Skip to content

Mask the "Secret token" input in the webhook form

Justin Ho Tuan Duong requested to merge gitlab-mask-secret-token into master

What does this MR do and why?

Original credit to !90670 (closed). Issue #359989 (closed).

This MR makes the Secret token field a password-like field:

  • It hides input when you create the webhook.
  • It does not show the field once saved and only shows 12 stars ************ for the field. To keep the current value, you just leave it as-is.

Screenshots or screen recordings

Screen recording

Webhook_secret_token

Screenshots

Page Before After
Index Webhook_secret_token_create_before Webhook_secret_token_create_after
Edit Webhook_secret_token_edit_before Webhook_secret_token_edit_after

How to set up and validate locally

  1. Go to Project > Settings > Webhooks. For example, http://127.0.0.1:3000/gitlab-org/gitlab-shell/-/hooks.
  2. Fill in the URL and Secret token fields.
  3. Observe that the Secret token field is now masked as a password field. On webhook edit, this field is completely hidden.
  4. Check the values in the rails console to make sure the right one is saved.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Justin Ho Tuan Duong

Merge request reports