8

I have this problem all the time in my rails apps and I still need the correct solution. Whenever a user edits their own record the password field is being populated. I suspect its Firefox as setting @user.password = nil in the edit action doesn't help.

The problem is the password confirmation isn't populated so validation fails due to a miss-match.

I've tried the following:

<%= f.label :password %>
<%= f.password_field :password, :value => "", :autofill => false, :class => 'max' %>

But that doesn't do it. I've also tried :autofill => 'off' which doesn't work either.

Does anybody have any suggestions? Thanks.

tsdbrown
  • 5,038
  • 3
  • 36
  • 40

5 Answers5

15

Set autocomplete="off" in the form and the input tags

<form name="blah" autocomplete="off">
<input type="password" autocomplete="off">
</form>
Eddy
  • 1,862
  • 12
  • 12
  • In Ruby for copy and paste lazy people like me: <%= form_for(user, :html => { autocomplete: "off" }) do |f| %> – Adam Waite Jun 12 '13 at 20:10
  • This solution does not work with old browsers, like ie7 or ie8 – Jorge Nov 06 '14 at 16:38
  • This doesn't work for me (chrome 47.0) but for more details see https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion – adc Jan 07 '16 at 12:56
2

The line f.password_field :password, :value => '' didn't work for me (on rails 3.1). Although I coud empty the field with f.password_field :password, :value => nil.

Regards

Federico M. Iachetti
  • 21
  • 1
1

There are two solutions:

  1. tell firefox not to fill those fields;

  2. give password field a different name from "password".

giorgian
  • 3,795
  • 1
  • 30
  • 48
  • 1
    1. I cannot control the user. 2. Great idea which I'm sure would work, however I would have to modify the password field in quite a few projects, some with AuthLogic, some with RA etc etc. – tsdbrown Oct 15 '09 at 08:36
0

The HTML options are in their own hash so the syntax should look like this

<%= f.password_field :password, { :value => '' } %>

This should replace the value attribute in the response HTML.

jamesc
  • 12,423
  • 15
  • 74
  • 113
triendeau
  • 61
  • 4
  • Thanks for the response although the syntax is perfectly valid as it is. The list of parameters after the method are still a hash without or without the brackets. Look at these examples: http://apidock.com/rails/ActionView/Helpers/FormHelper/password_field – tsdbrown Oct 15 '09 at 08:31
  • When last parameter is an hash, brackets are optional; neither mandatory nor forbidden. – giorgian Oct 15 '09 at 08:45
  • True enough, thanks for pointing out my own syntactic hangup. The :value => '' should be all that is needed though. – triendeau Oct 15 '09 at 18:34
  • Thank you! This should be marked as the correct answer (for Rails 3.2.x), because RoR's built in `<%= form_for(@model) do |f| %> ... ` does not accept `:autocomplete => "off"` directives. – cassi.lup Jul 10 '13 at 13:43
0

As a field option, you can pass it like this

<%= f.password_field :password, {:autocomplete =>"off"}  %>
AMTourky
  • 1,190
  • 13
  • 25