From 28844bcf874db0d663692e0555e1c1f5ef41b459 Mon Sep 17 00:00:00 2001 From: Stanislas Date: Wed, 26 Feb 2025 09:19:41 +0100 Subject: [PATCH 1/6] Fix(Credential): handle password correctly --- inc/credential.class.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/inc/credential.class.php b/inc/credential.class.php index 5932d56..79d8ae3 100644 --- a/inc/credential.class.php +++ b/inc/credential.class.php @@ -134,6 +134,9 @@ public function rawSearchOptions() public function showForm($ID, array $options = []) { $this->initForm($ID, $options); + + $this->fields['password'] = (new GLPIKey())->decrypt($this->fields['password']); + TemplateRenderer::getInstance()->display( '@databaseinventory/credential.html.twig', [ From a5750ab466fde7fc23f85ae1359088d6041713a9 Mon Sep 17 00:00:00 2001 From: Stanislas Date: Wed, 26 Feb 2025 09:22:37 +0100 Subject: [PATCH 2/6] addapt changelog --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0356309..05bf0bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [UNRELEASE] + +## Fixed + +- Correctly handle `password` for `twig` template ## [1.0.2] - 2024-12-13 From ed48e5f20700ed8389072ce6e86ac1f617b74292 Mon Sep 17 00:00:00 2001 From: Stanislas Date: Wed, 26 Feb 2025 11:35:27 +0100 Subject: [PATCH 3/6] do not disclose field and allow clearing --- inc/credential.class.php | 3 +++ templates/credential.html.twig | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/inc/credential.class.php b/inc/credential.class.php index 79d8ae3..eb3d6d0 100644 --- a/inc/credential.class.php +++ b/inc/credential.class.php @@ -161,6 +161,9 @@ public function prepareInput(array $input, $mode = 'add'): array $input['password'] = (new GLPIKey())->encrypt($input['password']); } } + if (isset($input['_blank_password'])) { + $input['password'] = ''; + } return $input; } diff --git a/templates/credential.html.twig b/templates/credential.html.twig index be13da5..30a3205 100644 --- a/templates/credential.html.twig +++ b/templates/credential.html.twig @@ -49,7 +49,7 @@ 'password', item.fields['password'], __('Password', 'databaseinventory'), - {'clearable': false, 'is_disclosable' : true} + {'clearable': true, 'is_disclosable' : false} ) }} {{ fields.textField( @@ -59,4 +59,4 @@ ) }} -{% endblock %} \ No newline at end of file +{% endblock %} From cd5dd73b7e02284a31b6266b2bc7f409c3dca79a Mon Sep 17 00:00:00 2001 From: Stanislas Date: Wed, 26 Feb 2025 11:40:04 +0100 Subject: [PATCH 4/6] adapt changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 05bf0bf..5f70464 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## Fixed -- Correctly handle `password` for `twig` template +- Fix `password` encrypt ## [1.0.2] - 2024-12-13 From 9b07fb1e6c505d39ca77f625761a6bd8d7de845a Mon Sep 17 00:00:00 2001 From: Stanislas Date: Wed, 26 Feb 2025 15:45:37 +0100 Subject: [PATCH 5/6] remove useless code --- inc/credential.class.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/inc/credential.class.php b/inc/credential.class.php index eb3d6d0..058aed5 100644 --- a/inc/credential.class.php +++ b/inc/credential.class.php @@ -135,8 +135,6 @@ public function showForm($ID, array $options = []) { $this->initForm($ID, $options); - $this->fields['password'] = (new GLPIKey())->decrypt($this->fields['password']); - TemplateRenderer::getInstance()->display( '@databaseinventory/credential.html.twig', [ From 7638559d31fb10dec39db5b9704a012260471fb9 Mon Sep 17 00:00:00 2001 From: Stanislas Date: Wed, 26 Feb 2025 16:02:42 +0100 Subject: [PATCH 6/6] change changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f70464..46e8254 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## Fixed -- Fix `password` encrypt +- Do not disclose `password` from `form` input. ## [1.0.2] - 2024-12-13