MIME-Version: 1.0
References: 
 <CAM9w-_mhLAoL3ZgY3w8SCH6WbSF=_11tU3Ueh-voAWkfgVZtVw@mail.gmail.com>
 <CA+OCxowteeh7yjQLToCGWPtFsqSKK10E3wX6o8k8i5Rub-DoGA@mail.gmail.com>
 <CAM9w-_mn7mBrAcpBqMayPPU-btXenfX5+YKmsp_8w5qFd0903w@mail.gmail.com>
In-Reply-To: 
 <CAM9w-_mn7mBrAcpBqMayPPU-btXenfX5+YKmsp_8w5qFd0903w@mail.gmail.com>
From: Dave Page <dpage@pgadmin.org>
Date: Mon, 10 Jun 2019 10:04:27 +0100
Message-ID: 
 <CA+OCxozgD-eUgFDKwkMjuUEt3v25PsEDpMX+Kkp2qKsSctzs2A@mail.gmail.com>
Subject: Re: [pgAdmin][RM4310] User can not connect to the Master Password
 with Enter button
To: Aditya Toshniwal <aditya.toshniwal@enterprisedb.com>
Cc: pgadmin-hackers <pgadmin-hackers@postgresql.org>
Content-Type: multipart/alternative; boundary="0000000000004cb70d058af47821"
Precedence: bulk

--0000000000004cb70d058af47821
Content-Type: text/plain; charset="UTF-8"

Hi

On Wed, Jun 5, 2019 at 1:39 PM Aditya Toshniwal <
aditya.toshniwal@enterprisedb.com> wrote:

> Hi,
>
> On Wed, Jun 5, 2019 at 4:48 PM Dave Page <dpage@pgadmin.org> wrote:
>
>> Hi
>>
>> On Wed, Jun 5, 2019 at 8:14 AM Aditya Toshniwal <
>> aditya.toshniwal@enterprisedb.com> wrote:
>>
>>> Hi Hackers,
>>>
>>> Attached is the patch to fix an issue where using browser autofills in
>>> alertify dialogs triggers the help page button (#4317).
>>> A workaround was added to master password dialog to avoid this, but that
>>> in turn disabled the 'OK' button tigger on pressing enter button. This is
>>> also fixed with this patch.(#4310)
>>>
>>
>> This isn't quite right. When the browser auto-fills the password, the OK
>> button remains disabled. I can hit enter though - however, I shouldn't be
>> able to do that when the OK button is disabled (being the default button on
>> the dialogue, it should respond to enter, unless another control which also
>> accepts enter has focus (e.g. a multiline text area).
>>
> The autofilled password appears as set, but it is actually not set to
> textbox unless you enter/click in the dropdown. We get the DOM element
> value as blank even if it appears filled. This is how chromium autofill
> behaves. Upon hitting enter the autofill value is set to the textbox and OK
> button is enabled.
>
>>
>> The OK button should be enabled - probably all the time, as the user
>> could have entered a blank password, and most systems won't prevent a user
>> from trying to use such a password.
>>
> I have made the changes to allow blank master password, plus enabling OK
> button always. Attached is the updated patch.
>

I think you've slightly mis-understood what I was trying to say.

- We should not allow a blank password.
- We should not disable the OK button at all.

My analogy was focussed on the fact that most systems never disable OK
buttons on login dialogues, as some of those systems (but not all of
course) may allow blank passwords.

