New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancement: (un)mask password fields #5554

Closed
dnutan opened this Issue Jul 24, 2018 · 34 comments

Comments

5 participants
@dnutan

dnutan commented Jul 24, 2018

Product affected
Nethserver 7.5

Description
There are modules where password fields are in plain text.

Proposal

  • 1. Mask password fields: to protect password input from prying eyes the input field type can be switched to a password field, where typed content is masked. (see PR below)
  • 2. Enhance password fields with unmask functionality: add an eye button to show the password.

Step 1 is ready in a few PR:

Remains to decide if password fields on these modules should be masked:

See also

https://community.nethserver.org/t/textinput-password-fields-rendered-as-plain-text/10365/4?u=dnutan

@dnutan dnutan referenced this issue Aug 6, 2018

Merged

mask password field #8

dnutan added a commit to dnutan/nethserver-sssd that referenced this issue Aug 6, 2018

dnutan added a commit to dnutan/nethserver-sssd that referenced this issue Aug 6, 2018

DavidePrincipi added a commit to NethServer/nethgui that referenced this issue Aug 6, 2018

DavidePrincipi added a commit to NethServer/nethserver-httpd-admin that referenced this issue Aug 6, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 6, 2018

@DavidePrincipi

This comment has been minimized.

Show comment
Hide comment
@DavidePrincipi

DavidePrincipi Aug 6, 2018

Member

Remains to decide if password fields on these modules should be masked

Please go on with them!

Member

DavidePrincipi commented Aug 6, 2018

Remains to decide if password fields on these modules should be masked

Please go on with them!

DavidePrincipi added a commit to NethServer/nethserver-base that referenced this issue Aug 6, 2018

DavidePrincipi added a commit to NethServer/nethserver-vpn that referenced this issue Aug 6, 2018

DavidePrincipi added a commit to NethServer/nethserver-vsftpd that referenced this issue Aug 6, 2018

DavidePrincipi added a commit to NethServer/nethserver-httpd that referenced this issue Aug 6, 2018

DavidePrincipi added a commit to NethServer/nethserver-base that referenced this issue Aug 6, 2018

DavidePrincipi added a commit to NethServer/nethserver-iaxmodem that referenced this issue Aug 6, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 6, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 6, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 6, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 6, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 6, 2018

DavidePrincipi added a commit to NethServer/nethserver-httpd that referenced this issue Aug 6, 2018

DavidePrincipi added a commit to NethServer/nethserver-mail that referenced this issue Aug 6, 2018

DavidePrincipi added a commit to NethServer/nethserver-getmail that referenced this issue Aug 6, 2018

DavidePrincipi added a commit to NethServer/nethserver-openvpn that referenced this issue Aug 6, 2018

DavidePrincipi added a commit to NethServer/nethserver-nut that referenced this issue Aug 6, 2018

@DavidePrincipi DavidePrincipi added this to ✋ Needs review in NethServer 7 via automation Aug 6, 2018

@DavidePrincipi DavidePrincipi moved this from ✋ Needs review to ⚙ Developing in NethServer 7 Aug 6, 2018

@stephdl stephdl self-assigned this Aug 7, 2018

@stephdl

This comment has been minimized.

Show comment
Hide comment
@stephdl

stephdl Aug 7, 2018

QA
installation of rpm and test to see if the password input field is hidden.

