1388770 – Better to have a link to hide the token again after unfolded on Command Line Tools page

Bug 1388770 - Better to have a link to hide the token again after unfolded on Command Line Tools page

Summary: Better to have a link to hide the token again after unfolded on Command Line ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Management Console
Sub Component:
Version:	3.4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	---
Target Release:	---
Assignee:	Juan Vallejo
QA Contact:	Yadan Pei
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-10-26 07:35 UTC by XiaochuanWang
Modified:	2017-07-24 14:11 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Unable to hide user token after clicking link to display it in the example cli commands on the web console. Consequence: User could not hide sensitive information (the token) once it was displayed, unless the page was refreshed. Fix: web console page containing command line examples was updated so that each command line example was displayed in an input element, with a "copy to clipboard" button. This allowed for the cli example containing a user's token to never show the token, but rather have the "copy to clipboard" button directly copy it to the user's clipboard. Result: There is no longer an issue of a user's token being displayed, without a way to hide it again.
Clone Of:
Environment:
Last Closed:	2017-04-12 19:15:29 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:0884	0	normal	SHIPPED_LIVE	Red Hat OpenShift Container Platform 3.5 RPM Release Advisory	2017-04-12 22:50:07 UTC

Description XiaochuanWang 2016-10-26 07:35:12 UTC

Description of problem:
User login web console and go to https://xxx:8443/console/command-line, click "...click to show token..." and try to find a way to hide token again.

Version-Release number of selected component (if applicable):
openshift v3.4.0.15+9c963ec

How reproducible:
Always

Steps to Reproduce:
1. User login web console and go to https://xxx:8443/console/command-line
2. Click to show token in the line "oc login https://xxx:8443 --token=...click to show token..."
3. Try to find a way to hide token again.

Actual results:
User can not hide the token which is sensitive. 

Expected results:
User can fold token again.

Additional info:
Can work around by refreshing the web page, but may not working when network is bad for refresh and even hung.

Comment 1 Juan Vallejo 2016-11-14 21:14:32 UTC

Related PR: https://github.com/openshift/origin-web-console/pull/871

Comment 2 Troy Dawson 2017-01-20 23:20:44 UTC

This has been merged into ocp and is in OCP v3.5.0.7 or newer.

Comment 3 XiaochuanWang 2017-01-22 06:01:50 UTC

Verified on openshift 3.5.0.7

Page shows "oc login https://x.x.x.x:8443 --token=<token>" with a warning "A token is a form of a password. Do not share your API token."

User could still get the token by copying it

Comment 5 errata-xmlrpc 2017-04-12 19:15:29 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0884

Note You need to log in before you can comment on or make changes to this bug.