From 488e19f51472ac2b301c8752ef0ab7215e27d63f Mon Sep 17 00:00:00 2001
From: Wenkai Yin <yinw@vmware.com>
Date: Thu, 6 Apr 2017 18:48:43 +0800
Subject: [PATCH] donot return password of target

---
 src/ui/api/target.go | 23 ++---------------------
 1 file changed, 2 insertions(+), 21 deletions(-)

diff --git a/src/ui/api/target.go b/src/ui/api/target.go
index 425c9a4dc..bb671cb07 100644
--- a/src/ui/api/target.go
+++ b/src/ui/api/target.go
@@ -147,17 +147,7 @@ func (t *TargetAPI) Get() {
 		t.CustomAbort(http.StatusNotFound, http.StatusText(http.StatusNotFound))
 	}
 
-	// The reason why the password is returned is that when user just wants to
-	// modify other fields of target he does not need to input the password again.
-	// The security issue can be fixed by enable https.
-	if len(target.Password) != 0 {
-		pwd, err := utils.ReversibleDecrypt(target.Password, t.secretKey)
-		if err != nil {
-			log.Errorf("failed to decrypt password: %v", err)
-			t.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
-		}
-		target.Password = pwd
-	}
+	target.Password = ""
 
 	t.Data["json"] = target
 	t.ServeJSON()
@@ -173,16 +163,7 @@ func (t *TargetAPI) List() {
 	}
 
 	for _, target := range targets {
-		if len(target.Password) == 0 {
-			continue
-		}
-
-		str, err := utils.ReversibleDecrypt(target.Password, t.secretKey)
-		if err != nil {
-			log.Errorf("failed to decrypt password: %v", err)
-			t.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
-		}
-		target.Password = str
+		target.Password = ""
 	}
 
 	t.Data["json"] = targets