nethserver-httpd-virtualhosts-3.2.6-1.2.g42df899.ns7.noarch
nethserver-httpd-3.2.6-1.2.g42df899.ns7.noarch
nethserver-httpd-proxypass-3.2.6-1.2.g42df899.ns7.noarch
nethserver-iaxmodem-1.2.4-1.2.gf7335b5.ns7.noarch
nethserver-sssd-1.4.0-1.2.gc75e952.ns7.noarch
nethserver-openvpn-1.6.13-1.1.ga7201c0.ns7.noarch
nethserver-base-3.4.1-1.3.g425e73f.ns7.noarch
nethserver-httpd-admin-2.3.2-1.1.gae5c2a7.ns7.noarch
nethserver-restore-data-1.2.4-1.2.g5c84689.ns7.noarch
nethserver-backup-data-1.3.4-1.66.g2492638.ns7.noarch
nethserver-backup-config-2.1.0-1.8.g4074a48.ns7.noarch
nethserver-vsftpd-1.1.0-1.7.g3833579.ns7.noarch
nethserver-mail2-getmail-2.2.5-1.4.g876650f.ns7.noarch.rpm
nethserver-getmail-1.0.3-1.3.g72cdb21.ns7.noarch

these rpms are ready to be released, the login form is correctly hidden (even the server-manager login one)

@dnutan @DavidePrincipi I would like to highlight some fails

nethserver-nut has not been built by nethbot (no needed configuration)
nethserver-vpn has been patched but it is not used by ns7 (merged into nethserver-openvpn)
the password field of the ldapservice user for the local AD is visible you should modify the template file.

stephdl commented Aug 7, 2018

QA
installation of rpm and test to see if the password input field is hidden.

nethserver-httpd-virtualhosts-3.2.6-1.2.g42df899.ns7.noarch
nethserver-httpd-3.2.6-1.2.g42df899.ns7.noarch
nethserver-httpd-proxypass-3.2.6-1.2.g42df899.ns7.noarch
nethserver-iaxmodem-1.2.4-1.2.gf7335b5.ns7.noarch
nethserver-sssd-1.4.0-1.2.gc75e952.ns7.noarch
nethserver-openvpn-1.6.13-1.1.ga7201c0.ns7.noarch
nethserver-base-3.4.1-1.3.g425e73f.ns7.noarch
nethserver-httpd-admin-2.3.2-1.1.gae5c2a7.ns7.noarch
nethserver-restore-data-1.2.4-1.2.g5c84689.ns7.noarch
nethserver-backup-data-1.3.4-1.66.g2492638.ns7.noarch
nethserver-backup-config-2.1.0-1.8.g4074a48.ns7.noarch
nethserver-vsftpd-1.1.0-1.7.g3833579.ns7.noarch
nethserver-mail2-getmail-2.2.5-1.4.g876650f.ns7.noarch.rpm
nethserver-getmail-1.0.3-1.3.g72cdb21.ns7.noarch

these rpms are ready to be released, the login form is correctly hidden (even the server-manager login one)

@dnutan @DavidePrincipi I would like to highlight some fails

nethserver-nut has not been built by nethbot (no needed configuration)
nethserver-vpn has been patched but it is not used by ns7 (merged into nethserver-openvpn)
the password field of the ldapservice user for the local AD is visible you should modify the template file.

dnutan added a commit to dnutan/nethserver-sssd that referenced this issue Aug 7, 2018

DavidePrincipi added a commit to NethServer/nethserver-sssd that referenced this issue Aug 8, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 8, 2018

@DavidePrincipi

This comment has been minimized.

Show comment
Hide comment
@DavidePrincipi

DavidePrincipi Aug 8, 2018

Member

nethserver-nut has not been built by nethbot (no needed configuration)

Fixed

nethserver-vpn has been patched but it is not used by ns7 (merged into nethserver-openvpn)

Disabled Travis-builds on it (it's a ns6 package)
I propose to revert that patch as this feature shouldn't be backported IMO

the password field of the ldapservice user for the local AD is visible you should modify the template file.

Merged in nethserver-sssd-1.4.0-1.3.g70720e6.ns7.noarch.rpm

Member

DavidePrincipi commented Aug 8, 2018

nethserver-nut has not been built by nethbot (no needed configuration)

Fixed

nethserver-vpn has been patched but it is not used by ns7 (merged into nethserver-openvpn)

Disabled Travis-builds on it (it's a ns6 package)
I propose to revert that patch as this feature shouldn't be backported IMO

the password field of the ldapservice user for the local AD is visible you should modify the template file.

