-
Type:
Bug
-
Status: Resolution Setting
-
Priority:
Medium
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: BenAdmin
-
Labels:None
-
Environment:Production
-
Bug Type:Functional
-
Bug Severity:Medium
-
Level:Admin
-
Module:BenAdmin - Security
-
Reported by:Harbinger
-
Company:All Clients/Multiple Clients
-
Item State:LB QA - Ready for Stage
Environment: Production
Login: Company admin
Page: Change Password Password
Browser: Fire fox
Admin login > Change Password > New Password field is auto filled
screen capture for the same is attached with jira.
| Attachment | Screenshot (6).png [ 67611 ] |
| Summary | roduction | Firefox | Change password | Admin Login | UserId is populating with Security question answer | Production | Firefox | Change password | Admin Login | UserId is populating with Security question answer |
-
- Time Spent:
- 2h
-
Analysis and trial error for this issue.
Checked Auto-complete on all the browsers
Unit Test
| Status | Open [ 1 ] | In Development [ 10007 ] |
| Item State | Parent values: Development(10200)Level 1 values: In Analysis(10204) |
Hi Swapnil Pandhare,
Analysis done. Follwing are the solution tried on local;
1: Added 'readonly' on document.ready -NOT WORKED
2: Disabled fields until we load whole page -NOT WORKED
Not able fix this issue as Chrome Browser auto-fills saved password on double click on that password field.
Thanks,
Niteen S.
| Assignee | Niteen Surwase [ niteen.surwase ] | Swapnil Pandhare [ swapnil.pandhare ] |
-
- Time Spent:
- 2h
-
Analysis & Discussion with Priya, Niteen, Samir
Sudhir Kalikate (Inactive)
made changes -
| Assignee | Swapnil Pandhare [ swapnil.pandhare ] | Sudhir Kalikate [ sudhir.kalikate ] |
Sudhir Kalikate (Inactive)
logged work - 17/Nov/17 05:03 AM -
- Time Spent:
- 8h
-
Discussion with Niteen and Priya.
Check code and unit testing.
Reproduced and Made code changes.
Sudhir Kalikate (Inactive)
made changes -
| Attachment | WT-12126 Description.odt [ 67997 ] |
Hi Satya,
I did some analysis on this. Tried multiple solutions on local and stage.
Please refer document [WT-12126 Description.odt] on the analysis.
WT-12126 Description.odt
.
Note: This is chrome browser specific issue and reproduced some times on Stage and Production.
Thanks,
Sudhir Kalikate
Cc : Swapnil Pandhare
Sudhir Kalikate (Inactive)
added a comment - - edited Hi Satya ,
I did some analysis on this. Tried multiple solutions on local and stage.
Please refer document [WT-12126 Description.odt] on the analysis.
WT-12126 Description.odt .
Note: This is chrome browser specific issue and reproduced some times on Stage and Production.
Thanks,
Sudhir Kalikate
Cc : Swapnil Pandhare
Sudhir Kalikate (Inactive)
logged work - 18/Nov/17 05:04 AM -
- Time Spent:
- 4h
-
Tried with multiple solutions.
| Remaining Estimate | 24h [ 86400 ] | |
| Original Estimate | 24h [ 86400 ] |
| Remaining Estimate | 24h [ 86400 ] | 22h [ 79200 ] |
| Time Spent | 2h [ 7200 ] | |
| Worklog Id | 91514 [ 91514 ] |
| Assignee | Sudhir Kalikate [ sudhir.kalikate ] | Niteen Surwase [ niteen.surwase ] |
Gaurav Sodani (Inactive)
made changes -
| Item State | Parent values: Development(10200)Level 1 values: In Analysis(10204) | Parent values: Development(10200)Level 1 values: On Hold(10207) |
We have tried various solutions but it did not worked for all the browsers (Either worked for Chrome or Firefox).
We don't have control over all of our user's browsers to change their autocomplete/suggest settings.
So, we can't disable these setting for Chrome and for other browsers.
As per below Chrome official links. We can not do anything for the autocomplete setting. Its up to the user to use/not use it.
Chrome Official autocomplete tickets:
https://bugs.chromium.org/p/chromium/issues/detail?id=587466
https://bugs.chromium.org/p/chromium/issues/detail?id=352347
Thanks,
Cc: Satya
-
- Time Spent:
- 4h
-
Analysis , debugging and discussion
-
- Time Spent:
- 8.15h
-
Analysis of Change Password Issue.
Trial and Error various solution
R & D for auto-complete
| Remaining Estimate | 22h [ 79200 ] | 13.85h [ 49860 ] |
| Time Spent | 2h [ 7200 ] | 10.15h [ 36540 ] |
| Worklog Id | 93121 [ 93121 ] |
| Remaining Estimate | 13.85h [ 49860 ] | 11.85h [ 42660 ] |
| Time Spent | 10.15h [ 36540 ] | 12.15h [ 43740 ] |
| Worklog Id | 93138 [ 93138 ] |
-
- Time Spent:
- 3h
-
Dummy field scenario checking
Unit Testing
| Remaining Estimate | 11.85h [ 42660 ] | 8.85h [ 31860 ] |
| Time Spent | 12.15h [ 43740 ] | 15.15h [ 54540 ] |
| Worklog Id | 93302 [ 93302 ] |
| Item State | Parent values: Development(10200)Level 1 values: On Hold(10207) | Parent values: Development(10200)Level 1 values: Ready for Review(10208) |
We have done with changes using dummy field. We have set dummy field's visibility as hidden. We are just avoiding secret answer saving to tackle the security concern.
