Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat: mask coder login token to enhance security #12948

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
May 3, 2024
Merged

feat: mask coder login token to enhance security #12948

merged 9 commits into from
May 3, 2024

Conversation

michaelbrewer
Copy link
Contributor

@michaelbrewer michaelbrewer commented Apr 12, 2024
edited
Loading

Masks the coder token when pasting it after the coder login .

When doing public demos of coder this can be an awkard moment...

@cdr-bot cdr-bot bot added the community Pull Requests and issues created by the community. label Apr 12, 2024
@michaelbrewer michaelbrewer changed the title feat(login): treat coder token as a secret feat(login): make coder login token a secret Apr 12, 2024
@michaelbrewer michaelbrewer changed the title feat(login): make coder login token a secret feat(login): coder login token as a secret Apr 12, 2024
@michaelbrewer michaelbrewer changed the title feat(login): coder login token as a secret feat(login): coder login token should be a secret Apr 12, 2024
@michaelbrewer michaelbrewer changed the title feat(login): coder login token should be a secret feat(login): mask coder login token for security Apr 12, 2024
@michaelbrewer michaelbrewer changed the title feat(login): mask coder login token for security feat: mask coder login token for security Apr 12, 2024
@michaelbrewer
Copy link
Contributor Author

@kylecarbs - not sure if i should add some unit tests for this, but i did manually validate that the token still works and is not shown

@matifali matifali requested a review from ericpaulsen April 13, 2024 15:28
ericpaulsen
ericpaulsen approved these changes Apr 13, 2024
View reviewed changes
Copy link
Member

@ericpaulsen ericpaulsen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in a future state, we should display *** characters, for a better UX.

@matifali
Copy link
Member

@ericpaulsen IIRC, it was the original behavior, and the token was shown after some customer feedback.

@coadler
Copy link
Contributor

coadler commented Apr 16, 2024

Yeah, hiding the input was changed because users couldn't tell if they were actually pasting into the box or not. I'm in favor of changing it back to secret until we can add in replacing the text with asterisks.

@michaelbrewer
Copy link
Contributor Author

@coadler - there are various other places where Secret is used in a prompt, so i might be a generic solution for those cases too.

@coadler
Copy link
Contributor

coadler commented Apr 16, 2024

@coadler - there are various other places where Secret is used in a prompt, so i might be a generic solution for those cases too.

Yeah, definitely.

@michaelbrewer
Copy link
Contributor Author

would be nice to have this resolved for when i do demos.

@matifali matifali requested a review from sreya April 22, 2024 05:45
@michaelbrewer michaelbrewer changed the title feat: mask coder login token for security feat: mask coder login token to enhance security Apr 27, 2024
@michaelbrewer
Copy link
Contributor Author

@ericpaulsen is there a decision on how to handle the secret being printed?

@kylecarbs kylecarbs merged commit 060f023 into coder:main May 3, 2024
24 of 25 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators May 3, 2024
@michaelbrewer michaelbrewer deleted the feat/coder-login-secret branch May 4, 2024 05:00
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kylecarbs kylecarbs kylecarbs approved these changes

@ericpaulsen ericpaulsen ericpaulsen approved these changes

@sreya sreya Awaiting requested review from sreya

Assignees

@michaelbrewer michaelbrewer

Labels
community Pull Requests and issues created by the community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@michaelbrewer @matifali @coadler @kylecarbs @ericpaulsen