use HTML5 autocomplete values to better handle password managers

passbook/core/forms/authentication.py

@@ -81,8 +81,6 @@ class SignUpForm(forms.Form):
         password_repeat = self.cleaned_data.get('password_repeat')
         if password != password_repeat:
             raise ValidationError(_("Passwords don't match"))
-        # TODO: Password policy? Via Plugin? via Policy?
-        # return check_password(self)
         return self.cleaned_data.get('password_repeat')
 
 
@@ -91,5 +89,6 @@ class PasswordFactorForm(forms.Form):
 
     password = forms.CharField(widget=forms.PasswordInput(attrs={
         'placeholder': _('Password'),
-        'autofocus': 'autofocus'
+        'autofocus': 'autofocus',
+        'autocomplete': 'current-password'
         }))

passbook/core/forms/users.py

@@ -22,10 +22,14 @@ class PasswordChangeForm(forms.Form):
     """Form to update password"""
 
     password = forms.CharField(label=_('Password'),
-                               widget=forms.PasswordInput(attrs={'placeholder': _('New Password')}))
+                               widget=forms.PasswordInput(attrs={
+                                   'placeholder': _('New Password'),
+                                   'autocomplete': 'new-password'
+                                   }))
     password_repeat = forms.CharField(label=_('Repeat Password'),
                                       widget=forms.PasswordInput(attrs={
-                                          'placeholder': _('Repeat Password')
+                                          'placeholder': _('Repeat Password'),
+                                          'autocomplete': 'new-password'
                                       }))
 
     def clean_password_repeat(self):
@@ -34,5 +38,4 @@ class PasswordChangeForm(forms.Form):
         password_repeat = self.cleaned_data.get('password_repeat')
         if password != password_repeat:
             raise ValidationError(_("Passwords don't match"))
-        # TODO: Password policy check
         return self.cleaned_data.get('password_repeat')

passbook/core/views/user.py

@@ -46,6 +46,7 @@ class UserChangePasswordView(FormView):
 
     def form_valid(self, form: PasswordChangeForm):
         try:
+            # user.set_password checks against Policies so we don't need to manually do it here
             self.request.user.set_password(form.cleaned_data.get('password'))
             self.request.user.save()
             update_session_auth_hash(self.request, self.request.user)