-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

--0000000000004cb70d058af47821
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hi</div><br><div class=3D"gmail_quote"><div dir=3D"lt=
r" class=3D"gmail_attr">On Wed, Jun 5, 2019 at 1:39 PM Aditya Toshniwal &lt=
;<a href=3D"mailto:aditya.toshniwal@enterprisedb.com">aditya.toshniwal@ente=
rprisedb.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" styl=
e=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);paddin=
g-left:1ex"><div dir=3D"ltr"><div dir=3D"ltr"><div style=3D"font-family:ver=
dana,sans-serif">Hi,</div></div><br><div class=3D"gmail_quote"><div dir=3D"=
ltr" class=3D"gmail_attr">On Wed, Jun 5, 2019 at 4:48 PM Dave Page &lt;<a h=
ref=3D"mailto:dpage@pgadmin.org" target=3D"_blank">dpage@pgadmin.org</a>&gt=
; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px=
 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div di=
r=3D"ltr"><div>Hi</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" clas=
s=3D"gmail_attr">On Wed, Jun 5, 2019 at 8:14 AM Aditya Toshniwal &lt;<a hre=
f=3D"mailto:aditya.toshniwal@enterprisedb.com" target=3D"_blank">aditya.tos=
hniwal@enterprisedb.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,=
204);padding-left:1ex"><div dir=3D"ltr"><div style=3D"font-family:verdana,s=
ans-serif">Hi Hackers,<br clear=3D"all"></div><div style=3D"font-family:ver=
dana,sans-serif"><br></div><div style=3D"font-family:verdana,sans-serif">At=
tached is the patch to fix an issue where using browser autofills in alerti=
fy dialogs triggers the help page button (#4317).</div><div style=3D"font-f=
amily:verdana,sans-serif">A workaround was added to master password dialog =
to avoid this, but that in turn disabled the &#39;OK&#39; button tigger on =
pressing enter button. This is also fixed with this patch.(#4310)</div></di=
v></blockquote><div><br></div><div>This isn&#39;t quite right. When the bro=
wser auto-fills the password, the OK button remains disabled. I can hit ent=
er though - however, I shouldn&#39;t be able to do that when the OK button =
is disabled (being the default button on the dialogue, it should respond to=
 enter, unless another control which also accepts enter has focus (e.g. a m=
ultiline text area).</div></div></div></blockquote><div><span class=3D"gmai=
l_default" style=3D"font-family:verdana,sans-serif">The autofilled password=
=C2=A0</span><span style=3D"font-family:verdana,sans-serif">appears as set,=
 but it is actually not<span class=3D"gmail_default" style=3D"font-family:v=
erdana,sans-serif"></span></span><span style=3D"font-family:verdana,sans-se=
rif">=C2=A0set to textbox unless you enter/click in the dropdown.<span clas=
s=3D"gmail_default" style=3D"font-family:verdana,sans-serif"> We get the DO=
M element value as blank even if it appears filled. This is how chromium au=
tofill behaves. Upon hitting enter the autofill value is set to the textbox=
 and OK button is enabled.</span></span></div><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,20=
4);padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_quote"><div><br><=
/div><div>The OK button should be enabled - probably all the time, as the u=
ser could have entered a blank password, and most systems won&#39;t prevent=
 a user from trying to use such a password.</div></div></div></blockquote><=
div style=3D"font-family:verdana,sans-serif">I have made the changes to all=
ow blank master password, plus enabling OK button always. Attached is the u=
pdated patch.</div></div></div></blockquote><div><br></div><div>I think you=
&#39;ve slightly mis-understood what I was trying to say.</div><div><br></d=
iv><div>- We should not allow a blank password.</div><div>- We should not d=
isable the OK button at all.</div><div><br></div><div>My analogy was focuss=
ed on the fact that most systems never disable OK buttons on login dialogue=
s, as some of those systems (but not all of course) may allow blank passwor=
ds.</div><div>=C2=A0</div></div>-- <br><div dir=3D"ltr" class=3D"gmail_sign=
ature">Dave Page<br>Blog: <a href=3D"http://pgsnake.blogspot.com" target=3D=
"_blank">http://pgsnake.blogspot.com</a><br>Twitter: @pgsnake<br><br>Enterp=
riseDB UK: <a href=3D"http://www.enterprisedb.com" target=3D"_blank">http:/=
/www.enterprisedb.com</a><br>The Enterprise PostgreSQL Company<br></div></d=
iv>

--0000000000004cb70d058af47821--