Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password Security #716

Merged
merged 1 commit into from
Jun 7, 2024
Merged

Password Security #716

merged 1 commit into from
Jun 7, 2024

Conversation

SteveMicroNova
Copy link
Contributor

@SteveMicroNova SteveMicroNova commented May 10, 2024
edited

What does this change intend to accomplish?

Minor security improvement
The password is still plaintext in the backend, but it is now not copyable from the textbox and the textbox converts it into dots as password fields should

image

Checklist

  • Have you tested your changes and ensured they work?
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • If applicable, have you updated the documentation/manual?
  • If applicable, have you updated the CHANGELOG?
  • Does your submission pass linting & tests? You can test on localhost using ./scripts/test
  • Have you written new tests for your core features/changes, as applicable?
  • If this is a UI change, have you tested it across multiple browser platforms?
  • If this is a UI change, have you tested across multiple viewport sizes (ie. desktop versus mobile)?

SteveMicroNova
SteveMicroNova commented May 10, 2024
View reviewed changes
web/src/pages/Settings/Streams/StreamModal/StreamModal.jsx
Comment on lines 15 to 16
// We're already using mui, why are we reinventing the wheel? https://mui.com/material-ui/react-text-field/
// if it's a matter of className control on the underlying components, that still works with the mui textfield with the InputLabelProps prop and other componentProps
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://mui.com/material-ui/react-text-field/
I forgot about us recreating the TextField manually
I still hate it, but this time around I'm gonna make an issue out of that and solve it myself

@SteveMicroNova SteveMicroNova requested review from rtertiaer and klay2000 and removed request for rtertiaer May 10, 2024 16:17
@SteveMicroNova SteveMicroNova mentioned this pull request May 10, 2024
Open
rtertiaer
rtertiaer requested changes May 13, 2024
View reviewed changes
Copy link
Contributor

@rtertiaer rtertiaer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why just pandora?

web/src/pages/Settings/Streams/StreamModal/StreamModal.jsx Outdated
key={field.name}
name={field.name}
desc={field.desc}
type="password"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you just toggle this field on & off instead of duplicating this many lines of code and having a conditional return value?

@SteveMicroNova
Copy link
Contributor Author

why just pandora?

Not just pandora, pandora is just the only one I know of that has a password and so I named the branch after that, it still works with all parts labeled "password" on the stream create and edit modal

rtertiaer
rtertiaer reviewed May 15, 2024
View reviewed changes
web/src/pages/Settings/Streams/StreamModal/StreamModal.jsx Outdated
Comment on lines 192 to 196
switch (field.type) {
case "text":
let type = "text";
if(field.name == "password"){
type = "password";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think i'd probably prefer to change the type of the password fields, instead of behaving magically with specifically named text fields. this also creates a new component - it's perhaps somewhat more LOC, but more maintainable, and you don't have to change the interface of some underlying component.

@SteveMicroNova SteveMicroNova changed the title Pandora Password Security Password Security Jun 4, 2024
@SteveMicroNova
Minor security improvement
8f18f29 
Update CHANGELOG.md

Streamline password redacting

Add default option for StreamModal boxes

Remove required tag, add default value to type on custom TextField element

Explicitly handle input types
rtertiaer
rtertiaer approved these changes Jun 7, 2024
View reviewed changes
Copy link
Contributor

@rtertiaer rtertiaer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks~ pardon it was so much back & forth

@SteveMicroNova SteveMicroNova merged commit 19d2fbd into main Jun 7, 2024
3 checks passed
@SteveMicroNova SteveMicroNova deleted the PandoraPasswordSecurity branch June 7, 2024 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rtertiaer rtertiaer rtertiaer approved these changes

@klay2000 klay2000 Awaiting requested review from klay2000

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@SteveMicroNova @rtertiaer