From aad0b44cf643fb05d124aec81994baa8cfc2b9a4 Mon Sep 17 00:00:00 2001
From: Dan Church <amphetamachine@gmail.com>
Date: Mon, 19 Dec 2022 11:40:48 -0600
Subject: [PATCH 1/2] Set type="password" on all auth_token fields

Seen when migrating from other hosting platforms.

1. Prevents exposing the token to screen capture/cameras/eyeballs.
2. Prevents the browser from saving the value in its autocomplete
   dictionary, which often is not secure.

Closes #22174

Signed-off-by: Dan Church <amphetamachine@gmail.com>
---
 templates/repo/migrate/gitea.tmpl  | 2 +-
 templates/repo/migrate/github.tmpl | 2 +-
 templates/repo/migrate/gitlab.tmpl | 2 +-
 templates/repo/migrate/gogs.tmpl   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/repo/migrate/gitea.tmpl b/templates/repo/migrate/gitea.tmpl
index ecbf89608e762..31b13cb7b0047 100644
--- a/templates/repo/migrate/gitea.tmpl
+++ b/templates/repo/migrate/gitea.tmpl
@@ -20,7 +20,7 @@
 
 					<div class="inline field {{if .Err_Auth}}error{{end}}">
 						<label for="auth_token">{{.locale.Tr "access_token"}}</label>
-						<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
+						<input id="auth_token" name="auth_token" type="password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
 						<a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a>
 					</div>
 
diff --git a/templates/repo/migrate/github.tmpl b/templates/repo/migrate/github.tmpl
index 63b5e83a2c32b..14b50f2f20a52 100644
--- a/templates/repo/migrate/github.tmpl
+++ b/templates/repo/migrate/github.tmpl
@@ -20,7 +20,7 @@
 
 					<div class="inline field {{if .Err_Auth}}error{{end}}">
 						<label for="auth_token">{{.locale.Tr "access_token"}}</label>
-						<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
+						<input id="auth_token" name="auth_token" type="password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
 						<a target="_blank" href="https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token">{{svg "octicon-question"}}</a>
 						<span class="help">
 						{{.locale.Tr "repo.migrate.github_token_desc"}}
diff --git a/templates/repo/migrate/gitlab.tmpl b/templates/repo/migrate/gitlab.tmpl
index 946b7da37a24d..65e7f3ebae20e 100644
--- a/templates/repo/migrate/gitlab.tmpl
+++ b/templates/repo/migrate/gitlab.tmpl
@@ -20,7 +20,7 @@
 
 					<div class="inline field {{if .Err_Auth}}error{{end}}">
 						<label for="auth_token">{{.locale.Tr "access_token"}}</label>
-						<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
+						<input id="auth_token" name="auth_token" type="password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
 						<a target="_blank" href="https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html">{{svg "octicon-question"}}</a>
 					</div>
 
diff --git a/templates/repo/migrate/gogs.tmpl b/templates/repo/migrate/gogs.tmpl
index 85dbce8164a8b..9c16306de2f2a 100644
--- a/templates/repo/migrate/gogs.tmpl
+++ b/templates/repo/migrate/gogs.tmpl
@@ -20,7 +20,7 @@
 
 					<div class="inline field {{if .Err_Auth}}error{{end}}">
 						<label for="auth_token">{{.locale.Tr "access_token"}}</label>
-						<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
+						<input id="auth_token" name="auth_token" type="password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
 						<!-- <a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a> -->
 					</div>
 

From 2b6f3bb0db1a4a8c9d4e0a5bc7c91cfd492a86f4 Mon Sep 17 00:00:00 2001
From: Dan Church <h3xx@users.noreply.github.com>
Date: Sat, 18 Mar 2023 17:08:50 -0500
Subject: [PATCH 2/2] Set autocomplete=new-password for auth token inputs

This decision was based on what Gitlab shows on its web hook
configuration page.

Co-authored-by: silverwind <me@silverwind.io>
---
 templates/repo/migrate/gitea.tmpl  | 2 +-
 templates/repo/migrate/github.tmpl | 2 +-
 templates/repo/migrate/gitlab.tmpl | 2 +-
 templates/repo/migrate/gogs.tmpl   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/repo/migrate/gitea.tmpl b/templates/repo/migrate/gitea.tmpl
index 31b13cb7b0047..f1d4e4f06b7ff 100644
--- a/templates/repo/migrate/gitea.tmpl
+++ b/templates/repo/migrate/gitea.tmpl
@@ -20,7 +20,7 @@
 
 					<div class="inline field {{if .Err_Auth}}error{{end}}">
 						<label for="auth_token">{{.locale.Tr "access_token"}}</label>
-						<input id="auth_token" name="auth_token" type="password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
+						<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
 						<a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a>
 					</div>
 
diff --git a/templates/repo/migrate/github.tmpl b/templates/repo/migrate/github.tmpl
index 14b50f2f20a52..c591f2a465830 100644
--- a/templates/repo/migrate/github.tmpl
+++ b/templates/repo/migrate/github.tmpl
@@ -20,7 +20,7 @@
 
 					<div class="inline field {{if .Err_Auth}}error{{end}}">
 						<label for="auth_token">{{.locale.Tr "access_token"}}</label>
-						<input id="auth_token" name="auth_token" type="password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
+						<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
 						<a target="_blank" href="https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token">{{svg "octicon-question"}}</a>
 						<span class="help">
 						{{.locale.Tr "repo.migrate.github_token_desc"}}
diff --git a/templates/repo/migrate/gitlab.tmpl b/templates/repo/migrate/gitlab.tmpl
index 65e7f3ebae20e..65559da152c39 100644
--- a/templates/repo/migrate/gitlab.tmpl
+++ b/templates/repo/migrate/gitlab.tmpl
@@ -20,7 +20,7 @@
 
 					<div class="inline field {{if .Err_Auth}}error{{end}}">
 						<label for="auth_token">{{.locale.Tr "access_token"}}</label>
-						<input id="auth_token" name="auth_token" type="password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
+						<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
 						<a target="_blank" href="https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html">{{svg "octicon-question"}}</a>
 					</div>
 
diff --git a/templates/repo/migrate/gogs.tmpl b/templates/repo/migrate/gogs.tmpl
index 9c16306de2f2a..8bc57861ade05 100644
--- a/templates/repo/migrate/gogs.tmpl
+++ b/templates/repo/migrate/gogs.tmpl
@@ -20,7 +20,7 @@
 
 					<div class="inline field {{if .Err_Auth}}error{{end}}">
 						<label for="auth_token">{{.locale.Tr "access_token"}}</label>
-						<input id="auth_token" name="auth_token" type="password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
+						<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
 						<!-- <a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a> -->
 					</div>