Make links in the login page visually obvious

[oussama-taoufiq]

Page / Screen Title
Defect Dojo login
Page URL / Screen ID
https://demo.defectdojo.org
Error Title
Creating links that are not visually evident without color vision
Error Severity
Serious
Status
Fail
Accessibility Issue
[Description of issue] "I forgot my password" and "I forgot my username" are links without underline and its not visually evident without color vision.

[Impact on users] Users may not know that they are links and can be misleading.

[Pattern] Within the login page.

[Sample of code] <a id="reset-password" href="/password_reset/">I forgot my password</a>

Remediation
[Recommendation]
Please remove styles on the hyperlinks so that it is visually easy to know that its an hyperlink.

[Additional Resources]
https://www.w3.org/WAI/WCAG21/Techniques/failures/F73
https://www.w3.org/WAI/WCAG21/Techniques/general/G182

[dryrunsecurity]

DryRun Security Summary

The pull request involves a routine CSS style update to the "dojo.css" file, adding color styles for specific password-related link elements without introducing any security vulnerabilities.

Expand for full summary

Summary:

The code changes in this pull request appear to be a routine update to the application's CSS styles, specifically related to the styling and layout of the "dojo/static/dojo/css/dojo.css" file. The changes include adding styles for the "form ul li a#reset-password" and "form ul li a#forgot-username" elements, setting their color to RGB(51, 122, 183). From an application security perspective, these changes do not introduce any obvious security vulnerabilities, as they are focused on the visual styling of the application and do not seem to affect any security-critical functionality. Overall, this code change is likely intended to improve the user interface and user experience of the application.

Files Changed:

• dojo/static/dojo/css/dojo.css: This file has been updated to include new styles for the "form ul li a#reset-password" and "form ul li a#forgot-username" elements, setting their color to RGB(51, 122, 183). These changes are focused on the visual styling of the application and do not appear to have any direct security implications.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[oussama-taoufiq]

@mtesauro, @grendel513
The changes to the dojo/templates/dojo/login.html file change the appearance of the two links to be more visible for accessibility reasons and do not affect how authentication works.
Does using inline styling cause any problem? If I use external CSS file for my changes will be better?

[Maffooch]

Does using inline styling cause any problem? If I use external CSS file for my changes will be better?

Yes, please make that change. There is nothing wrong with inline styles, but we already have a styles file here that would be a more appropriate place.

[oussama-taoufiq]

Does using inline styling cause any problem? If I use external CSS file for my changes will be better?

Yes, please make that change. There is nothing wrong with inline styles, but we already have a styles file here that would be a more appropriate place.

The inline styles from the login.html page have been removed and have been put into the dojo.css styles file.

[mtesauro]

@oussama-taoufiq Looks like you've got a bunch of unrelated files in this PR. Can you please clean that up so we can approve this PR?

[oussama-taoufiq]

@mtesauro done. I cleaned the PR of the unrelated files and keep only the styles file.

[mtesauro]

Approved