Optionally allow autocomplete in Horizon

Horizon disables password autocompletion by default. This causes problems for users who use password managers and want to store their Horizon credentials. This patch adds a variable that allows a deployer to override this default. Release notes are included. Change-Id: I8eaa5a1773e6f182c436b312f2733a21505a867c Closes-Bug: 1570505
2016-04-14 13:32:45 -05:00 · 2016-04-14 13:32:45 -05:00 · 8667dce5e1
commit 8667dce5e1
parent 22bc216771
3 changed files with 7 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -82,6 +82,7 @@ horizon_time_zone: UTC
 horizon_enforce_password_check: False
 horizon_disable_password_reveal: False
 horizon_enable_password_retrieve: False
+horizon_enable_password_autocomplete: False
 # If nova_libvirt_inject_password is set to True, then this can also be enabled:
 horizon_can_set_password: False
 horizon_enable_cinder_backup: False
--- a/releasenotes/notes/horizon-enable-password-autocomplete-5f8f78a6c8f1edb3.yaml
+++ b/releasenotes/notes/horizon-enable-password-autocomplete-5f8f78a6c8f1edb3.yaml
@ -0,0 +1,5 @@
+---
+security:
+  - Horizon disables password autocompletion in the browser by default, but
+    deployers can now enable autocompletion by setting
+    ``horizon_enable_password_autocomplete`` to ``True``.
--- a/templates/horizon_local_settings.py.j2
+++ b/templates/horizon_local_settings.py.j2
@ -94,7 +94,7 @@ OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ horizon_keystone_default_domain }}"

 # Turn off browser autocompletion for forms including the login form and
 # the database creation workflow if so desired.
-#HORIZON_CONFIG["password_autocomplete"] = "off"
+HORIZON_CONFIG["password_autocomplete"] = "{{ (horizon_enable_password_autocomplete | bool) | ternary('on','off') }}"

 # Setting this to True will disable the reveal button for password fields,
 # including on the login form.