Merge branch '23767-disable-storing-of-sensitive-information' into 'master'

Fix disable storing of sensitive information when importing a new repo

Closes #23767

See merge request !8885

app/views/shared/_import_form.html.haml

@@ -2,7 +2,7 @@
   = f.label :import_url, class: 'control-label' do
     %span Git repository URL
   .col-sm-10
-    = f.text_field :import_url, class: 'form-control', placeholder: 'https://username:password@gitlab.company.com/group/project.git', disabled: true
+    = f.text_field :import_url, autocomplete: 'off', class: 'form-control', placeholder: 'https://username:password@gitlab.company.com/group/project.git', disabled: true
 
     .well.prepend-top-20
       %ul

changelogs/unreleased/23767-disable-storing-of-sensitive-information.yml

+---
+title: Fix disable storing of sensitive information when importing a new repo
+merge_request: 8885
+author: Bernard Pietraga

spec/features/projects/new_project_spec.rb

 require "spec_helper"
 
 feature "New project", feature: true do
-  context "Visibility level selector" do
-    let(:user) { create(:admin) }
+  let(:user) { create(:admin) }
 
-    before { login_as(user) }
+  before do
+    login_as(user)
+  end
 
+  context "Visibility level selector" do
     Gitlab::VisibilityLevel.options.each do |key, level|
       it "sets selector to #{key}" do
         stub_application_setting(default_project_visibility: level)
@@ -16,4 +18,16 @@ feature "New project", feature: true do
       end
     end
   end
+
+  context 'Import project options' do
+    before do
+      visit new_project_path
+    end
+
+    it 'does not autocomplete sensitive git repo URL' do
+      autocomplete = find('#project_import_url')['autocomplete']
+
+      expect(autocomplete).to eq('off')
+    end
+  end
 end