Close #388: Prevent web browser from remembering API keys

ruuvi · May 10, 2024 · 731f05f · 731f05f
1 parent 36c3827
commit 731f05f
Show file tree

Hide file tree

Showing 5 changed files with 72 additions and 15 deletions.
diff --git a/src/gui_input_token.mjs b/src/gui_input_token.mjs
@@ -3,19 +3,20 @@
  * @copyright Ruuvi Innovations Ltd, license BSD-3-Clause.
  */
 
-import GuiInputTextWithSaving from './gui_input_text_with_saving.mjs'
+import GuiInputPassword from "./gui_input_password.mjs";
 import * as crypto from './crypto.mjs'
 
-class GuiInputToken extends GuiInputTextWithSaving {
+class GuiInputToken extends GuiInputPassword {
 
   constructor (obj, useSavedToken = true) {
-    super(obj, useSavedToken, 'text', 'GuiInputToken')
+    super(obj, useSavedToken, 'password', 'GuiInputToken')
   }
 
   setNewTokenIfEmpty () {
     if (this._obj.val() === '') {
       this._clear_saved()
       this._obj.val(crypto.enc.Base64.stringify(crypto.SHA256(crypto.lib.WordArray.random(32))))
+      this.showPassword()
     }
   }
 }

diff --git a/src/index.html b/src/index.html
@@ -1115,7 +1115,13 @@ <h3>
                                     </label>
                                 </h3>
                                 <div class="input-password input-with_validity_check">
-                                    <input type="text" id="remote_cfg-auth_bearer-token">
+                                    <input type="password" id="remote_cfg-auth_bearer-token">
+                                    <div class="input-password-eye">
+                                        <div class="eye">
+                                        </div>
+                                        <div class="eye-slash hidden">
+                                        </div>
+                                    </div>
                                     <div class="input-with_validity_check-icon">
                                     </div>
                                     <div class="input-placeholder">
@@ -1693,10 +1699,18 @@ <h3>
                                     <span lang="fi">API-avain (haltijatunnus)</span>
                                 </label>
                             </h3>
-                            <input type="text" id="lan_auth-api_key">
-                            <div class="input-placeholder">
-                                <span lang="en">API key</span>
-                                <span lang="fi">API-avain</span>
+                            <div class="input-password">
+                                <input type="password" id="lan_auth-api_key">
+                                <div class="input-password-eye">
+                                    <div class="eye hidden">
+                                    </div>
+                                    <div class="eye-slash">
+                                    </div>
+                                </div>
+                                <div class="input-placeholder">
+                                    <span lang="en">API key</span>
+                                    <span lang="fi">API-avain</span>
+                                </div>
                             </div>
                         </div>
                     </div>
@@ -1716,10 +1730,18 @@ <h3>
                                     <span lang="fi">API-avain (haltijatunnus)</span>
                                 </label>
                             </h3>
-                            <input type="text" id="lan_auth-api_key_rw">
-                            <div class="input-placeholder">
-                                <span lang="en">API key</span>
-                                <span lang="fi">API-avain</span>
+                            <div class="input-password">
+                                <input type="password" id="lan_auth-api_key_rw">
+                                <div class="input-password-eye">
+                                    <div class="eye">
+                                    </div>
+                                    <div class="eye-slash hidden">
+                                    </div>
+                                </div>
+                                <div class="input-placeholder">
+                                    <span lang="en">API key</span>
+                                    <span lang="fi">API-avain</span>
+                                </div>
                             </div>
                         </div>
                     </div>
@@ -1992,7 +2014,13 @@ <h3>
                                     </label>
                                 </h3>
                                 <div class="input-password input-with_validity_check">
-                                    <input type="text" id="http_auth_bearer_api_key">
+                                    <input type="password" id="http_auth_bearer_api_key">
+                                    <div class="input-password-eye">
+                                        <div class="eye">
+                                        </div>
+                                        <div class="eye-slash hidden">
+                                        </div>
+                                    </div>
                                     <div class="input-with_validity_check-icon">
                                     </div>
                                     <div class="input-placeholder">
@@ -2017,7 +2045,13 @@ <h3>
                                     </label>
                                 </h3>
                                 <div class="input-password input-with_validity_check">
-                                    <input type="text" id="http_auth_token_api_key">
+                                    <input type="password" id="http_auth_token_api_key">
+                                    <div class="input-password-eye">
+                                        <div class="eye">
+                                        </div>
+                                        <div class="eye-slash hidden">
+                                        </div>
+                                    </div>
                                     <div class="input-with_validity_check-icon">
                                     </div>
                                     <div class="input-placeholder">
@@ -2042,7 +2076,13 @@ <h3>
                                     </label>
                                 </h3>
                                 <div class="input-password input-with_validity_check">
-                                    <input type="text" id="http_auth-api_key-value">
+                                    <input type="password" id="http_auth-api_key-value">
+                                    <div class="input-password-eye">
+                                        <div class="eye">
+                                        </div>
+                                        <div class="eye-slash hidden">
+                                        </div>
+                                    </div>
                                     <div class="input-with_validity_check-icon">
                                     </div>
                                     <div class="input-placeholder">

