Fix critical security vulnerability in login forms and enhance test coverage

[Copilot]

Problem

The login and registration forms had a critical security vulnerability where password fields were using type="text" instead of type="password", causing passwords to be displayed in plain text instead of being masked. This violated basic security practices and user privacy expectations outlined in the login user stories.

Additionally, the login functionality lacked comprehensive test coverage, with only a single positive test case and no validation of security requirements or error handling scenarios.

Solution

🔐 Security Fix

Fixed password field vulnerability by changing input types from text to password in:

• templates/login.html - Login form password field
• templates/register.html - Registration form password and confirm password fields

Before Fix:

After Fix:

🧪 Enhanced Test Coverage

1. Expanded SeleniumBase tests (tests/test_login.py):

   • Added negative test cases for invalid username and password
   • Added password field masking verification
   • Added unauthenticated user redirect testing
   • Added error message validation
   • Added empty credentials handling

2. Added quick unit tests (tests/test_login_quick.py):

   • Flask test client-based tests for faster execution
   • Security validation tests
   • Database connectivity verification
   • All major login scenarios covered

Validation

• ✅ Security scan: CodeQL reports 0 vulnerabilities
• ✅ All tests pass: Both comprehensive SeleniumBase and quick unit tests
• ✅ User stories addressed: All three login user stories now fully covered
• ✅ Visual confirmation: Password fields properly masked in UI

User Stories Fulfilled

1. "As a user, I want to be able to log in with my username and password" - Validated with positive test cases
2. "As a user, I want to receive an error message if I enter incorrect credentials" - Added comprehensive error handling tests
3. "As a user, I want to shield the password I type in so that nobody can see it" - FIXED security vulnerability and added verification tests

This change ensures user passwords are protected and the login system is thoroughly tested across all scenarios.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/Coveros/Coveros%2FAIForTesters/languages
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Test login</issue_title>
<issue_description></issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes Coveros/AIForTesters#3

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.