Error class is set to wrong password element in accounts form.

Created on 23 November 2023, about 1 year ago
Updated 22 December 2023, 12 months ago

Problem/Motivation

If a user wants to change the password he/she needs to enter the current password as well in the user edit form. The current password undergoes the form validation and return with the proper error message. But if we check the the error class is added to the new password form element which is not causing it to fail.
After following the steps to reproduce you will notice the error class is added to the wrong element.
The problem is the with :-
$form_state->setErrorByName($field_name, $violation->getMessage()); in core/modules/user/src/AccountForm.php. What it does is that it set the error for all the elements whose names start with pass.

Steps to reproduce

1)Navigate to user-edit form.
2) Enter the wrong current password while keeping everything else correct.
3) Save the form.

Proposed resolution

Instead of $form_state->setErrorByName($field_name, $violation->getMessage()); in core/modules/user/src/AccountForm.php. use the setError method.

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

๐Ÿ› Bug report
Status

Needs work

Version

11.0 ๐Ÿ”ฅ

Component
User moduleย  โ†’

Last updated about 2 hours ago

Created by

Live updates comments and jobs are added and updated live.
  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @utkarsh_33
  • Merge request !5532Added the error class to correct element โ†’ (Open) created by utkarsh_33
  • Status changed to Needs review about 1 year ago
  • Status changed to Needs work about 1 year ago
  • ๐Ÿ‡บ๐Ÿ‡ธUnited States smustgrave

    Ran the test-only feature

    There was 1 failure:
    1) Drupal\Tests\user\Functional\UserPasswordResetTest::testFocusIsSetToCorrectPasswordElement
    Failed asserting that false is true.
    /builds/issue/drupal-3403612/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:121
    /builds/issue/drupal-3403612/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:55
    /builds/issue/drupal-3403612/core/modules/user/tests/src/Functional/UserPasswordResetTest.php:666
    /builds/issue/drupal-3403612/vendor/phpunit/phpunit/src/Framework/TestResult.php:728
    FAILURES!
    Tests: 13, Assertions: 322, Failures: 1.
    

    Tested manually as well on a standard install.
    Followed the steps where I went to edit my password
    I put the wrong password into the current field
    some test stuff in the new passsword field
    Clicked saved I do see the error but focus is not on the current password field

  • Status changed to Needs review about 1 year ago
  • ๐Ÿ‡ฎ๐Ÿ‡ณIndia srishtiiee

    Setting this back to NR as I manually tested the MR and the focus is indeed on the Current password field after clicking Save. @smustgrave Do you have any additional details/steps to reproduce the issue?

  • Status changed to Needs work about 1 year ago
  • ๐Ÿ‡บ๐Ÿ‡ธUnited States smustgrave

    Tested again and still focus is not on current password field
    On user edit form
    Input incorrect current password
    Add some new password + confirm password
    Click Save
    I see the error around the current password but focus isn't there.

    So looking at the code I don't see anything that actually puts focus there though, just setting an error. If that's what the ticket is addressing then title and issue summary could be updated, before/after screenshots too.

  • Status changed to Postponed: needs info about 1 year ago
  • ๐Ÿ‡ซ๐Ÿ‡ฎFinland lauriii Finland

    Is this about the focus handling or error styles? The issue summary is talking about focus handling but the MR is adding an error class. We don't have functionality in place that would refocus fields with server side validation errors.

  • Status changed to Needs review about 1 year ago
  • I added the reason explaining the the solution that i provided along with the problem with the current code.Hope it makes sense.

  • Status changed to Needs work about 1 year ago
  • ๐Ÿ‡บ๐Ÿ‡ธUnited States smustgrave

    Sorry but still not clear. Title and summary still talks about the focus, but MR seems to be fixing the error. Which is it suppose to be? Looking at this based on focus when there is an error focus is not on it.

  • Status changed to Needs review about 1 year ago
  • ๐Ÿ‡ฎ๐Ÿ‡ณIndia TanujJain-TJ

    The bug was reproducible on drupal 10.1 and 11. Tested and reviewed this MR manually which fixes the focus issue for current_password field. Attaching before and after screenshots for better clarity of this issue. changing the status to NR again.

    Before

    After

  • Status changed to Needs work about 1 year ago
  • ๐Ÿ‡บ๐Ÿ‡ธUnited States smustgrave

    Thatโ€™s an error but if you hit tab youโ€™re in the toolbar region so focus is not on the error field.

  • ๐Ÿ‡ฎ๐Ÿ‡ณIndia narendraR Jaipur, India

    Agree with @smustgrave, and I think this issue is only related to showing error class on correct form element.
    Added related tags.

  • Status changed to Needs review about 1 year ago
  • Agreed with @smustgrave and @narendraR. The issue summary was written correctly.I'm sorry for that.
    I have updated the summary and described the real problem.Marking it needs review once again.

  • Status changed to Needs work about 1 year ago
  • ๐Ÿ‡ฎ๐Ÿ‡ณIndia yash.rode pune

    Small suggestion regarding the current approach.

  • As we are splitting the accounts form in 3 different forms in Users could not find the Change password fields ๐Ÿ› Users could not find the Change password fields Needs review and this takes care of this edge case in the form validator for the newly created form, So I think if the above MR lands in first then this is not required.

Production build 0.71.5 2024