fix(login): restore browser autofill on two-step login form

[ToriChanIntegration]

Summary (AI generated)

• Add a visually-hidden <input type="email" autocomplete="username"> inside the password form (step 2) so browser credential managers can associate the saved password with the entered email address
• Move the email display <p> inside the password form (was outside the <FormKit> form, so browsers couldn't detect the association)
• Keep the email display in the SSO path as well for parity

Motivation (AI generated)

When the login page was split into two steps (email → password), browser autofill broke because:

1. Password autofill: Browsers and password managers (Chrome, Safari, Firefox, 1Password, Bitwarden, etc.) need both a username/email field and a password field in the same HTML form to trigger password autofill. With the two-step approach, the password form had no email field, so the browser couldn't determine which saved credential to suggest.
2. Email context: The email <p> was outside the <FormKit> (i.e., outside the <form> element), so it had no effect on autofill heuristics.

The fix follows the HTML5 autocomplete spec and browser vendor documentation for multi-step login forms:

• Add a hidden-but-DOM-present email input with autocomplete="username" inside the password form
• Uses opacity:0; position:absolute (not display:none) so browsers still detect it for autofill

Business Impact (AI generated)

• Restores a standard UX expectation that users have — password managers and browser autofill "just work" on login forms
• Reduces friction at the most critical conversion point (login)
• Affects all users on the dashboard login page

Test Plan (AI generated)

• Open the login page in Chrome/Safari/Firefox with saved credentials
• Enter email in step 1 and click Continue
• Verify the browser offers to autofill the password in step 2
• Verify the hidden email input is not visible in the UI
• Verify form submission still works correctly (email + password → login)
• Verify SSO path still shows the email context properly
• Test on mobile browsers (iOS Safari, Chrome Android)

Generated with AI

Summary by CodeRabbit

• Bug Fixes
  • Improved password manager and browser autofill compatibility on the login form for better credential entry experience.
  • Enhanced form layout organization for clearer authentication field display.

[coderabbitai]

📝 Walkthrough

Walkthrough

The login form is modified to improve password-manager autofill compatibility by adding a hidden email input field with autocomplete="username" while reorganizing the visible email context display placement within the credentials section.

Changes

Cohort / File(s)	Summary
Login Form Autofill Enhancement src/pages/login.vue	Added hidden email input field with autocomplete="username" for browser password-manager autofill support; repositioned visible email context display to appear after the hidden input within the credentials block.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A hidden field hops into place,
Helping passwords find their way with grace,
Email whispers softly in the night,
So managers remember what is right,
Login flows improved, no trace! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding browser autofill support to a two-step login form by restoring the missing email context.
Description check	✅ Passed	The description covers the Summary section well and includes a comprehensive Motivation and Test Plan. However, it lacks explicit Screenshots and doesn't fully complete the Checklist section required by the template.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan for PR comments

• Generate coding plan

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/pages/login.vue (1)

589-604: Consider using Tailwind utility classes instead of inline styles.

The hidden input implementation correctly follows browser autofill best practices (using opacity/position instead of display:none). However, per coding guidelines, inline CSS should be avoided in favor of utility composition.

♻️ Suggested refactor using Tailwind utilities

                     <input
                       type="email"
                       :value="emailForLogin"
                       name="username"
                       autocomplete="username"
                       readonly
                       tabindex="-1"
                       aria-hidden="true"
-                      style="position:absolute;width:1px;height:1px;opacity:0;overflow:hidden;pointer-events:none;"
+                      class="absolute w-px h-px opacity-0 overflow-hidden pointer-events-none"
                     >

As per coding guidelines: "Avoid custom CSS in Vue components; prefer utility composition and DaisyUI theming."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/pages/login.vue` around lines 589 - 604, The hidden email input uses
inline style; replace the style attribute on the input (the hidden email
autofill helper input with name="username" and :value="emailForLogin") with
Tailwind utility classes that replicate the behavior, e.g. add classes like
"absolute w-[1px] h-[1px] opacity-0 overflow-hidden pointer-events-none" (or
equivalent utility tokens your project prefers) and remove the inline style
string so the component follows the utility-first/DaisyUI guideline.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/pages/login.vue`:
- Around line 589-604: The hidden email input uses inline style; replace the
style attribute on the input (the hidden email autofill helper input with
name="username" and :value="emailForLogin") with Tailwind utility classes that
replicate the behavior, e.g. add classes like "absolute w-[1px] h-[1px]
opacity-0 overflow-hidden pointer-events-none" (or equivalent utility tokens
your project prefers) and remove the inline style string so the component
follows the utility-first/DaisyUI guideline.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 744573ab-b577-4bfe-b9ef-a472732fbd7c

📥 Commits

Reviewing files that changed from the base of the PR and between c3095f3 and 0ad0e9b.

📒 Files selected for processing (1)

• src/pages/login.vue

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud