Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin UI: mitigate the display of token_auth on screen #4616

Closed
mattab opened this issue Feb 3, 2014 · 2 comments
Closed

Admin UI: mitigate the display of token_auth on screen #4616

mattab opened this issue Feb 3, 2014 · 2 comments
Assignees
@mnapoli
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Milestone
2.8.0

Comments

@mattab
Copy link
Member

mattab commented Feb 3, 2014

I find it is wrong to display the full token_auth in the users listing.

Here is a proposal to make users listing more "safe" to preying eyes.

  • By default display only first characters eg. f4373c5....
  • On click on the cell, display the full token_auth
  • Once expanded, if clicked again, it re-toggles back into truncated.
  • when it appears truncated, display mouse as pointer to show its clickable, and underline on hover
@mattab mattab added this to the 2.x - The Great Piwik 2.x Backlog milestone Jul 8, 2014
@mattab mattab removed the P: normal label Aug 3, 2014
@mattab mattab modified the milestones: Piwik 2.8.0, Mid term Sep 26, 2014
@mattab mattab added Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement. c: UI - UX (AngularJS twig less) labels Sep 26, 2014
@mattab
Copy link
Member Author

mattab commented Sep 30, 2014

Related: New config setting to prevent Super Users from seeing other users' token_auth #6346

@mnapoli
Copy link
Contributor

mnapoli commented Oct 7, 2014

Pull request for this: #6394

@mnapoli mnapoli closed this as completed in 8ecaac9 Oct 7, 2014
mattab pushed a commit that referenced this issue Oct 7, 2014
Merge pull request #6394 from piwik/feature/collapse-token
87df2a9 
Fixes #4616: Show only the first characters of tokens in the admin
@mnapoli mnapoli self-assigned this Oct 8, 2014
@mattab mattab mentioned this issue Dec 1, 2016
Closed
@mattab mattab mentioned this issue Sep 28, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mnapoli mnapoli

Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Projects
None yet
Milestone
2.8.0
Development

No branches or pull requests
2 participants
@mattab @mnapoli