Form fields autofilled on loading a signup page in Rails

Question

I have this signup form code (the controller is added below) :

<%= form_with(model: @user, class: "shadow p-3 mb-3 bg-info rounded", local: true) do |f|%>
        <div class="form-group row">
            <%= f.label :username, class: "col-2 col-form-label text-light"%>
            <div class="col-10">
            <%= f.text_field :username, class: "form-control shadow rounded", placeholder: "Enter a username" %>
            </div>
        </div>

        <div class="form-group row">
            <%= f.label :email, class: "col-2 col-form-label text-light"%>
            <div class="col-10">
            <%= f.email_field  :email, class: "form-control shadow rounded", placeholder: "Enter your e-mail address"  %>
            </div>
        </div>

        <div class="form-group row">
            <%= f.label :password, class: "col-2 col-form-label text-light"%>
            <div class="col-10">
            <%= f.password_field  :password, class: "form-control shadow rounded", placeholder: "Choose a password"  %>
            </div>
        </div>

        <div class="form-group row justify-content-center">
            <%= f.submit class:"btn btn-outline-light btn-lg" %>
        </div>
    <% end %>

Even though I have placeholders set up (placeholder: "...."), when I load the page it becomes auto-filled with some personal values - e-mail + password.

The controller code for creating users is the following:

class UsersController <ApplicationController

    before_action :set_user, only: [:show, :edit, :update, :destroy]
    before_action :require_user, only: [:edit, :update]
    before_action :require_same_user, only: [:edit, :update, :destroy]

    def show
        @articles = @user.articles.paginate(page: params[:page], per_page: 2)
    end

    def index
        @users = User.paginate(page: params[:page], per_page: 2)
    end

    def new
        @user = User.new
    end


    def edit
    end

    def update
        if @user.update(user_params)
            flash[:notice] = "Your account information was successfully updated."
            redirect_to @user
        else
            render 'edit'
        end

    end


    def create
        @user = User.new(user_params)
        if @user.save
            session[:user_id] = @user.id
            flash[:notice] = "Welcome to the Alpha Blog #{@user.username}, you have successfully signed up."
            redirect_to articles_path
        else
            render 'new'
        end
    end

    def destroy
        @user.destroy
        session[:user_id] = nil if @user == current_user
        flash[:notice] = "Account and all associaed articles successfully deleted."
        redirect_to articles_path
    end


    private
    def user_params
        params.require(:user).permit(:username, :email, :password) #whitelisting
    end

    def set_user
        @user = User.find(params[:id])
    end

    def require_same_user
        if current_user != @user && !current_user.admin?
            flash[:alert] = "You can only edit or delete your own profile"
            redirect_to @user
        end
    end
end

Not sure how to disable that. Thanks!

Answer 1

form_with(model: @user, ... builds the form with whatever is in the @user variable.

Let's say you have a user like this:

$ @user = User.first
> #<User id: 1, email: "person@email.com", username: "Person", password_digest: [FILTERED]>

In this case, form_with fields will use the existing record values in the form.

If you've created a new user in the controller action for this view:

$ @user = User.new
> #<User id: nil, email: nil, username: nil, password_digest: nil>

then the form fields should be blank.

How to test if this is the issue:

Replace your @user with User.new:

<%= form_with(model: @user, ...

What else could be happening:*

1. The browser could be auto-filling form data, Chrome does this quite often.
2. A browser extension, like a password manager, could be auto-filling the form data