fix(swagger): EE-868: elide the password field in the swagger docs (#5636)

Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
3 years ago · 7437006359
parent 9c80501738
commit 7437006359
3 changed files with 3 additions and 1 deletions
--- a/api/http/handler/users/user_inspect.go
+++ b/api/http/handler/users/user_inspect.go
@ -15,6 +15,7 @@ import (
 // @id UserInspect
 // @summary Inspect a user
 // @description Retrieve details about a user.
+// @description User passwords are filtered out, and should never be accessible.
 // @description **Access policy**: administrator
 // @tags users
 // @security jwt
--- a/api/http/handler/users/user_list.go
+++ b/api/http/handler/users/user_list.go
@ -12,6 +12,7 @@ import (
 // @summary List users
 // @description List Portainer users.
 // @description Non-administrator users will only be able to list other non-administrator user accounts.
+// @description User passwords are filtered out, and should never be accessible.
 // @description **Access policy**: restricted
 // @tags users
 // @security jwt
--- a/api/portainer.go
+++ b/api/portainer.go
@ -1023,7 +1023,7 @@ type (
 		// User Identifier
 		ID       UserID `json:"Id" example:"1"`
 		Username string `json:"Username" example:"bob"`
-		Password string `json:"Password,omitempty" example:"passwd"`
+		Password string `json:"Password,omitempty" swaggerignore:"true"`
 		// User Theme
 		UserTheme string `example:"dark"`
 		// User role (1 for administrator account and 2 for regular account)