Class: Plutonium::UI::Form::Components::Password
- Inherits:
-
Phlexi::Form::Components::Input
- Object
- Phlexi::Form::Components::Input
- Plutonium::UI::Form::Components::Password
- Defined in:
- lib/plutonium/ui/form/components/password.rb
Overview
Password / secret input that never emits the stored value into the DOM.
The generic Phlexi input renders value=field.dom.value, leaking the
server-side secret (and its length) into the page source. This component
instead renders a fixed SENTINEL whenever an untouched secret is
stored, masking both the secret and its length, and renders an empty
field otherwise.
On submit the sentinel maps back to nil, which Plutonium's param
extraction (submitted_resource_params) compacts away — leaving the
stored value untouched. An empty field passes through as "":
untouched field → sentinel submitted → nil → keep existing
emptied field → "" submitted → "" → explicit clear (clear-by-blank)
typed value → value submitted → value → set new value
On a failed re-render of an edited secret the field comes back blank
(we never echo a submitted secret). When the edit set a new value it is
also marked required, so the browser forces a re-type rather than a
silent blank resubmit clearing the stored secret. When the edit cleared
the value we leave it blank and not required — the clear may be intended
(clear-by-blank). Either guard is client-side UX only.
The rendered sentinel is guarded client-side by the password-sentinel
Stimulus controller: the first edit (keystroke, paste, backspace) wipes
the whole field, so a partial edit can't corrupt the sentinel into a
literal new password.
New records and interaction forms (set-password, reset-password) render an honest empty field that invites input and lets password managers offer to generate a strong password.
Constant Summary collapse
- SENTINEL =
Rendered in place of an existing secret. Masked in the UI; only ever visible (as this constant) in page source — never the real value.
"__plutonium_password_unchanged__"