Password reveal feature should be configurable
Horizon has a password reveal eye button which allows the password field to be viewed in plain text. This is a security risk because a malicious user can check the OpenStack password at an unattended computer. Add new DISABLE_PASSWORD_REVEAL setting which is by default, False. DocImpact Change-Id: I21a2eaedbff4c1ee73d97c5674eca43c0258ca1a Closes-Bug: #1400872
This commit is contained in:
parent
a88bdb6643
commit
afbca3d431
@ -182,6 +182,16 @@ element, do not close the modal after clicking outside of it) and ``"static"``
|
||||
(show backdrop element outside the modal, do not close the modal after
|
||||
clicking on backdrop).
|
||||
|
||||
``disable_password_reveal``
|
||||
---------------------------
|
||||
|
||||
.. versionadded:: 2015.1(Kilo)
|
||||
|
||||
Default: ``False``
|
||||
|
||||
Setting this to True will disable the reveal button for password fields,
|
||||
including on the login form.
|
||||
|
||||
``password_validator``
|
||||
----------------------
|
||||
|
||||
|
@ -197,9 +197,11 @@ horizon.addInitFunction(horizon.forms.init = function () {
|
||||
horizon.forms.handle_object_upload_source();
|
||||
horizon.forms.datepicker();
|
||||
|
||||
horizon.forms.add_password_fields_reveal_buttons($("body"));
|
||||
horizon.modals.addModalInitFunction(
|
||||
horizon.forms.add_password_fields_reveal_buttons);
|
||||
if (!horizon.conf.disable_password_reveal) {
|
||||
horizon.forms.add_password_fields_reveal_buttons($("body"));
|
||||
horizon.modals.addModalInitFunction(
|
||||
horizon.forms.add_password_fields_reveal_buttons);
|
||||
}
|
||||
|
||||
// Bind event handlers to confirm dangerous actions.
|
||||
$("body").on("click", "form button.btn-danger", function (evt) {
|
||||
|
@ -42,6 +42,7 @@ angular.module('hz')
|
||||
fade_duration: {{ HORIZON_CONFIG.auto_fade_alerts.fade_duration|default:"1500" }},
|
||||
types: {{ HORIZON_CONFIG.auto_fade_alerts.types|default:"[]"|safe }}
|
||||
};
|
||||
hzConfig.disable_password_reveal = {{ HORIZON_CONFIG.disable_password_reveal|yesno:"true,false" }};
|
||||
}]);
|
||||
|
||||
</script>
|
||||
|
@ -82,6 +82,10 @@ HORIZON_CONFIG = {
|
||||
# the database creation workflow if so desired.
|
||||
# HORIZON_CONFIG["password_autocomplete"] = "off"
|
||||
|
||||
# Setting this to True will disable the reveal button for password fields,
|
||||
# including on the login form.
|
||||
# HORIZON_CONFIG["disable_password_reveal"] = False
|
||||
|
||||
LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
|
||||
|
||||
# Set custom secret key:
|
||||
|
Loading…
Reference in New Issue
Block a user