1
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-10-31 08:37:35 -04:00
gitea/templates/repo/migrate/gitea.tmpl
Dan Church 67da4c1b25
Set type="password" on all auth_token fields (#22175)
Set `type="password"` on all `auth_token` fields

Seen when migrating from other hosting platforms.

1. Prevents exposing the token to screen capture/cameras/eyeballs.
2. Prevents the browser from saving the value in its autocomplete
dictionary, which often is not secure.

![exposed auth
token](https://user-images.githubusercontent.com/615684/208541005-e2c9c6b0-3c6c-4a56-95d9-357b987aa0c8.png)

Closes #22174

---------

Signed-off-by: Dan Church <amphetamachine@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-04-23 10:28:27 -04:00

129 lines
5.3 KiB
Handlebars

{{template "base/head" .}}
<div role="main" aria-label="{{.Title}}" class="page-content repository new migrate">
<div class="ui middle very relaxed page grid">
<div class="column">
<form class="ui form" action="{{.Link}}" method="post">
{{.CsrfTokenHtml}}
<h3 class="ui top attached header">
{{.locale.Tr "repo.migrate.migrate" .service.Title}}
<input id="service_type" type="hidden" name="service" value="{{.service}}">
</h3>
<div class="ui attached segment">
{{template "base/alert" .}}
<div class="inline required field {{if .Err_CloneAddr}}error{{end}}">
<label for="clone_addr">{{.locale.Tr "repo.migrate.clone_address"}}</label>
<input id="clone_addr" name="clone_addr" value="{{.clone_addr}}" autofocus required>
<span class="help">
{{.locale.Tr "repo.migrate.clone_address_desc"}}{{if .ContextUser.CanImportLocal}} {{.locale.Tr "repo.migrate.clone_local_path"}}{{end}}
</span>
</div>
<div class="inline field {{if .Err_Auth}}error{{end}}">
<label for="auth_token">{{.locale.Tr "access_token"}}</label>
<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
<a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a>
</div>
{{template "repo/migrate/options" .}}
<div class="inline field">
<label>{{.locale.Tr "repo.migrate_items"}}</label>
<div class="ui checkbox">
<input name="wiki" type="checkbox" {{if .wiki}} checked{{end}}>
<label>{{.locale.Tr "repo.migrate_items_wiki" | Safe}}</label>
</div>
</div>
<div id="migrate_items">
<span class="help">{{.locale.Tr "repo.migrate.migrate_items_options"}}</span>
<div class="inline field">
<label></label>
<div class="ui checkbox">
<input name="labels" type="checkbox" {{if .labels}} checked{{end}}>
<label>{{.locale.Tr "repo.migrate_items_labels" | Safe}}</label>
</div>
<div class="ui checkbox">
<input name="issues" type="checkbox" {{if .issues}} checked{{end}}>
<label>{{.locale.Tr "repo.migrate_items_issues" | Safe}}</label>
</div>
</div>
<div class="inline field">
<label></label>
<div class="ui checkbox">
<input name="pull_requests" type="checkbox" {{if .pull_requests}} checked{{end}}>
<label>{{.locale.Tr "repo.migrate_items_pullrequests" | Safe}}</label>
</div>
<div class="ui checkbox">
<input name="releases" type="checkbox" {{if .releases}} checked{{end}}>
<label>{{.locale.Tr "repo.migrate_items_releases" | Safe}}</label>
</div>
</div>
<div class="inline field">
<label></label>
<div class="ui checkbox">
<input name="milestones" type="checkbox" {{if .milestones}} checked{{end}}>
<label>{{.locale.Tr "repo.migrate_items_milestones" | Safe}}</label>
</div>
</div>
</div>
<div class="ui divider"></div>
<div class="inline required field {{if .Err_Owner}}error{{end}}">
<label>{{.locale.Tr "repo.owner"}}</label>
<div class="ui selection owner dropdown">
<input type="hidden" id="uid" name="uid" value="{{.ContextUser.ID}}" required>
<span class="text truncated-item-container" title="{{.ContextUser.Name}}">
{{avatar $.Context .ContextUser}}
<span class="truncated-item-name">{{.ContextUser.ShortName 40}}</span>
</span>
{{svg "octicon-triangle-down" 14 "dropdown icon"}}
<div class="menu" title="{{.SignedUser.Name}}">
<div class="item truncated-item-container" data-value="{{.SignedUser.ID}}">
{{avatar $.Context .SignedUser}}
<span class="truncated-item-name">{{.SignedUser.ShortName 40}}</span>
</div>
{{range .Orgs}}
<div class="item truncated-item-container" data-value="{{.ID}}" title="{{.Name}}">
{{avatar $.Context .}}
<span class="truncated-item-name">{{.ShortName 40}}</span>
</div>
{{end}}
</div>
</div>
</div>
<div class="inline required field {{if .Err_RepoName}}error{{end}}">
<label for="repo_name">{{.locale.Tr "repo.repo_name"}}</label>
<input id="repo_name" name="repo_name" value="{{.repo_name}}" required>
</div>
<div class="inline field">
<label>{{.locale.Tr "repo.visibility"}}</label>
<div class="ui checkbox">
{{if .IsForcedPrivate}}
<input name="private" type="checkbox" checked readonly>
<label>{{.locale.Tr "repo.visibility_helper_forced" | Safe}}</label>
{{else}}
<input name="private" type="checkbox" {{if .private}} checked{{end}}>
<label>{{.locale.Tr "repo.visibility_helper" | Safe}}</label>
{{end}}
</div>
</div>
<div class="inline field {{if .Err_Description}}error{{end}}">
<label for="description">{{.locale.Tr "repo.repo_desc"}}</label>
<textarea id="description" name="description">{{.description}}</textarea>
</div>
<div class="inline field">
<label></label>
<button class="ui green button">
{{.locale.Tr "repo.migrate_repo"}}
</button>
</div>
</div>
</form>
</div>
</div>
</div>
{{template "base/footer" .}}