feat(security): #312 disable autofill for PII information

2024-12-12 20:59:36 +01:00
parent 380dd979f6
commit 6a8294e27c
4 changed files with 71 additions and 23 deletions
--- a/template/auth/change_password.templ
+++ b/template/auth/change_password.templ
@@ -15,11 +15,29 @@ templ ChangePasswordComp(isPasswordReset bool) {
 		</h2>
 		if !isPasswordReset {
 			<label class="input input-bordered flex items-center gap-2">
-				<input type="password" class="grow" placeholder="Current Password" name="current-password"/>
+				<input
+					type="password"
+					class="grow"
+					placeholder="Current Password"
+					name="current-password"
+					spellcheck="false"
+					autocomplete="off"
+					autocorrect="off"
+					autocapitalize="off"
+				/>
 			</label>
 		}
 		<label class="input input-bordered flex items-center gap-2">
-			<input type="password" class="grow" placeholder="New Password" name="new-password"/>
+			<input
+				type="password"
+				class="grow"
+				placeholder="New Password"
+				name="new-password"
+				spellcheck="false"
+				autocomplete="off"
+				autocorrect="off"
+				autocapitalize="off"
+			/>
 		</label>
 		<button class="btn btn-primary self-end">
 			Change Password
--- a/template/auth/delete_account.templ
+++ b/template/auth/delete_account.templ
@@ -13,7 +13,16 @@ templ DeleteAccountComp() {
 			Are you sure you want to delete your account? This action is irreversible.
 		</p>
 		<label class="input input-bordered flex items-center gap-2">
-			<input type="password" class="grow" placeholder="Password" name="password"/>
+			<input
+				type="password"
+				class="grow"
+				placeholder="Password"
+				name="password"
+				spellcheck="false"
+				autocomplete="off"
+				autocorrect="off"
+				autocapitalize="off"
+			/>
 		</label>
 		<button class="btn btn-error self-end">
 			Delete Account
--- a/template/auth/reset_password.templ
+++ b/template/auth/reset_password.templ
@@ -10,7 +10,16 @@ templ ResetPasswordComp() {
 			Reset Password
 		</h2>
 		<label class="input input-bordered flex items-center gap-2">
-			<input type="email" class="grow" placeholder="E-Mail" name="email"/>
+			<input
+				type="email"
+				class="grow"
+				placeholder="E-Mail"
+				name="email"
+				spellcheck="false"
+				autocomplete="off"
+				autocorrect="off"
+				autocapitalize="off"
+			/>
 		</label>
 		<button class="btn btn-primary self-end">
 			Request Password Reset
--- a/template/auth/sign_in_or_up.templ
+++ b/template/auth/sign_in_or_up.templ
@@ -1,14 +1,18 @@
 package auth

 templ SignInOrUpComp(isSignIn bool) {
+	{{
+var postUrl string
+if isSignIn {
+	postUrl = "/api/auth/signin"
+} else {
+	postUrl = "/api/auth/signup"
+}
+	}}
 	<form
 		class="max-w-xl px-2 mx-auto flex flex-col gap-4 h-full justify-center"
 		hx-target="#sign-in-or-up-error"
-		if isSignIn {
-			hx-post="/api/auth/signin"
-		} else {
-			hx-post="/api/auth/signup"
-		}
+		hx-post={ postUrl }
 	>
 		<h2 class="text-6xl mb-10">
 			if isSignIn {
@@ -18,12 +22,7 @@ templ SignInOrUpComp(isSignIn bool) {
 			}
 		</h2>
 		<label class="input input-bordered flex items-center gap-2">
-			<svg
-				xmlns="http://www.w3.org/2000/svg"
-				viewBox="0 0 16 16"
-				fill="currentColor"
-				class="h-4 w-4 opacity-70"
-			>
+			<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" fill="currentColor" class="h-4 w-4 opacity-70">
 				<path
 					d="M2.5 3A1.5 1.5 0 0 0 1 4.5v.793c.026.009.051.02.076.032L7.674 8.51c.206.1.446.1.652 0l6.598-3.185A.755.755 0 0 1 15 5.293V4.5A1.5 1.5 0 0 0 13.5 3h-11Z"
 				></path>
@@ -31,22 +30,35 @@ templ SignInOrUpComp(isSignIn bool) {
 					d="M15 6.954 8.978 9.86a2.25 2.25 0 0 1-1.956 0L1 6.954V11.5A1.5 1.5 0 0 0 2.5 13h11a1.5 1.5 0 0 0 1.5-1.5V6.954Z"
 				></path>
 			</svg>
-			<input type="text" class="grow" placeholder="Email" name="email"/>
+			<input
+				type="text"
+				class="grow"
+				placeholder="Email"
+				name="email"
+				spellcheck="false"
+				autocomplete="off"
+				autocorrect="off"
+				autocapitalize="off"
+			/>
 		</label>
 		<label class="input input-bordered flex items-center gap-2">
-			<svg
-				xmlns="http://www.w3.org/2000/svg"
-				viewBox="0 0 16 16"
-				fill="currentColor"
-				class="h-4 w-4 opacity-70"
-			>
+			<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" fill="currentColor" class="h-4 w-4 opacity-70">
 				<path
 					fill-rule="evenodd"
 					d="M14 6a4 4 0 0 1-4.899 3.899l-1.955 1.955a.5.5 0 0 1-.353.146H5v1.5a.5.5 0 0 1-.5.5h-2a.5.5 0 0 1-.5-.5v-2.293a.5.5 0 0 1 .146-.353l3.955-3.955A4 4 0 1 1 14 6Zm-4-2a.75.75 0 0 0 0 1.5.5.5 0 0 1 .5.5.75.75 0 0 0 1.5 0 2 2 0 0 0-2-2Z"
 					clip-rule="evenodd"
 				></path>
 			</svg>
-			<input type="password" class="grow" placeholder="Password" name="password"/>
+			<input
+				type="password"
+				class="grow"
+				placeholder="Password"
+				name="password"
+				spellcheck="false"
+				autocomplete="off"
+				autocorrect="off"
+				autocapitalize="off"
+			/>
 		</label>
 		<div class="flex justify-end items-center gap-2">
 			if isSignIn {