Mask password fields of inputs returned by the REST API. (#5432) #5734
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Before this change, input details returned by the REST API would contain
all configuration fields without any modification. This implies that
password fields are also contained using their original value, showing
configured password for inputs in clear text.
This change now iterates over configuration fields checking for the
presence of password fields and replace their content with
<password set>
instead of the original value if they are not empty.Fixes #5408.
Adding test for actual resource method, including license headers.
Adding test for complete input list retrievel.
Adding guard clause for null parameters.
Using locales for toLowerCase.
Handling null values in map.
Do not mask passwords in input config for users with edit permission.
If a user contains the required permission to edit an input, passwords
in the input's config are not masked. This is prevented so the input
edit dialog still functions in the same way as before.
(cherry picked from commit a562a33)