diff --git a/src/page_custom_server.mjs b/src/page_custom_server.mjs
@@ -462,6 +462,12 @@ class PageCustomServer {
 
     async #onHide() {
         console.log(log_wrap('section#page-custom_server: onHide'))
+        this.#input_http_auth_basic_pass.hidePassword()
+        this.#input_http_auth_bearer_token.hidePassword()
+        this.#input_http_auth_token_api_key.hidePassword()
+        this.#input_http_auth_apikey_value.hidePassword()
+        this.#input_mqtt_pass.hidePassword()
+        this.#input_http_stat_pass.hidePassword()
         this.#gwCfg.http.use_http_ruuvi = this.#checkbox_use_http_ruuvi.isChecked()
         this.#gwCfg.http.use_http = this.#checkbox_use_http.isChecked()
         if (this.#checkbox_use_http.isChecked()) {
@@ -1214,6 +1220,12 @@ class PageCustomServer {
     }
 
     async #onButtonCheck() {
+        this.#input_http_auth_basic_pass.hidePassword()
+        this.#input_http_auth_bearer_token.hidePassword()
+        this.#input_http_auth_token_api_key.hidePassword()
+        this.#input_http_auth_apikey_value.hidePassword()
+        this.#input_mqtt_pass.hidePassword()
+        this.#input_http_stat_pass.hidePassword()
         if (!this.#input_http_url.getVal().startsWith('http://') && !this.#input_http_url.getVal().startsWith('https://')) {
             this.#input_http_url.setVal('http://' + this.#input_http_url.getVal())
             this.#input_http_url.setValidationRequired()

diff --git a/src/page_lan_auth.mjs b/src/page_lan_auth.mjs
@@ -145,6 +145,8 @@ class PageLanAuth {
 
   async #onHide () {
     console.log(log_wrap('section#page-settings_lan_auth: onHide'))
+    this.#input_api_key.hidePassword()
+    this.#input_api_key_rw.hidePassword()
     if (this.#radio_lan_auth_type_default.isChecked()) {
       this.#gwCfgLanAuth.lan_auth_type.setAuthDefault()
       this.#gwCfgLanAuth.setDefaultUser()

diff --git a/src/page_remote_cfg.mjs b/src/page_remote_cfg.mjs
@@ -175,6 +175,8 @@ class PageRemoteCfg {
 
     async #onHide() {
         console.log(log_wrap('section#page-remote_cfg: onHide'))
+        this.#input_auth_basic_pass.hidePassword()
+        this.#input_auth_bearer_token.hidePassword()
         this.#updateGwCfg()
     }