Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Datasource passwords are displayed in plaintext #12625

Closed
kuhball opened this issue May 16, 2023 · 5 comments · Fixed by #13203
Closed

Datasource passwords are displayed in plaintext #12625

kuhball opened this issue May 16, 2023 · 5 comments · Fixed by #13203
Assignees
@abhi1693
Labels
status: accepted This issue has been accepted for implementation type: feature Introduction of new functionality to the application

Comments

@kuhball
Copy link

kuhball commented May 16, 2023

NetBox version

v3.5.1

Python version

3.8

Steps to Reproduce

  1. Create a new Datasource with a token or user/password
  2. Open core/data-sources/<ID>/
  3. Password is displayed in plaintext and also visible for readonly users

Expected Behavior

Password should be hidden.

Observed Behavior

Password is displayed as plaintext for all users with access to datasources.
@kuhball kuhball added the type: bug A confirmed report of unexpected behavior in the application label May 16, 2023
@kkthxbye-code kkthxbye-code added the status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation label May 16, 2023
@jeremystretch
Copy link
Member

What is the proposed "fix?"

@jeremystretch jeremystretch added status: revisions needed This issue requires additional information to be actionable and removed status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation labels May 16, 2023
@kuhball
Copy link
Author

kuhball commented May 16, 2023
edited
Loading

Similar to the Wireless LAN Authentication Attributes ( https://github.com/netbox-community/netbox/blob/develop/netbox/templates/wireless/inc/authentication_attrs.html ) the field could be hidden. Having secrets/passwords displayed without hiding them is also problematic for demo / screen share / audit scenarios.

Having the Show Secret button only available for write permissions would solve our permission problem.

@jeremystretch jeremystretch added status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation and removed status: revisions needed This issue requires additional information to be actionable labels May 22, 2023
@aroth01
Copy link

aroth01 commented May 26, 2023

i can try to take a shot at this one. i'm a bit new to contributing though. Could do a change to the password field to display only for users that have add/update/delete permissions. Then hide it for those users and display it when the show secret button is pressed. Users that don't have those permissions wouldn't be able to see the password.

@abhi1693 abhi1693 added status: accepted This issue has been accepted for implementation and removed status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation labels May 26, 2023
@aroth01 aroth01 mentioned this issue May 26, 2023
Closed
@aroth01 aroth01 removed their assignment May 26, 2023
@abhi1693 abhi1693 added status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation and removed status: accepted This issue has been accepted for implementation labels May 26, 2023
@jeremystretch jeremystretch added type: feature Introduction of new functionality to the application and removed type: bug A confirmed report of unexpected behavior in the application labels Jun 23, 2023
@jeremystretch
Copy link
Member

Reclassifying this as a feature request, as the described behavior was never part of the original implementation.

@abhi1693 abhi1693 added status: accepted This issue has been accepted for implementation and removed status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation labels Jul 18, 2023
@abhi1693 abhi1693 self-assigned this Jul 18, 2023
abhi1693 added a commit that referenced this issue Jul 18, 2023
@abhi1693
adds sensitive_parameters to DataBackend #12625
ef615ca
@abhi1693 abhi1693 mentioned this issue Jul 18, 2023
Merged
jeremystretch pushed a commit that referenced this issue Jul 27, 2023
@abhi1693 @jeremystretch
adds sensitive_parameters to DataBackend #12625
0276f29
jeremystretch added a commit that referenced this issue Jul 27, 2023
@jeremystretch
Changelog for #12625, #13051, #13097, #13167, #13233, #13237
3e12fbe
@jeremystretch jeremystretch mentioned this issue Jul 28, 2023
Merged
@ryanmerolle
Copy link
Contributor

I do not think this implementation is working. I upgraded on my setup and saw password is still shown in the UI for data sources.

Repeatable example: https://demo.netbox.dev/core/data-sources/1/

@ryanmerolle ryanmerolle mentioned this issue Jul 29, 2023
Closed
@abhi1693 abhi1693 mentioned this issue Oct 7, 2023
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@abhi1693 abhi1693

Labels
status: accepted This issue has been accepted for implementation type: feature Introduction of new functionality to the application
Projects
None yet
Milestone
No milestone
6 participants
@kkthxbye-code @abhi1693 @kuhball @ryanmerolle @jeremystretch @aroth01