opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-06-26 23:01:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
a79bc7d074
dify/api/tests/unit_tests/controllers/console
History
yungle246 a79bc7d074 feat(api): mask secret tokens in api-key list responses (reveal-once) 
Previously the console api-key list returned every key's full plaintext
token, so anyone with console access could retrieve the secret of an
already-created key (via the copy button or the raw API response). This
is contrary to the reveal-once norm.

- List endpoints (app keys, workspace dataset keys, per-dataset keys) now
  return a masked token (prefix + last 4); the full secret is only ever
  returned by the create endpoint, at creation time.
- Frontend secret-key modal displays the masked token as-is and drops the
  copy affordance for existing keys (copying a masked value is pointless).

Applies to both app and dataset keys since they share the modal and the
ApiKeyItem response model.
2026-06-25 14:21:38 +09:00
..
agent fix(agent): agent composer publish validation (#37803) 2026-06-23 08:48:40 +00:00
app feat(agent-v2): sync nightly updates to main (2026-06-22) (#37651) 2026-06-23 08:05:16 +00:00
auth chore: move one db.session (#37656) 2026-06-19 19:52:59 +00:00
billing refactor(api): migrate tenant/user via DI for several endpoints (#36971) 2026-06-03 04:24:17 +00:00
datasets feat(api): mask secret tokens in api-key list responses (reveal-once) 2026-06-25 14:21:38 +09:00
explore refactor: accept db.session explicitly in SavedMessageService (#37682) 2026-06-20 12:35:06 +00:00
snippets fix: snippet history detail includes input fields (#37797) 2026-06-23 08:08:12 +00:00
tag chore: example of make db.session pass from parameter. (#37561) 2026-06-18 02:16:09 +00:00
workspace chore: remove duplicate code (#37724) 2026-06-22 06:57:56 +00:00
__init__.py feat: return data_source_info and data_source_detail_dict (#29912) 2026-01-05 11:04:03 +08:00
test_apikey.py feat(api): mask secret tokens in api-key list responses (reveal-once) 2026-06-25 14:21:38 +09:00
test_document_detail_api_data_source_info.py chore(api): align Python support with 3.12 (#34419) 2026-04-02 05:07:32 +00:00
test_extension.py refactor: accept db.session explicitly in APIBasedExtensionService (#37693) 2026-06-21 00:53:36 +00:00
test_fastopenapi_ping.py feat: init fastopenapi (#30453) 2026-01-23 21:07:52 +09:00
test_fastopenapi_setup.py refactor: api/controllers/console/setup.py to ov3 (#31465) 2026-01-26 15:04:33 +08:00
test_fastopenapi_version.py refactor: api/controllers/console/version.py to v3 (#31463) 2026-01-26 15:04:25 +08:00
test_feature.py refactor(api): migrate remaining console APIs to use injected user/tenant (#37288) 2026-06-11 01:30:31 +00:00
test_files_security.py refactor: port api/fields/file_fields.py (#30638) 2026-01-06 22:55:58 +08:00
test_files.py feat(dify-agent): sync shell and back proxy updates (#37159) 2026-06-10 03:04:32 +00:00
test_human_input_form.py fix: validate conversation variable description length to prevent varchar(255) truncation error (#33038) 2026-06-10 07:28:12 +00:00
test_init_validate.py chore: add Type to test (#37191) 2026-06-19 16:44:20 +00:00
test_remote_files.py chore: add Type to test (#37191) 2026-06-19 16:44:20 +00:00
test_spec.py chore: add more type in test (#37609) 2026-06-18 23:07:12 +00:00
test_version.py chore: Caplog type (#37603) 2026-06-18 18:53:13 +00:00
test_workspace_account.py chore: add Type to test (#37191) 2026-06-19 16:44:20 +00:00
test_workspace_members.py feat: RBAC (#37107) 2026-06-18 16:35:29 +00:00
test_wraps.py chore: add Type to test (#37191) 2026-06-19 16:44:20 +00:00