forked from gitea/gitea
1
0
Fork 0

Set type="password" on all auth_token fields (#22175)

Set `type="password"` on all `auth_token` fields

Seen when migrating from other hosting platforms.

1. Prevents exposing the token to screen capture/cameras/eyeballs.
2. Prevents the browser from saving the value in its autocomplete
dictionary, which often is not secure.

![exposed auth
token](https://user-images.githubusercontent.com/615684/208541005-e2c9c6b0-3c6c-4a56-95d9-357b987aa0c8.png)

Closes #22174

---------

Signed-off-by: Dan Church <amphetamachine@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
This commit is contained in:
Dan Church 2023-04-23 09:28:27 -05:00 committed by GitHub
parent b3e849d1d6
commit 67da4c1b25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 4 additions and 4 deletions

View File

@ -20,7 +20,7 @@
<div class="inline field {{if .Err_Auth}}error{{end}}">
<label for="auth_token">{{.locale.Tr "access_token"}}</label>
<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
<a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a>
</div>

View File

@ -20,7 +20,7 @@
<div class="inline field {{if .Err_Auth}}error{{end}}">
<label for="auth_token">{{.locale.Tr "access_token"}}</label>
<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
<a target="_blank" href="https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token">{{svg "octicon-question"}}</a>
<span class="help">
{{.locale.Tr "repo.migrate.github_token_desc"}}

View File

@ -20,7 +20,7 @@
<div class="inline field {{if .Err_Auth}}error{{end}}">
<label for="auth_token">{{.locale.Tr "access_token"}}</label>
<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
<a target="_blank" href="https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html">{{svg "octicon-question"}}</a>
</div>

View File

@ -20,7 +20,7 @@
<div class="inline field {{if .Err_Auth}}error{{end}}">
<label for="auth_token">{{.locale.Tr "access_token"}}</label>
<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
<!-- <a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a> -->
</div>