From 7437006359431a60cd25d27af8eaedc42f9571e4 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 27 Sep 2021 14:00:04 +1000 Subject: [PATCH] fix(swagger): EE-868: elide the password field in the swagger docs (#5636) Signed-off-by: Sven Dowideit --- api/http/handler/users/user_inspect.go | 1 + api/http/handler/users/user_list.go | 1 + api/portainer.go | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/api/http/handler/users/user_inspect.go b/api/http/handler/users/user_inspect.go index 6e076dd0c..c6a25145e 100644 --- a/api/http/handler/users/user_inspect.go +++ b/api/http/handler/users/user_inspect.go @@ -15,6 +15,7 @@ import ( // @id UserInspect // @summary Inspect a user // @description Retrieve details about a user. +// @description User passwords are filtered out, and should never be accessible. // @description **Access policy**: administrator // @tags users // @security jwt diff --git a/api/http/handler/users/user_list.go b/api/http/handler/users/user_list.go index d85c835e6..57e609d06 100644 --- a/api/http/handler/users/user_list.go +++ b/api/http/handler/users/user_list.go @@ -12,6 +12,7 @@ import ( // @summary List users // @description List Portainer users. // @description Non-administrator users will only be able to list other non-administrator user accounts. +// @description User passwords are filtered out, and should never be accessible. // @description **Access policy**: restricted // @tags users // @security jwt diff --git a/api/portainer.go b/api/portainer.go index 0220fe444..6be88235b 100644 --- a/api/portainer.go +++ b/api/portainer.go @@ -1023,7 +1023,7 @@ type ( // User Identifier ID UserID `json:"Id" example:"1"` Username string `json:"Username" example:"bob"` - Password string `json:"Password,omitempty" example:"passwd"` + Password string `json:"Password,omitempty" swaggerignore:"true"` // User Theme UserTheme string `example:"dark"` // User role (1 for administrator account and 2 for regular account)