A11y 2025

[Badatos]

Hello !
Here is some Accessibility improvements on CAS login page, to be more compliant with RGAA rules :

• [RGAA 7.1] Add screen.pm.password.show text to password toggle button, and make it readable only by screen readers.
• [RGAA 12.6] Add missing aria roles (main, banner, contentinfo) to header, main and footer blocks
• [RGAA 8.7] Translate every missing string for french users + ensure lines numbers are exactly corresponding between messages_en and messages_fr to make easier future corrections
• Remove some "text-justify", as this alignment mode is not recommended on web pages for accessibility
• [CSS] add some styles on buttons to improve useability with keyboard-only navigation (change button color on focus)
• Improve puppeteer "reveal-password" test case to test also the aria-pressed status of reveal-password button
• Remove some useless trailing spaces in cas.js to prevent noise in diff output
• add space after "poweredBy" string to avoid translation mistakes causing text being adjacent to link.

[Badatos]

Hello !
I've just added some assertions in the "reveal-password" puppeteer test case to test also the aria-pressed status of reveal-password button.
Can you re-enable this PR so it can be checked please ?

[Badatos]

Thank you @mmoayyed :)
Do I need to sync this branch with master to run CI checks ?

[mmoayyed]

Thank you for the changeset. Please undo all unrelated changes first.

[Badatos]

Hello @mmoayyed !
I just undone trailing spaces removed from messages.properties and added a line about trailing spaces removed in cas.js.

Is it fine for you ?

[gitguardian]

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard.
Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

🔎 Detected hardcoded secret in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
862659	Triggered	Generic Password	9fb00e9	core/cas-server-core-authentication/src/test/java/org/apereo/cas/authentication/AuthenticationMonitoringTests.java	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secret safely. Learn here the best practices.
3. Revoke and rotate this secret.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}