Merged in nethserver-sssd-1.4.0-1.3.g70720e6.ns7.noarch.rpm

DavidePrincipi added a commit to NethServer/nethserver-nut that referenced this issue Aug 8, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 8, 2018

@stephdl

This comment has been minimized.

Show comment
Hide comment
@stephdl

stephdl Aug 8, 2018

@dnutan @DavidePrincipi

[root@ns7loc13 ~]# rpm -qa nethserver-nut
nethserver-nut-1.3.1-1.2.gae73e58.ns7.noarch
[root@ns7loc13 ~]# rpm -qa nethserver-sssd
nethserver-sssd-1.4.0-1.3.g70720e6.ns7.noarch

the password fields is hidden, you did a good work, thank a lot

ready to be released, think to revert the patch of nethserver-vpn

proposed to be verified

stephdl commented Aug 8, 2018

@dnutan @DavidePrincipi

[root@ns7loc13 ~]# rpm -qa nethserver-nut
nethserver-nut-1.3.1-1.2.gae73e58.ns7.noarch
[root@ns7loc13 ~]# rpm -qa nethserver-sssd
nethserver-sssd-1.4.0-1.3.g70720e6.ns7.noarch

the password fields is hidden, you did a good work, thank a lot

ready to be released, think to revert the patch of nethserver-vpn

proposed to be verified

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 8, 2018

@DavidePrincipi

This comment has been minimized.

Show comment
Hide comment
@DavidePrincipi

DavidePrincipi Aug 8, 2018

Member

The httpd-admin package has been published, we can push remaining packages to updates (if their master branch is not locked by other commits)

  • nethserver-httpd-admin
  • nethserver-backup-data
  • nethserver-sssd
  • nethserver-base
  • nethserver-vsftpd
  • nethserver-httpd
  • nethserver-iaxmodem
  • nethserver-mail2
  • nethserver-getmail
  • nethserver-openvpn
  • nethserver-nut
Member

DavidePrincipi commented Aug 8, 2018

The httpd-admin package has been published, we can push remaining packages to updates (if their master branch is not locked by other commits)

  • nethserver-httpd-admin
  • nethserver-backup-data
  • nethserver-sssd
  • nethserver-base
  • nethserver-vsftpd
  • nethserver-httpd
  • nethserver-iaxmodem
  • nethserver-mail2
  • nethserver-getmail
  • nethserver-openvpn
  • nethserver-nut
@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 9, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 9, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 9, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 9, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 9, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 9, 2018

@nethbot

This comment has been minimized.

Show comment
Hide comment
@nethbot
Member

nethbot commented Aug 9, 2018

NethServer 7 automation moved this from ⚙ Developing to 🗑 Done Aug 9, 2018

@stephdl

This comment has been minimized.

Show comment
Hide comment
@stephdl

stephdl Aug 18, 2018

reopening for consideration, see https://community.nethserver.org/t/textinput-password-fields-rendered-as-plain-text/10365/21

In short, following the OS or the browser you use, the eye picture is not at the good place

stephdl commented Aug 18, 2018

reopening for consideration, see https://community.nethserver.org/t/textinput-password-fields-rendered-as-plain-text/10365/21

In short, following the OS or the browser you use, the eye picture is not at the good place

@stephdl stephdl reopened this Aug 18, 2018

NethServer 7 automation moved this from 🗑 Done to ⚙ Developing Aug 18, 2018

@gsanchietti

This comment has been minimized.

Show comment
Hide comment
@gsanchietti

gsanchietti Aug 20, 2018

Member

If really really needed, please open a new issue with all information to reproduce the issue (like the browser version).

Member

gsanchietti commented Aug 20, 2018

If really really needed, please open a new issue with all information to reproduce the issue (like the browser version).

NethServer 7 automation moved this from ⚙ Developing to 🗑 Done Aug 20, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment