Use commonware.middleware.HidePasswordOnException

VERIFIED FIXED in 2.4

Status

support.mozilla.org
Users and Groups
P3
normal
VERIFIED FIXED
7 years ago
7 years ago

People

(Reporter: jsocol, Assigned: jsocol)

Tracking

unspecified

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [qa-])

(Assignee)

Description

7 years ago
Since Django only blanks out passwords in request.POST if the key is 'PASSWORD', and it's a one-line change, we should flip on Jeff's HidPasswordOnException middleware.
(Assignee)

Comment 1

7 years ago
Would be nice this year but not critical for 2.3. Will revisit if we come out ahead.
Target Milestone: 2.3 → 2.4
(Assignee)

Updated

7 years ago
Component: Code Quality → Users and Groups
(Assignee)

Comment 2

7 years ago
https://github.com/jsocol/kitsune/commit/e61699c00
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Please add verification steps or [qa-], thanks
(Assignee)

Comment 4

7 years ago
Technically this could be verified by receiving a stack trace with a password in a field like "password2" and having it replaced with stars.

But I have no idea how to cause that stack trace. If you find one, feel free to verify this and file a bug for the stack trace ;)
Whiteboard: [qa-]
Closed as [qa-]
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.