow", function() {
.click()

.get("div.modal-ux-content > div:nth-child(2)").within(() => {
cy.get("#client_id")
cy.get("#client_id_application")
.clear()
.type("confidentialApplication")

.get("#client_secret")
.get("#client_secret_application")
.clear()
.type("topSecret")

Expand Down
8 changes: 4 additions & 4 deletions test/e2e-cypress/e2e/features/oauth2-flows/password.cy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@ describe("OAuth2 Password flow", function() {
.get("#password_type")
.select("basic")

.get("#client_id")
.get("#client_id_password")
.clear()
.type("application")

.get("#client_secret")
.get("#client_secret_password")
.clear()
.type("secret")

Expand Down Expand Up @@ -75,11 +75,11 @@ describe("OAuth2 Password flow", function() {
.get("#password_type")
.select("request-body")

.get("#client_id")
.get("#client_id_password")
.clear()
.type("application")

.get("#client_secret")
.get("#client_secret_password")
.clear()
.type("secret")

Expand Down
4 changes: 2 additions & 2 deletions test/e2e-cypress/e2e/security/sequential-import-chaining.cy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ describe("Security: CSS Sequential Import Chaining", () => {
cy.visit("/?url=/documents/petstore-expanded.openapi.yaml")
.get(".scheme-container > .schemes > .auth-wrapper > .btn > span")
.click()
.get("div > div > .wrapper > .block-tablet > #client_id")
.get("div > div > .wrapper > .block-tablet > #client_id_implicit")
.clear()
.type("abc")
.should("not.have.attr", "value", "abc")
Expand Down Expand Up @@ -48,7 +48,7 @@ describe("Security: CSS Sequential Import Chaining", () => {
cy.visit("/?url=/documents/petstore.swagger.yaml")
.get(".scheme-container > .schemes > .auth-wrapper > .btn > span")
.click()
.get("div > div > .wrapper > .block-tablet > #client_id")
.get("div > div > .wrapper > .block-tablet > #client_id_implicit")
.clear()
.type("abc")
.should("not.have.attr", "value", "abc")
Expand Down

3 comments on commit 9a7c4c0

@omezirichard22
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[USCODE-2022-title2-chap5-sec181 (1).pdf](https://github.com/swagger-api/swagger-ui/files/13655898/USCODE-2022-title2-chap5-sec181.1.pdf)

@omezirichard22
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

USCODE-2022-title2-chap5-sec181 (1).pdf

@omezirichard22
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.