From: Nizamudeen A <nia@redhat.com>
Date: Wed, 21 Apr 2021 08:10:39 +0000 (+0530)
Subject: mgr/dashboard: Remove username and password from request body
X-Git-Tag: v16.2.2~18^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F40981%2Fhead;p=ceph.git

mgr/dashboard: Remove username and password from request body

Fixes: https://tracker.ceph.com/issues/50451
Signed-off-by: Nizamudeen A <nia@redhat.com>
(cherry picked from commit 273a776cad8065f568f17a05804aabd14625a1f0)
---

diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.spec.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.spec.ts
index 25d85db49343..ba038a72553b 100644
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.spec.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.spec.ts
@@ -83,19 +83,22 @@ describe('UserService', () => {
 
   it('should call validatePassword', () => {
     service.validatePassword('foo').subscribe();
-    const req = httpTesting.expectOne('api/user/validate_password?password=foo');
+    const req = httpTesting.expectOne('api/user/validate_password');
     expect(req.request.method).toBe('POST');
+    expect(req.request.body).toEqual({ password: 'foo', old_password: null, username: null });
   });
 
   it('should call validatePassword (incl. name)', () => {
     service.validatePassword('foo_bar', 'bar').subscribe();
-    const req = httpTesting.expectOne('api/user/validate_password?password=foo_bar&username=bar');
+    const req = httpTesting.expectOne('api/user/validate_password');
     expect(req.request.method).toBe('POST');
+    expect(req.request.body).toEqual({ password: 'foo_bar', username: 'bar', old_password: null });
   });
 
   it('should call validatePassword (incl. old password)', () => {
     service.validatePassword('foo', null, 'foo').subscribe();
-    const req = httpTesting.expectOne('api/user/validate_password?password=foo&old_password=foo');
+    const req = httpTesting.expectOne('api/user/validate_password');
     expect(req.request.method).toBe('POST');
+    expect(req.request.body).toEqual({ password: 'foo', old_password: 'foo', username: null });
   });
 });
diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.ts
index bb358925e395..95c80dd4665a 100644
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.ts
@@ -1,4 +1,4 @@
-import { HttpClient, HttpParams } from '@angular/common/http';
+import { HttpClient } from '@angular/common/http';
 import { Injectable } from '@angular/core';
 
 import { Observable, of as observableOf } from 'rxjs';
@@ -53,14 +53,10 @@ export class UserService {
   }
 
   validatePassword(password: string, username: string = null, oldPassword: string = null) {
-    let params = new HttpParams();
-    params = params.append('password', password);
-    if (username) {
-      params = params.append('username', username);
-    }
-    if (oldPassword) {
-      params = params.append('old_password', oldPassword);
-    }
-    return this.http.post('api/user/validate_password', null, { params });
+    return this.http.post('api/user/validate_password', {
+      password: password,
+      username: username,
+      old_password: oldPassword
+    });
   }
 }