ysinghc opened a new pull request, #3251:
URL: https://github.com/apache/apisix-dashboard/pull/3251
Based on your recent commits and the PR template, here's the completed pull
request description:
---
**Why submit this pull request?**
- [x] Bugfix
- [x] New feature provided
- [ ] Improve performance
- [ ] Backport patches
**What changes will this PR take into?**
This PR enhances security by masking sensitive data fields in the APISIX
Dashboard UI:
### Changes Made:
1. **New PasswordInput Component** (PasswordInput.tsx)
- Created a reusable form component for sensitive data fields
- Built on Mantine's PasswordInput with proper form validation integration
- Supports reveal/hide toggle for user convenience while maintaining
security
2. **Updated Secret Management Forms** (FormPartSecret.tsx)
- Replaced TextInput with PasswordInput for sensitive fields:
- **Vault secrets**: `token` field
- **AWS secrets**: `access_key_id`, `secret_access_key`,
`session_token` fields
- **GCP secrets**: `private_key` field
3. **Updated Settings Modal** (SettingsModal.tsx)
- Changed Admin Key input from TextInput to PasswordInput
- Prevents accidental exposure of admin credentials
4. **Updated E2E Tests**
- Modified test selectors in auth.spec.ts to work with PasswordInput
component
- Updated test.ts authentication helper to use proper selectors
5. **Code Consistency** (i18n.ts)
- Reordered import statements alphabetically for better maintainability
### Security Benefits:
- Passwords, tokens, and keys are now masked by default
- Reduces risk of shoulder surfing and accidental exposure
- Maintains usability with toggle visibility option
- Consistent UX across all sensitive field inputs
**Related issues**
fixes #3218
**Checklist:**
- [x] Did you explain what problem does this PR solve? Or what new features
have been added?
- **Problem**: Sensitive data (passwords, API keys, tokens) was displayed
in plain text in form fields, creating a security risk
- **Solution**: Implemented masked password inputs with toggle visibility
for all sensitive fields
- [x] Have you added corresponding test cases?
- Updated E2E tests in auth.spec.ts and test.ts to work with the new
PasswordInput component
- [ ] Have you modified the corresponding document?
- No documentation changes required as this is a UI improvement that
doesn't change the API or user workflows
- [x] Is this PR backward compatible? If it is not backward compatible,
please discuss on the mailing list first
- **Yes, fully backward compatible**. This change only affects the UI
rendering of form inputs. All data handling, API interactions, and existing
configurations remain unchanged.
---
**Note**: The E2E test results show the authentication tests are passing
successfully with the new PasswordInput component, confirming the
implementation works correctly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
