Prevent autocomplete on username & password fields

[gavingmiller]

When gocd has authentication enabled, these two fields are auto-populated
with the gocd username and password. As a result credentials can be
submitted that shouldn't be and a user's gocd account inadvertently
compromised.

[ashwanthkumar]

I don't have much experience on working with HTML across browsers. I was just googling about this change, and found the following resources

• https://stackoverflow.com/a/43784451/1058334
• https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields

These sites suggest against using autocomplete="off". Do you've some inputs? Forgive me if I've misunderstood something.

[gavingmiller]

😢 looks like autocomplete="new-password" is a potentially solution. I'll give that a try and update the PR if it works.

[gavingmiller]

@ashwanthkumar I've updated the pull request with the suggested solution from https://stackoverflow.com/a/30976223/33226. I'll test locally with my users tomorrow and let you know if it's successful or not. The solution only works for Chrome & not Firefox unfortunately.

[gavingmiller]

Tested & confirmed that autocomplete=new-password will not autofill username & password (in Chrome.)

[ashwanthkumar]

👍 Thank you @gavingmiller

[ashwanthkumar]

I'll cut a release with these changes soon.