tripleo

Enable disable_password_reveal in horizon

Bug #1640492 reported by Luke Hinds
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
puppet-horizon
Fix Released
Medium
Alex Schultz
tripleo
Fix Released
Medium
Alex Schultz
tripleo ocata-3 "ocata-3"

Bug Description

Currently horizon is configured with disable_password_reveal commented out, which results in the default of 'False' being inherited.

Setting this to True will disable the reveal button for password fields, including on the login form, which is a more secure setting to use (prevents possible user credential theft).

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/395668

Changed in tripleo:
assignee: Luke Hinds (lhinds) → Alex Schultz (alex-schultz)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/395677

Changed in puppet-horizon:
assignee: nobody → Luke Hinds (lhinds)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on puppet-horizon (master)

Change abandoned by Luke Hinds (<email address hidden>) on branch: master
Review: https://review.openstack.org/395677
Reason: Already covered in this patch: https://review.openstack.org/#/c/395666/

Revision history for this message
Luke Hinds (lhinds) wrote :

abandoned the above https://review.openstack.org/#/c/395677/

Luke Hinds (lhinds)
Changed in puppet-horizon:
assignee: Luke Hinds (lhinds) → nobody
Alex Schultz (alex-schultz)
Changed in puppet-horizon:
assignee: nobody → Alex Schultz (alex-schultz)
importance: Undecided → Medium
Luke Hinds (lhinds)
Changed in tripleo:
importance: High → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to puppet-horizon (master)

Reviewed: https://review.openstack.org/395666
Committed: https://git.openstack.org/cgit/openstack/puppet-horizon/commit/?id=ff13a2140fae8561e9caff999c80beced3091be5
Submitter: Jenkins
Branch: master

commit ff13a2140fae8561e9caff999c80beced3091be5
Author: Alex Schultz <email address hidden>
Date: Wed Nov 9 08:18:57 2016 -0700

    Manage disable_password_reveal

    A user can disable the password reveal button in the horizon UI via the
    configuration. This change adds the ability to toggle this to True via
    the puppet modules.

    Change-Id: Iacf899d595a2a3c522df1b96ca527731937ec698
    Related-Bug: #1640492

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/395668
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=465d91380c8ab85128aee4e36f12425519b412e3
Submitter: Jenkins
Branch: master

commit 465d91380c8ab85128aee4e36f12425519b412e3
Author: Alex Schultz <email address hidden>
Date: Wed Nov 9 08:22:44 2016 -0700

    Disable password reveal in horizon

    To improve security, we should disable the password reveal option in
    horizon by default. An end user can override this options via their own
    custom hiera if they would ultimately like to have this functionality.

    Change-Id: Ie88dac5610840eb4b327252b32dc469099ba5f5f
    Depends-On: Iacf899d595a2a3c522df1b96ca527731937ec698
    Closes-Bug: 1640492

Changed in tripleo:
status: In Progress → Fix Released
Luke Hinds (lhinds)
Changed in puppet-horizon:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 6.0.0.0b1

This issue was fixed in the openstack/tripleo-heat-templates 6.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.