Please review these changes.
Following URL shows browsers scope for visibility of dummy field :
URL : https://www.w3schools.com/jsref/prop_style_visibility.asp
Concern : Browser displays secret answer in Change Password page. (Browsers uses Autocomplete feature)
Cause : In EE workflow, when user change password with secret answers then browser considers field which is above Password field (Secret Answer) and saves. (Browser uses Autocomplete feature)
Correction : We have added dummy hidden field above the password field to save in Autocomplete feature as username.
Now browser considers dummy field as username to save through Autocomplete feature. So, Browser will not show secret answer anyhow.
Thanks,
Niteen S.
Cc: Satya
-
- Time Spent:
- 5.5h
-
Coding for Change Password AutoComplete issue
Unit Testing
Discussion with Swapnil
Code Review Patching
| Remaining Estimate | 8.85h [ 31860 ] | 3.35h [ 12060 ] |
| Time Spent | 15.15h [ 54540 ] | 20.65h [ 74340 ] |
| Worklog Id | 93570 [ 93570 ] |
| Remaining Estimate | 3.35h [ 12060 ] | 0h [ 0 ] |
| Time Spent | 20.65h [ 74340 ] | 24.65h [ 88740 ] |
| Worklog Id | 93817 [ 93817 ] |
Sudhir Kalikate (Inactive)
made changes -
| Time Spent | 24.65h [ 88740 ] | 32.65h [ 117540 ] |
| Worklog Id | 94631 [ 94631 ] |
Sudhir Kalikate (Inactive)
made changes -
| Time Spent | 32.65h [ 117540 ] | 36.65h [ 131940 ] |
| Worklog Id | 94632 [ 94632 ] |
This changes has been done and checked-in on trunk and LB as Its parent ticket WT-12109 is approved for LB.
Thanks,
Niteen S.
Cc: Satya Gaurav Sodani
| Item State | Parent values: Development(10200)Level 1 values: Ready for Review(10208) | Parent values: Development(10200)Level 1 values: On Hold(10207) |
Priya Dhamande This changes will be deployed on LB with next LB build. Please verify once it'll deploy on LB.
| Assignee | Niteen Surwase [ niteen.surwase ] | Priya Dhamande [ priya.dhamande ] |
-
- Time Spent:
- 4.5h
-
Coding for Change password
Full length Unit Testing
Check-in on Trunt, UIRefresh and LB
Khandu Kshirsagar (Inactive)
made changes -
| Item State | Parent values: Development(10200)Level 1 values: On Hold(10207) | Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) |
| Time Spent | 36.65h [ 131940 ] | 41.15h [ 148140 ] |
| Worklog Id | 95435 [ 95435 ] |
| Assignee | Priya Dhamande [ priya.dhamande ] | Jayshree Nagpure [ jayshree.nagpure ] |
Jayshree Nagpure (Inactive)
made changes -
| Status | In Development [ 10007 ] | Local Testing [ 10200 ] |
Jayshree Nagpure (Inactive)
made changes -
| Item State | Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) | Parent values: LB QA(10201)Level 1 values: In Testing(10210) |
Environment: LB
Login: Partner, Employee and Company Admin
Company: For QA KinderCare and For QA-FDU-Azure
Browser: Chrome
Pages: Change Password, Login page, Forgot password
The issue of Password getting retained on browsers is verified on LB for mentioned pages. All the attached scenarios worked as expected.
So, moving the jira on Ready for stage
Jayshree Nagpure (Inactive)
added a comment - Environment: LB
Login: Partner, Employee and Company Admin
Company: For QA KinderCare and For QA-FDU-Azure
Browser: Chrome
Pages: Change Password, Login page, Forgot password
The issue of Password getting retained on browsers is verified on LB for mentioned pages. All the attached scenarios worked as expected.
So, moving the jira on Ready for stage Jayshree Nagpure (Inactive)
made changes -
| Attachment | TestCase_LoginPage.xls [ 70366 ] |
Jayshree Nagpure (Inactive)
made changes -
| Item State | Parent values: LB QA(10201)Level 1 values: In Testing(10210) | Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) |
Jayshree Nagpure (Inactive)
made changes -
| Time Spent | 41.15h [ 148140 ] | 45.15h [ 162540 ] |
| Worklog Id | 96873 [ 96873 ] |
Sachin Hingole (Inactive)
made changes -
| Resolution | Done [ 10000 ] | |
| Status | In LB Testing [ 10200 ] | Resolution Setting [ 11616 ] |
| Transition | Time In Source Status | Execution Times |
|---|
|
1d 12h 48m | 1 |
Jayshree Nagpure (Inactive)
made transition
-
|
33d 8h 38m | 1 |
Sachin Hingole (Inactive)
made transition
-
|
127d 20h 4m | 1 |
.png){kind=link}
The issue is applicable for Admin Change password and mployee Change Password Page with Company admin login.
Hrishikesh Deshpande