PR: Set autocomplete="off" for new auth fields (#30444)

* set autocomplete to off

* add comment

* update test

ui/app/components/auth/fields.hbs

@@ -6,7 +6,8 @@
 {{#each @loginFields as |field|}}
   {{#let field.name field.label field.helperText as |name label helperText|}}
     <Hds::Form::TextInput::Field
-      autocomplete={{this.setAutocomplete name}}
+      {{! For security, we do not support autocomplete at this time }}
+      autocomplete="off"
       @type={{this.setInputType name}}
       name={{name}}
       class="has-bottom-margin-m"

ui/app/components/auth/fields.ts

@@ -3,8 +3,6 @@
  * SPDX-License-Identifier: BUSL-1.1
  */
 
-// TODO pending feedback from the security team, we may keep autocomplete="off" for login fields
-
 import Component from '@glimmer/component';
 
 interface Args {
@@ -20,15 +18,4 @@ interface Field {
 export default class AuthFields extends Component<Args> {
   // token or password should render as "password" types, otherwise render text inputs
   setInputType = (field: string) => (['token', 'password'].includes(field) ? 'password' : 'text');
-
-  setAutocomplete = (fieldName: string) => {
-    switch (fieldName) {
-      case 'password':
-        return 'current-password';
-      case 'token':
-        return 'off';
-      default:
-        return fieldName;
-    }
-  };
 }

ui/tests/integration/components/auth/fields-test.js

@@ -72,10 +72,10 @@ module('Integration | Component | auth | fields', function (hooks) {
   test('it renders expected autocomplete values', async function (assert) {
     await this.renderComponent();
     const expectedValues = {
-      username: 'username',
-      role: 'role',
+      username: 'off',
+      role: 'off',
       token: 'off',
-      password: 'current-password',
+      password: 'off',
     };
 
     for (const field of this.loginFields) {