Make links in the login page visually obvious

[oussama-taoufiq]

Page / Screen Title
Defect Dojo login
Page URL / Screen ID
https://demo.defectdojo.org
Error Title
Creating links that are not visually evident without color vision
Error Severity
Serious
Status
Fail
Accessibility Issue
[Description of issue] "I forgot my password" and "I forgot my username" are links without underline and its not visually evident without color vision.

[Impact on users] Users may not know that they are links and can be misleading.

[Pattern] Within the login page.

[Sample of code] I forgot my password

Remediation
[Recommendation]
Please remove styles on the hyperlinks so that it is visually easy to know that its an hyperlink.

[Additional Resources]
https://www.w3.org/WAI/WCAG21/Techniques/failures/F73
https://www.w3.org/WAI/WCAG21/Techniques/general/G182

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on cosmetic changes to the login template's "forgot password" and "forgot username" links while emphasizing the importance of reviewing the authentication system's security implementation across multiple providers.

Expand for full summary

Summary:

The provided code changes are focused on modifying the appearance of the "I forgot my password" and "I forgot my username" links in the Django template file dojo/templates/dojo/login.html. While these changes are primarily cosmetic, it's important to review the overall implementation of the login functionality and the integration with various authentication providers from a security perspective.

From a security standpoint, the changes do not introduce any obvious vulnerabilities. However, it's crucial to ensure that the password reset and username retrieval processes do not reveal sensitive information that could be used by an attacker, and that these functionalities are properly rate-limited and authenticated to prevent unauthorized access. Additionally, the implementation of the various authentication providers (Google, OKTA, Azure AD, GitLab, Auth0, Keycloak, GitHub Enterprise, and SAML2) should be reviewed to ensure they are properly configured and integrated securely into the application. Finally, the application should be thoroughly tested for common web application vulnerabilities, such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and others, to maintain a secure user authentication system.

Files Changed:

• dojo/templates/dojo/login.html: This file is a Django template that handles the login functionality of the application. The changes made in this pull request modify the appearance of the "I forgot my password" and "I forgot my username" links by adding a custom CSS style to the <a> tags. While these changes are primarily cosmetic, it's important to review the overall implementation of the login functionality and the integration with various authentication providers from a security perspective.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Configured Codepaths Analyzer	1 finding

Overall Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.