From d9868dd49f055a24de10a56a6d4581ab1b319200 Mon Sep 17 00:00:00 2001 From: David Date: Mon, 12 Jan 2026 18:24:13 +0100 Subject: [PATCH] fix: prevent password fields from being pre-filled in profile page Fixed issue where password form fields (especially "New Password") were being pre-filled with values, either from browser autocomplete or residual form state. Changes: 1. Added explicit empty defaultValues to password form - currentPassword: '' - newPassword: '' - confirmPassword: '' 2. Added autoComplete attributes to prevent browser pre-fill: - currentPassword: autoComplete="current-password" - newPassword: autoComplete="new-password" - confirmPassword: autoComplete="new-password" 3. Added useEffect to reset password form when switching tabs: - Ensures clean state when navigating to "Change Password" tab - Prevents stale values from persisting 4. Explicit reset values on successful password change: - Previously used passwordForm.reset() without values - Now explicitly sets all fields to empty strings This ensures password fields are always empty and never pre-filled by the browser or by residual form state. Refs: apps/frontend/app/dashboard/profile/page.tsx:64-70,85-95 Co-Authored-By: Claude Sonnet 4.5 --- apps/frontend/app/dashboard/profile/page.tsx | 26 +++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/apps/frontend/app/dashboard/profile/page.tsx b/apps/frontend/app/dashboard/profile/page.tsx index 13249e2..1dee34b 100644 --- a/apps/frontend/app/dashboard/profile/page.tsx +++ b/apps/frontend/app/dashboard/profile/page.tsx @@ -63,6 +63,11 @@ export default function ProfilePage() { // Password form const passwordForm = useForm({ resolver: zodResolver(passwordSchema), + defaultValues: { + currentPassword: '', + newPassword: '', + confirmPassword: '', + }, }); // Update form values when user data loads @@ -77,6 +82,18 @@ export default function ProfilePage() { // eslint-disable-next-line react-hooks/exhaustive-deps }, [user]); + // Reset password form when switching to password tab + useEffect(() => { + if (activeTab === 'password') { + passwordForm.reset({ + currentPassword: '', + newPassword: '', + confirmPassword: '', + }); + } + // eslint-disable-next-line react-hooks/exhaustive-deps + }, [activeTab]); + // Update profile mutation const updateProfileMutation = useMutation({ mutationFn: (data: ProfileFormData) => { @@ -107,7 +124,11 @@ export default function ProfilePage() { onSuccess: () => { setSuccessMessage('Password updated successfully!'); setErrorMessage(''); - passwordForm.reset(); + passwordForm.reset({ + currentPassword: '', + newPassword: '', + confirmPassword: '', + }); setTimeout(() => setSuccessMessage(''), 3000); }, onError: (error: any) => { @@ -330,6 +351,7 @@ export default function ProfilePage() { {...passwordForm.register('currentPassword')} type="password" id="currentPassword" + autoComplete="current-password" className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent" /> {passwordForm.formState.errors.currentPassword && ( @@ -351,6 +373,7 @@ export default function ProfilePage() { {...passwordForm.register('newPassword')} type="password" id="newPassword" + autoComplete="new-password" className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent" /> {passwordForm.formState.errors.newPassword && ( @@ -376,6 +399,7 @@ export default function ProfilePage() { {...passwordForm.register('confirmPassword')} type="password" id="confirmPassword" + autoComplete="new-password" className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent" /> {passwordForm.formState.errors.confirmPassword && (