Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client Secret is shown in the clear in the UI #4445

Closed
2 of 9 tasks
mhottinger1 opened this issue Jul 10, 2020 · 0 comments · Fixed by #4455
Closed
2 of 9 tasks

Client Secret is shown in the clear in the UI #4445

mhottinger1 opened this issue Jul 10, 2020 · 0 comments · Fixed by #4455
Assignees
@richard-cox
Labels
bug community Community Raised Issue
Milestone
4.0.0

Comments

@mhottinger1
Copy link

mhottinger1 commented Jul 10, 2020
edited
Loading

Screen Shot 2020-07-10 at 4 03 58 PM

Stratos Version

Frontend Deployment type

  • Cloud Foundry Application (cf push)
  • Kubernetes, using a helm chart
  • Docker, single container deploying all components
  • npm run start
  • Other (please specify below)

Backend (Jet Stream) Deployment type

  • Cloud Foundry Application (cf push)
  • Kubernetes, using a helm chart
  • Docker, single container deploying all components
  • Other (please specify below)

Expected behaviour

When editing an endpoint in Stratos UI, the UI should mask my client secret so it's not exposed.

Actual behaviour

See that client secret is exposed in the clear.

Steps to reproduce the behaviour

Steps:
1.) Edit endpoint
2.) Check Update Client ID and Client Secret
3.) Input "Client Secret"

Log output covering before error and any error statements

Insert your log here

Detailed Description

Form field type change to use obfuscated.

Context

Because security.

Possible Implementation

Change field type to password?
@richard-cox richard-cox added the community Community Raised Issue label Jul 13, 2020
@richard-cox richard-cox added this to the 4.0.0 milestone Jul 20, 2020
@richard-cox richard-cox self-assigned this Jul 20, 2020
@richard-cox richard-cox mentioned this issue Jul 20, 2020
Merged
@nwmac nwmac changed the title Client Secret In The Clear Client Secret is shown in the clear in the UI Jul 24, 2020
@nwmac nwmac added the bug label Jul 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@richard-cox richard-cox

Labels
bug community Community Raised Issue
Projects
None yet
Milestone
4.0.0
Development

Successfully merging a pull request may close this issue.

Convert Client Secret Input Fields to password cloudfoundry/stratos
3 participants
@nwmac @mhottinger1 @richard-cox