[MGNLMAIL-83] Do not show the password value in the SMTP configuration in plain text Created: 24/May/17  Updated: 10/Aug/22  Resolved: 20/Jul/17

Status: Closed
Project: Magnolia Mail Module
Component/s: None
Affects Version/s: None
Fix Version/s: 5.5

Type: Improvement Priority: Neutral
Reporter: Martin Drápela Assignee: Roman Kovařík
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File image-2017-05-24-10-18-44-301.png    
Issue Links:
dependency
depends upon PSWDMNGR-4 Module becomes community Closed
depends upon PSWDMNGR-5 Passwords should not be referenced by... Closed
relation
is related to MGNLMAIL-136 CLONE - Implement OAuth 2.0 authentic... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Release notes required:
Yes
Documentation update required:
Yes
Date of First Response:
Sprint: Kromeriz 101, Kromeriz 103, Kromeriz 104, Kromeriz 105
Story Points: 3

 Description   

While the values for (e.g.)

/admin/tina@pswd
/system/superuser@pswd

in the users workspace are Bcrypted, the value in

/modules/mail/config/smtp@smtpPassword

is in the naked form and would also deserve to be encrypted - or at least "visually hidden" in the UI. When testing the module's functions, one now has to use their magnolia password - and unfortunately it is visible in this node.

Part of the work should also be invested in refactoring the authentication config and code cleanup.



 Comments   
Comment by Evzen Fochr [ 20/Jul/17 ]

Old password in config not take into account if path to password manager has not been set yet.

Comment by Evzen Fochr [ 20/Jul/17 ]

Than this warn message is misleading: "We suggest to move your plain text SMTP password from

{config:/modules/mail/config/smtp/smtpPassword}

to password manager app and then link it via the mail app" because its not only suggestion, it has to be done.

Generated at Mon Feb 12 06:03:28 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.