Merge branch 'totp-patch' into development

ssddanbrown · ssddanbrown · commit c9d9ad10f2d5 · 2024-03-10T18:32:02.000Z
diff --git a/resources/views/mfa/parts/verify-backup_codes.blade.php b/resources/views/mfa/parts/verify-backup_codes.blade.php
@@ -2,10 +2,11 @@
 
 <p class="small mb-m">{{ trans('auth.mfa_verify_backup_code_desc') }}</p>
 
-<form action="{{ url('/mfa/backup_codes/verify') }}" method="post">
+<form action="{{ url('/mfa/backup_codes/verify') }}" method="post" autocomplete="off">
     {{ csrf_field() }}
     <input type="text"
            name="code"
+           autocomplete="one-time-code"
            placeholder="{{ trans('auth.mfa_verify_backup_code_enter_here') }}"
            class="input-fill-width {{ $errors->has('code') ? 'neg' : '' }}">
     @if($errors->has('code'))
diff --git a/resources/views/mfa/parts/verify-totp.blade.php b/resources/views/mfa/parts/verify-totp.blade.php
@@ -2,10 +2,11 @@
 
 <p class="small mb-m">{{ trans('auth.mfa_verify_totp_desc') }}</p>
 
-<form action="{{ url('/mfa/totp/verify') }}" method="post">
+<form action="{{ url('/mfa/totp/verify') }}" method="post" autocomplete="off">
     {{ csrf_field() }}
     <input type="text"
            name="code"
+           autocomplete="one-time-code"
            autofocus
            placeholder="{{ trans('auth.mfa_gen_totp_provide_code_here') }}"
            class="input-fill-width {{ $errors->has('code') ? 'neg' : '' }}">
diff --git a/tests/Auth/MfaVerificationTest.php b/tests/Auth/MfaVerificationTest.php
@@ -57,6 +57,15 @@ public function test_totp_verification_fails_on_missing_invalid_code()
         $this->assertNull(auth()->user());
     }
 
+    public function test_totp_form_has_autofill_configured()
+    {
+        [$user, $secret, $loginResp] = $this->startTotpLogin();
+        $html = $this->withHtml($this->get('/mfa/verify'));
+
+        $html->assertElementExists('form[autocomplete="off"][action$="/verify"]');
+        $html->assertElementExists('input[autocomplete="one-time-code"][name="code"]');
+    }
+
     public function test_backup_code_verification()
     {
         [$user, $codes, $loginResp] = $this->startBackupCodeLogin();
@@ -138,6 +147,15 @@ public function test_backup_code_verification_shows_warning_when_limited_codes_r
         $resp->assertSeeText('You have less than 5 backup codes remaining, Please generate and store a new set before you run out of codes to prevent being locked out of your account.');
     }
 
+    public function test_backup_code_form_has_autofill_configured()
+    {
+        [$user, $codes, $loginResp] = $this->startBackupCodeLogin();
+        $html = $this->withHtml($this->get('/mfa/verify'));
+
+        $html->assertElementExists('form[autocomplete="off"][action$="/verify"]');
+        $html->assertElementExists('input[autocomplete="one-time-code"][name="code"]');
+    }
+
     public function test_both_mfa_options_available_if_set_on_profile()
     {
         $user = $this->users->editor();
