Skip to content
This repository has been archived by the owner on Jan 24, 2023. It is now read-only.

Client Secret is shown in the clear in the UI #4445

Closed
2 of 9 tasks
mhottinger1 opened this issue Jul 10, 2020 · 0 comments · Fixed by #4455
Closed
2 of 9 tasks

Client Secret is shown in the clear in the UI #4445

mhottinger1 opened this issue Jul 10, 2020 · 0 comments · Fixed by #4455
Assignees
@richard-cox
Labels
bug community Community Raised Issue
Milestone
4.0.0

Comments

@mhottinger1
Copy link

mhottinger1 commented Jul 10, 2020
edited
Loading

Screen Shot 2020-07-10 at 4 03 58 PM

Stratos Version

Frontend Deployment type

  • Cloud Foundry Application (cf push)
  • Kubernetes, using a helm chart
  • Docker, single container deploying all components
  • npm run start
  • Other (please specify below)

Backend (Jet Stream) Deployment type

  • Cloud Foundry Application (cf push)
  • Kubernetes, using a helm chart
  • Docker, single container deploying all components
  • Other (please specify below)

Expected behaviour

When editing an endpoint in Stratos UI, the UI should mask my client secret so it's not exposed.

Actual behaviour

See that client secret is exposed in the clear.

Steps to reproduce the behaviour

Steps:
1.) Edit endpoint
2.) Check Update Client ID and Client Secret
3.) Input "Client Secret"

Log output covering before error and any error statements

Insert your log here

Detailed Description

Form field type change to use obfuscated.

Context

Because security.

Possible Implementation

Change field type to password?
@richard-cox richard-cox added the community Community Raised Issue label Jul 13, 2020
@richard-cox richard-cox added this to the 4.0.0 milestone Jul 20, 2020
@richard-cox richard-cox self-assigned this Jul 20, 2020
@richard-cox richard-cox mentioned this issue Jul 20, 2020
Merged
@nwmac nwmac changed the title Client Secret In The Clear Client Secret is shown in the clear in the UI Jul 24, 2020
@nwmac nwmac added the bug label Jul 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@richard-cox richard-cox

Labels
bug community Community Raised Issue
Projects
None yet
Milestone
4.0.0
Development

Successfully merging a pull request may close this issue.

Convert Client Secret Input Fields to password cloudfoundry/stratos
3 participants
@nwmac @mhottinger1 @richard-cox