Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-07-03 02:05:49 +02:00
Code Issues Projects Releases Wiki Activity

donot return password of target

Browse Source
This commit is contained in:
Wenkai Yin 2017-04-06 18:48:43 +08:00
parent d8a0e01214
commit 488e19f514
1 changed files with 2 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/ui/api/target.go
View File

@ -147,17 +147,7 @@ func (t *TargetAPI) Get() {
t.CustomAbort(http.StatusNotFound, http.StatusText(http.StatusNotFound))
}
// The reason why the password is returned is that when user just wants to
// modify other fields of target he does not need to input the password again.
// The security issue can be fixed by enable https.
if len(target.Password) != 0 {
pwd, err := utils.ReversibleDecrypt(target.Password, t.secretKey)
if err != nil {
log.Errorf("failed to decrypt password: %v", err)
t.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
}
target.Password = pwd
}
target.Password = ""
t.Data["json"] = target
t.ServeJSON()
@ -173,16 +163,7 @@ func (t *TargetAPI) List() {
}
for _, target := range targets {
if len(target.Password) == 0 {
continue
}
str, err := utils.ReversibleDecrypt(target.Password, t.secretKey)
if err != nil {
log.Errorf("failed to decrypt password: %v", err)
t.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
}
target.Password = str
target.Password = ""
}
t.Data["json"] = targets