Merge branch '23767-disable-storing-of-sensitive-information' into 'master'

Fix disable storing of sensitive information when importing a new repo

Closes #23767

See merge request !8885

3 files changed, 22 insertions, 4 deletions

diff --git a/app/views/shared/_import_form.html.haml b/app/views/shared/_import_form.html.haml
index 65a3a6bddab..300022d4ad6 100644
--- a/app/views/shared/_import_form.html.haml
+++ b/app/views/shared/_import_form.html.haml
@@ -2,7 +2,7 @@
   = f.label :import_url, class: 'control-label' do
     %span Git repository URL
   .col-sm-10
-    = f.text_field :import_url, class: 'form-control', placeholder: 'https://username:password@gitlab.company.com/group/project.git', disabled: true
+    = f.text_field :import_url, autocomplete: 'off', class: 'form-control', placeholder: 'https://username:password@gitlab.company.com/group/project.git', disabled: true
 
     .well.prepend-top-20
       %ul
diff --git a/changelogs/unreleased/23767-disable-storing-of-sensitive-information.yml b/changelogs/unreleased/23767-disable-storing-of-sensitive-information.yml
new file mode 100644
index 00000000000..587ef4f9a73
--- /dev/null
+++ b/changelogs/unreleased/23767-disable-storing-of-sensitive-information.yml
@@ -0,0 +1,4 @@
+---
+title: Fix disable storing of sensitive information when importing a new repo
+merge_request: 8885
+author: Bernard Pietraga
diff --git a/spec/features/projects/new_project_spec.rb b/spec/features/projects/new_project_spec.rb
index abfc46601fb..b56e562b2b6 100644
--- a/spec/features/projects/new_project_spec.rb
+++ b/spec/features/projects/new_project_spec.rb
@@ -1,11 +1,13 @@
 require "spec_helper"
 
 feature "New project", feature: true do
-  context "Visibility level selector" do
-    let(:user) { create(:admin) }
+  let(:user) { create(:admin) }
 
-    before { login_as(user) }
+  before do
+    login_as(user)
+  end
 
+  context "Visibility level selector" do
     Gitlab::VisibilityLevel.options.each do |key, level|
       it "sets selector to #{key}" do
         stub_application_setting(default_project_visibility: level)
@@ -16,4 +18,16 @@ feature "New project", feature: true do
       end
     end
   end
+
+  context 'Import project options' do
+    before do
+      visit new_project_path
+    end
+
+    it 'does not autocomplete sensitive git repo URL' do
+      autocomplete = find('#project_import_url')['autocomplete']
+
+      expect(autocomplete).to eq('off')
+    end
+  end
 end