mirrors/element-web
1
0
Fork 0
mirror of https://github.com/element-hq/element-web.git synced 2024-12-16 14:01:35 +03:00
Code Issues Projects Releases Packages Wiki Activity

Warn on Access Token reveal

Browse source 
Signed-off-by: Resynth <resynth1943@tutanota.com>
This commit is contained in:
Resynth 2020-10-25 22:04:39 +00:00
parent d5e9d5306a
commit e33f4ba9c0
2 changed files with 52 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
src/components/views/dialogs/AccessTokenDialog.tsx Normal file
View file

@ -0,0 +1,39 @@
/*
Copyright 2017 Vector Creations Ltd
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
import React from 'react';
import { _t } from '../../../languageHandler';
import QuestionDialog from './QuestionDialog';
type IProps = Exclude<
React.ComponentProps<QuestionDialog>,
"title" | "danger" | "description"
>;
export default function AccessTokenDialog (props: IProps) {
return (
<QuestionDialog
{...props}
title="Reveal Access Token"
danger={true}
description={_t(
"Do not reveal your Access Token to anyone, under any circumstances. " +
"Sharing your Access Token with someone would allow them to login to " +
"your account, and access your private information."
)}
></QuestionDialog>
);
}

14
src/components/views/settings/tabs/user/HelpUserSettingsTab.js
View file

@ -27,6 +27,7 @@ import * as sdk from "../../../../../";
import PlatformPeg from "../../../../../PlatformPeg"; import PlatformPeg from "../../../../../PlatformPeg";
import * as KeyboardShortcuts from "../../../../../accessibility/KeyboardShortcuts"; import * as KeyboardShortcuts from "../../../../../accessibility/KeyboardShortcuts";
import UpdateCheckButton from "../../UpdateCheckButton"; import UpdateCheckButton from "../../UpdateCheckButton";
import AccessTokenDialog from '../../../dialogs/AccessTokenDialog';
export default class HelpUserSettingsTab extends React.Component { export default class HelpUserSettingsTab extends React.Component {
static propTypes = { static propTypes = {
@ -148,6 +149,17 @@ export default class HelpUserSettingsTab extends React.Component {
); );
} }
onAccessTokenSpoilerClick = async (event) => {
// React throws away the event before we can use it (we are async, after all).
event.persist();
// We make the user accept a scary popup to combat Social Engineering. No peeking!
await Modal.createTrackedDialog('Reveal Access Token', '', AccessTokenDialog).finished;
// Pass it onto the handler.
this._showSpoiler(event);
}
render() { render() {
const brand = SdkConfig.get().brand; const brand = SdkConfig.get().brand;
@ -266,7 +278,7 @@ export default class HelpUserSettingsTab extends React.Component {
{_t("Homeserver is")} <code>{MatrixClientPeg.get().getHomeserverUrl()}</code><br /> {_t("Homeserver is")} <code>{MatrixClientPeg.get().getHomeserverUrl()}</code><br />
{_t("Identity Server is")} <code>{MatrixClientPeg.get().getIdentityServerUrl()}</code><br /> {_t("Identity Server is")} <code>{MatrixClientPeg.get().getIdentityServerUrl()}</code><br />
{_t("Access Token:") + ' '} {_t("Access Token:") + ' '}
<AccessibleButton element="span" onClick={this._showSpoiler} <AccessibleButton element="span" onClick={this.onAccessTokenSpoilerClick}
data-spoiler={MatrixClientPeg.get().getAccessToken()}> data-spoiler={MatrixClientPeg.get().getAccessToken()}>
&lt;{ _t("click to reveal") }&gt; &lt;{ _t("click to reveal") }&gt;
</AccessibleButton> </AccessibleButton>