From GH comment: #5 (review)
5) The Bitbucket OAuth Client Secret is displayed as plain text in the System Console. When the config is saved and page is reloaded, this should not be exposed. We should mask it.
Severity: Low
Steps:
- Login as a sysadmin user and install the bitbucket plugin.
- Visit the bitbucket configuration page and enter Oauth client ID and secret and save.
- Reload the page and notice that the secret is still displayed in plain text.
- Like other config pages, i.e say OAuth config page on System console, the secret key should be
truncated and displayed as ******. It should not be returned as plain text in config API
From GH comment: #5 (review)
5) The Bitbucket OAuth Client Secret is displayed as plain text in the System Console. When the config is saved and page is reloaded, this should not be exposed. We should mask it.
Severity: Low
Steps:
truncated and displayed as ******. It should not be returned as plain text in config API