New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(signin.tsx): set type of built-in email sign-in input to "email" and add "required" attribute for browser validation #4352
Conversation
…to email for browse validation Currently, the built-in sign-in page has the wrong type (text) for the input for emails when using the magic link provider. Because of this a user can enter whatever they want in that input. By switching the type to be email we can make use of the browser provided validation and users will be forced to use properly formed emails addresses in order to sign-in.
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/nextauthjs/next-auth/EA2pfZwuVZ9dFnrcVKFJn76Sst8j |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch, yeah, I think we can also make it required. 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch 💚
@raulmarindev lets make it |
…n email input Currently, the built-in sign-in page doesn't have the required attribute for the input for emails when using the magic link provider. Because of this a user is able to submit the form without entering a value. By adding the "required" attribute we can make use of the browser provided validation and users will be forced to provide a value in order to sign-in.
@lluia Thank you both, I've added the required attribute |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice 💯
Reasoning 💡
Currently, the built-in sign-in page has the wrong type (text) for the input for emails when using
the magic link provider. Because of this, a user can enter whatever value they want in that input and click on the "Sign in with Email". By switching the type to be "email" we can make use of the browser-provided validation and users will be
forced to use properly formed emails addresses in order to sign in.
Additionally, the built-in sign-in page doesn't have the required attribute for the input for emails when using the magic link provider. Because of this, a user is able to submit the form without entering a value. By adding the "required" attribute we can make use of the browser-provided validation and users will be forced to provide a value in order to sign in.
Checklist 🧢
Affected issues 🎟