From 949790db1ff57f7d6dcfd173e680d901f4875f90 Mon Sep 17 00:00:00 2001
From: YevhenBondarenko <ybondarenko@thingsboard.io>
Date: Mon, 17 Aug 2020 14:01:37 +0300
Subject: [PATCH 1/2] not send smtp password to UI

---
 .../thingsboard/server/controller/AdminController.java    | 8 +++++++-
 .../server/dao/settings/AdminSettingsServiceImpl.java     | 8 ++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/AdminController.java b/application/src/main/java/org/thingsboard/server/controller/AdminController.java
index 8873d82366..134171c8b1 100644
--- a/application/src/main/java/org/thingsboard/server/controller/AdminController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/AdminController.java
@@ -15,6 +15,7 @@
  */
 package org.thingsboard.server.controller;
 
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -59,7 +60,11 @@ public class AdminController extends BaseController {
     public AdminSettings getAdminSettings(@PathVariable("key") String key) throws ThingsboardException {
         try {
             accessControlService.checkPermission(getCurrentUser(), Resource.ADMIN_SETTINGS, Operation.READ);
-            return checkNotNull(adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, key));
+            AdminSettings adminSettings = checkNotNull(adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, key));
+            if (adminSettings.getKey().equals("mail")) {
+                ((ObjectNode) adminSettings.getJsonValue()).put("password", "");
+            }
+            return adminSettings;
         } catch (Exception e) {
             throw handleException(e);
         }
@@ -74,6 +79,7 @@ public class AdminController extends BaseController {
             adminSettings = checkNotNull(adminSettingsService.saveAdminSettings(TenantId.SYS_TENANT_ID, adminSettings));
             if (adminSettings.getKey().equals("mail")) {
                 mailService.updateMailConfiguration();
+                ((ObjectNode) adminSettings.getJsonValue()).put("password", "");
             }
             return adminSettings;
         } catch (Exception e) {
diff --git a/dao/src/main/java/org/thingsboard/server/dao/settings/AdminSettingsServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/settings/AdminSettingsServiceImpl.java
index 6c7495cc19..4374e314cf 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/settings/AdminSettingsServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/settings/AdminSettingsServiceImpl.java
@@ -15,6 +15,7 @@
  */
 package org.thingsboard.server.dao.settings;
 
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -52,6 +53,13 @@ public class AdminSettingsServiceImpl implements AdminSettingsService {
     public AdminSettings saveAdminSettings(TenantId tenantId, AdminSettings adminSettings) {
         log.trace("Executing saveAdminSettings [{}]", adminSettings);
         adminSettingsValidator.validate(adminSettings, data -> tenantId);
+        if (adminSettings.getKey().equals("mail") && "".equals(adminSettings.getJsonValue().get("password").asText())) {
+            AdminSettings mailSettings = findAdminSettingsByKey(tenantId, "mail");
+            if (mailSettings != null) {
+                ((ObjectNode) adminSettings.getJsonValue()).put("password", mailSettings.getJsonValue().get("password").asText());
+            }
+        }
+
         return adminSettingsDao.save(tenantId, adminSettings);
     }
     

From d8f2da4864c0349513df4461fd6d4935d9d09014 Mon Sep 17 00:00:00 2001
From: YevhenBondarenko <ybondarenko@thingsboard.io>
Date: Mon, 17 Aug 2020 17:28:29 +0300
Subject: [PATCH 2/2] refactored UI for mail settings

---
 ui/src/app/admin/outgoing-mail-settings.tpl.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ui/src/app/admin/outgoing-mail-settings.tpl.html b/ui/src/app/admin/outgoing-mail-settings.tpl.html
index 596c9c4091..5f8668bc3d 100644
--- a/ui/src/app/admin/outgoing-mail-settings.tpl.html
+++ b/ui/src/app/admin/outgoing-mail-settings.tpl.html
@@ -123,16 +123,16 @@
 						</md-input-container>
 						<md-input-container class="md-block">
 							<label translate>admin.proxy-password</label>
-							<input name="proxyPassword" ng-model="vm.settings.jsonValue.proxyPassword">
+							<input name="proxyPassword" type="password" autocomplete="new-password" ng-model="vm.settings.jsonValue.proxyPassword">
 						</md-input-container>
 					</section>
 					<md-input-container class="md-block">
 						<label translate>common.username</label>
-						<input name="username" placeholder="{{ 'common.enter-username' | translate }}" ng-model="vm.settings.jsonValue.username">
+						<input placeholder="{{ 'common.enter-username' | translate }}" ng-model="vm.settings.jsonValue.username" autocomplete="new-username" >
 					</md-input-container>				
 					<md-input-container class="md-block">
 						<label translate>common.password</label>
-						<input name="password" placeholder="{{ 'common.enter-password' | translate }}" type="password" ng-model="vm.settings.jsonValue.password">
+						<input placeholder="{{ 'common.enter-password' | translate }}" type="password" ng-model="vm.settings.jsonValue.password" autocomplete="new-password">
 					</md-input-container>				
 					<div layout="row" layout-align="end center" width="100%" layout-wrap>
 						<md-button ng-disabled="$root.loading || vm.settingsForm.$invalid" ng-click="vm.sendTestMail()" class="md-raised">{{'admin.send-test-mail' | translate}}</md-button>