Skip to content

feat: add hidden email input to password reset form for password manager #2415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add hidden email input to password reset form for password manager #2415

wants to merge 2 commits into from

Conversation

HarshMN2345
Copy link
Member

@HarshMN2345 HarshMN2345 commented Sep 28, 2025
edited by coderabbitai bot
Loading

What does this PR do?

(Provide a description of what this PR does.)

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work.)

Related PRs and Issues

(If this PR is related to any other PR or resolves any issue or related to any issue link all related PR and issues here.)

Have you read the Contributing Guidelines on issues?

(Write your answer here.)

Summary by CodeRabbit

  • New Features
    • Email is auto-populated from the URL into an off-screen hidden email field (for credential helpers); it is not submitted with the form.
    • Autocomplete enabled for "New password" and "Confirm password" inputs (autocomplete="new-password").
    • Password fields now accept more flexible autocomplete behavior to better support different password managers.
    • No layout or navigation changes; existing password bindings and submission behavior remain unchanged.

@appwrite Appwrite
Copy link

appwrite bot commented Sep 28, 2025
edited
Loading

Console

Project ID: 688b7bf400350cbd60e9

Sites (2)
Site Status Logs Preview QR
 console-stage
688b7cf6003b1842c9dc		 Ready Ready View Logs Preview URL QR Code
 console-cloud
688b7c18002b9b871a8f		 Ready Ready View Logs Preview URL QR Code

Note

Appwrite has a Discord community with over 16 000 members.

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 28, 2025
edited
Loading

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

A userEmail variable is added and populated from the email URL parameter on mount. When userId and secret are present, a visually hidden email input bound to userEmail is rendered off-screen with autocomplete="username" for password managers and is excluded from form submission. Both password fields use autocomplete="new-password". In src/lib/elements/forms/inputPassword.svelte the exported prop autocomplete is changed to type boolean | string.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title succinctly describes the primary change of adding a hidden email input to the password reset form for password managers, uses a conventional commit prefix, and remains concise without extraneous noise, making the main intent immediately clear to any reviewer scanning the commit history.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix-SER-153-email-prefilled-forgot-password
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8324eb5 and 563b2bd.

📒 Files selected for processing (2)
  • src/lib/elements/forms/inputPassword.svelte (2 hunks)
  • src/routes/(public)/recover/+page.svelte (2 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/routes/(public)/recover/+page.svelte
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: build
  • GitHub Check: e2e
🔇 Additional comments (1)
src/lib/elements/forms/inputPassword.svelte (1)

13-54: Good handling of mixed autocomplete types.

Appreciate the union typing plus the explicit mapping to 'on'/'off', which makes the API friendlier for both boolean flags and concrete tokens like 'new-password' while keeping the DOM attribute valid.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@HarshMN2345 HarshMN2345 changed the title feat: add hidden email input to password reset form for password mana… feat: add hidden email input to password reset form for password manager Sep 28, 2025
@HarshMN2345 HarshMN2345 requested a review from Copilot September 28, 2025 17:55
Copilot
Copilot AI reviewed Sep 28, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a hidden email input field to the password reset form to improve password manager compatibility. Password managers typically need both username/email and password fields to properly detect and save credentials.

  • Adds a hidden email input field with proper accessibility attributes
  • Extracts email from URL parameters for the hidden field
  • Enables autocomplete on password inputs

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

src/routes/(public)/recover/+page.svelte Outdated
Comment on lines 97 to 104
autocomplete={true}
bind:value={password} />
<InputPassword
label="Confirm password"
placeholder="Confirm password"
id="confirm-password"
required={true}
autocomplete={true}
Copy link

Copilot AI Sep 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The autocomplete attribute should be a string value, not a boolean. For password fields, use 'new-password' for the new password field to indicate this is a password creation scenario.

Suggested change
autocomplete={true}
bind:value={password} />
<InputPassword
label="Confirm password"
placeholder="Confirm password"
id="confirm-password"
required={true}
autocomplete={true}
autocomplete="new-password"
bind:value={password} />
<InputPassword
label="Confirm password"
placeholder="Confirm password"
id="confirm-password"
required={true}
autocomplete="new-password"

Copilot uses AI. Check for mistakes.

@HarshMN2345 HarshMN2345 removed the request for review from ItzNotABug September 28, 2025 17:56
coderabbitai[bot]
coderabbitai bot reviewed Sep 28, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9e3b6c5 and cfbde63.

📒 Files selected for processing (1)
  • src/routes/(public)/recover/+page.svelte (2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: e2e
  • GitHub Check: build

@HarshMN2345 HarshMN2345 force-pushed the fix-SER-153-email-prefilled-forgot-password branch from 8324eb5 to 563b2bd Compare September 28, 2025 18:10
@HarshMN2345 HarshMN2345 requested a review from Copilot September 28, 2025 18:13
Copilot
Copilot AI reviewed Sep 28, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

src/routes/(public)/recover/+page.svelte
Comment on lines +82 to +89
<input
type="email"
name="email"
value={userEmail}
style="position: absolute; left: -9999px; opacity: 0; pointer-events: none;"
tabindex="-1"
autocomplete="username"
aria-hidden="true" />
Copy link

Copilot AI Sep 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Using inline styles for hiding elements is not recommended. Consider using CSS classes or data attributes for better maintainability and consistency with the project's styling approach.

Copilot uses AI. Check for mistakes.

src/lib/elements/forms/inputPassword.svelte
autofocus={autofocus || undefined}
autocomplete={autocomplete ? 'on' : 'off'}
autocomplete={typeof autocomplete === 'string'
? (autocomplete as HTMLInputElement['autocomplete'])
Copy link

Copilot AI Sep 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The type assertion as HTMLInputElement['autocomplete'] is unnecessary since TypeScript can infer the type when autocomplete is a string. Consider removing the type assertion for cleaner code.

Suggested change
? (autocomplete as HTMLInputElement['autocomplete'])
? autocomplete

Copilot uses AI. Check for mistakes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Copilot code review Copilot Copilot left review comments

@ItzNotABug ItzNotABug Awaiting requested review from ItzNotABug

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@HarshMN2345