GUACAMOLE-1152: Ensure field values accurately represent login state.
If expected fields are deleted rather than reset to empty, those fields
will not be resubmitted in future requests, resulting in the content of
those requests not accurately representing true client-side login state.
For example, if a user receives an insufficient credentials error due to
their password expiring, failing to provide any new password should
result in at least the following fields:
1. Their original username (part of the initial login attempt)
2. Their original password (part of the initial login attempt)
3. Their new password (empty)
If fields are incorrectly reset to null, those fields will not be
submitted, resulting instead in a request containing only:
1. Their original username (part of the initial login attempt)
2. Their original password (part of the initial login attempt)
which is indistinguishable from a normal login attempt.
1 file changed
