devpi-admin 1.4.5__tar.gz → 1.4.7__tar.gz

{devpi_admin-1.4.5 → devpi_admin-1.4.7}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devpi-admin
-Version: 1.4.5
+Version: 1.4.7
 Summary: Modern web UI plugin for devpi-server — drop-in replacement for devpi-web
 Author-email: Pavel Revak <pavelrevak@gmail.com>
 License: MIT

{devpi_admin-1.4.5 → devpi_admin-1.4.7}/devpi_admin/_version.py

@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
 commit_id: str | None
 __commit_id__: str | None
 
-__version__ = version = '1.4.5'
-__version_tuple__ = version_tuple = (1, 4, 5)
+__version__ = version = '1.4.7'
+__version_tuple__ = version_tuple = (1, 4, 7)
 
-__commit_id__ = commit_id = 'gf67cf0f00'
+__commit_id__ = commit_id = 'g609f18017'

{devpi_admin-1.4.5 → devpi_admin-1.4.7}/devpi_admin/static/css/style.css

@@ -1313,6 +1313,19 @@ body {
     font-family: inherit;
 }
 
+/* Offscreen but real — Safari ignores display:none username fields
+   when deciding whether to offer AutoFill / password generation.
+   Selector must out-rank `.modal-body input[type="text"]` above. */
+.modal-body input.offscreen-input,
+.offscreen-input {
+    position: absolute;
+    left: -9999px;
+    width: 1px;
+    height: 1px;
+    opacity: 0;
+    pointer-events: none;
+}
+
 .modal-body select:not(.tag-picker-add) {
     width: 100%;
     height: 36px;

{devpi_admin-1.4.5 → devpi_admin-1.4.7}/devpi_admin/static/js/app.js

@@ -2637,39 +2637,71 @@
         openModal(
             isEdit ? 'Edit User: ' + editName : 'New User',
             function (body) {
+                // A real <form> is required — Safari only offers
+                // strong-password generation for password fields inside
+                // a form (and only over HTTPS).
+                var form = el('form', {id: 'user-form'});
+                form.addEventListener('submit', function (e) {
+                    e.preventDefault();
+                    submitUserModal(editName);
+                });
                 if (!isEdit) {
-                    body.appendChild(formGroup('Username', el('input', {type: 'text', id: 'form-username'})));
+                    var userInput = el('input', {type: 'text', id: 'form-username'});
+                    // Keep the browser from pairing this with the masked
+                    // field below as a login form (saved-creds autofill).
+                    userInput.setAttribute('autocomplete', 'off');
+                    userInput.setAttribute('spellcheck', 'false');
+                    userInput.setAttribute('autocapitalize', 'off');
+                    form.appendChild(formGroup('Username', userInput));
                 }
-                body.appendChild(formGroup('Email', el('input', {
+                form.appendChild(formGroup('Email', el('input', {
                     type: 'email',
                     id: 'form-email',
                     value: (editInfo && editInfo.email) || '',
                 })));
-                var isSelf = isEdit && editName === Api.getUser();
-                // Hidden username input so browser associates saved password correctly
-                if (isSelf) {
-                    var hiddenUser = el('input', {type: 'text', id: 'form-hidden-username'});
-                    hiddenUser.setAttribute('autocomplete', 'username');
-                    hiddenUser.setAttribute('aria-hidden', 'true');
-                    hiddenUser.style.display = 'none';
+                // Hidden username input so a browser save prompt (if any)
+                // is associated with the TARGET account. Without it Chrome
+                // guesses the username — typically the admin's own saved
+                // login — and saving would overwrite the admin's entry.
+                // Offscreen instead of display:none — Safari skips
+                // display:none fields when wiring up its AutoFill.
+                var hiddenUser = el('input', {
+                    type: 'text',
+                    id: 'form-hidden-username',
+                    name: 'username',
+                    className: 'offscreen-input',
+                });
+                hiddenUser.setAttribute('autocomplete', 'username');
+                hiddenUser.setAttribute('aria-hidden', 'true');
+                hiddenUser.setAttribute('tabindex', '-1');
+                if (isEdit) {
                     hiddenUser.value = editName;
-                    body.appendChild(hiddenUser);
-                }
-                var pwInput;
-                if (isSelf) {
-                    // Own password: type="password" + autocomplete so browser offers to save
-                    pwInput = el('input', {type: 'password', id: 'form-password'});
-                    pwInput.setAttribute('autocomplete', 'new-password');
-                } else {
-                    // Other user: plain text — Safari won't offer to save text fields
-                    pwInput = el('input', {type: 'text', id: 'form-password'});
-                    pwInput.setAttribute('autocomplete', 'off');
-                    pwInput.setAttribute('spellcheck', 'false');
+                } else if (userInput) {
+                    // Create flow: mirror the typed username
+                    userInput.addEventListener('input', function () {
+                        hiddenUser.value = userInput.value;
+                    });
                 }
-                body.appendChild(formGroup(
+                form.appendChild(hiddenUser);
+                // Real password input: masked, and Safari/Chrome offer to
+                // GENERATE a strong password ("new-password" also keeps the
+                // saved-credentials autofill out of the dropdown). Any save
+                // prompt is anchored to the hidden username above, so the
+                // admin's own keychain entry is never overwritten.
+                var pwInput = el('input', {
+                    type: 'password',
+                    id: 'form-password',
+                    name: 'password',
+                });
+                pwInput.setAttribute('autocomplete', 'new-password');
+                form.appendChild(formGroup(
                     isEdit ? 'New Password (leave empty to keep)' : 'Password',
                     pwInput
                 ));
+                // Hidden submit button enables implicit submission
+                // (Enter key) for a multi-field form.
+                form.appendChild(el('button', {type: 'submit', hidden: true}));
+                body.appendChild(form);
             },
             [
                 el('button', {
@@ -2713,12 +2745,15 @@
         var method = isEdit ? Api.patch : Api.put;
         method(url, data)
             .then(function () {
-                if (password && isEdit && editName === Api.getUser()) {
-                    // Own password — trigger "Save Password" before closing modal
+                if (password) {
+                    // Browsers only offer to save credentials on a real
+                    // form navigation — SPA DOM changes never trigger it.
+                    // The fake POST carries the TARGET username, so the
+                    // prompt saves a separate entry for that account.
                     closeModal();
-                    _triggerPasswordSave(editName, password, 'users');
+                    _triggerPasswordSave(
+                        isEdit ? editName : username, password, 'users');
                 } else {
-                    // Other user — wipe field value before close so browser has nothing to save
                     if (passwordEl) passwordEl.value = '';
                     closeModal();
                 }

{devpi_admin-1.4.5 → devpi_admin-1.4.7}/devpi_admin.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devpi-admin
-Version: 1.4.5
+Version: 1.4.7
 Summary: Modern web UI plugin for devpi-server — drop-in replacement for devpi-web
 Author-email: Pavel Revak <pavelrevak@gmail.com>
 License: MIT