Problem
The auth action finds login fields using getByLabel(/user ?name/i) and getByLabel(/password/i). This misses common login forms:
- Email-based login: "Email", "E-Mail" don't match
/user ?name/i
- Non-English apps: "Benutzername", "Mot de passe" don't match
- No visible labels: Forms using only
placeholder attributes
When no match is found, the login form is not detected and the scanner proceeds unauthenticated.
Suggested fix
- Fall back to input types when label matching fails:
input[type="password"] for the password field, and the closest preceding input[type="text"] or input[type="email"] for the username field.
- Make selectors configurable via optional inputs like
username_selector and password_selector, so users can specify their own labels, placeholders, or CSS selectors for non-standard forms.
Problem
The auth action finds login fields using
getByLabel(/user ?name/i)andgetByLabel(/password/i). This misses common login forms:/user ?name/iplaceholderattributesWhen no match is found, the login form is not detected and the scanner proceeds unauthenticated.
Suggested fix
input[type="password"]for the password field, and the closest precedinginput[type="text"]orinput[type="email"]for the username field.username_selectorandpassword_selector, so users can specify their own labels, placeholders, or CSS selectors for non-standard forms.