Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Personal token auth should be only visible after entering the password #13710

Closed
mattab opened this issue Nov 14, 2018 · 3 comments
Closed

Personal token auth should be only visible after entering the password #13710

mattab opened this issue Nov 14, 2018 · 3 comments
Assignees
@diosmosis
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. duplicate For issues that already existed in our issue tracker and were reported previously.
Milestone
4.0.0

Comments

@mattab
Copy link
Member

mattab commented Nov 14, 2018

Currently, you only need to click to view the token auth. I reckon instead we should ask a user to enter the password again before showing it. We could potentially always show the first 5 characters though. from @tsteur
@mattab mattab added the c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. label Nov 14, 2018
@mattab mattab added this to the 3.9.0 milestone Nov 14, 2018
@mattab mattab mentioned this issue Nov 14, 2018
Closed
@diosmosis diosmosis self-assigned this Jan 17, 2019
@diosmosis diosmosis mentioned this issue Jan 18, 2019
Merged
@diosmosis
Copy link
Member

Depends on #6559

@diosmosis diosmosis modified the milestones: 3.9.0, 4.0.0 Jan 21, 2019
@Amunak Amunak mentioned this issue Apr 17, 2019
Closed
@tsteur
Copy link
Member

tsteur commented Dec 16, 2019

FYI as we likely will implement #6559 app specific passwords in Matomo 4 and have the tokens stored securely in the DB this issue will likely become obsolete since the token will only be visible after creating the token.

@tsteur
Copy link
Member

tsteur commented Jan 8, 2020
edited

Closing this as a duplicate of #6559

@tsteur tsteur closed this as completed Jan 8, 2020
@tsteur tsteur added the duplicate For issues that already existed in our issue tracker and were reported previously. label Jan 8, 2020
@tsteur tsteur mentioned this issue Jan 8, 2020
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@diosmosis diosmosis

Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. duplicate For issues that already existed in our issue tracker and were reported previously.
Projects
None yet
Milestone
4.0.0
Development

No branches or pull requests
3 participants
@diosmosis @tsteur @mattab