From c3a5446dfb1b9be083606283bb2d57020816b44b Mon Sep 17 00:00:00 2001 From: Nizamudeen A Date: Wed, 21 Apr 2021 13:40:39 +0530 Subject: [PATCH] mgr/dashboard: Remove username and password from request body Fixes: https://tracker.ceph.com/issues/50451 Signed-off-by: Nizamudeen A (cherry picked from commit 273a776cad8065f568f17a05804aabd14625a1f0) --- .../src/app/shared/api/user.service.spec.ts | 9 ++++++--- .../frontend/src/app/shared/api/user.service.ts | 16 ++++++---------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.spec.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.spec.ts index 25d85db493436..ba038a72553b8 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.spec.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.spec.ts @@ -83,19 +83,22 @@ describe('UserService', () => { it('should call validatePassword', () => { service.validatePassword('foo').subscribe(); - const req = httpTesting.expectOne('api/user/validate_password?password=foo'); + const req = httpTesting.expectOne('api/user/validate_password'); expect(req.request.method).toBe('POST'); + expect(req.request.body).toEqual({ password: 'foo', old_password: null, username: null }); }); it('should call validatePassword (incl. name)', () => { service.validatePassword('foo_bar', 'bar').subscribe(); - const req = httpTesting.expectOne('api/user/validate_password?password=foo_bar&username=bar'); + const req = httpTesting.expectOne('api/user/validate_password'); expect(req.request.method).toBe('POST'); + expect(req.request.body).toEqual({ password: 'foo_bar', username: 'bar', old_password: null }); }); it('should call validatePassword (incl. old password)', () => { service.validatePassword('foo', null, 'foo').subscribe(); - const req = httpTesting.expectOne('api/user/validate_password?password=foo&old_password=foo'); + const req = httpTesting.expectOne('api/user/validate_password'); expect(req.request.method).toBe('POST'); + expect(req.request.body).toEqual({ password: 'foo', old_password: 'foo', username: null }); }); }); diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.ts index bb358925e3955..95c80dd4665a0 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.ts @@ -1,4 +1,4 @@ -import { HttpClient, HttpParams } from '@angular/common/http'; +import { HttpClient } from '@angular/common/http'; import { Injectable } from '@angular/core'; import { Observable, of as observableOf } from 'rxjs'; @@ -53,14 +53,10 @@ export class UserService { } validatePassword(password: string, username: string = null, oldPassword: string = null) { - let params = new HttpParams(); - params = params.append('password', password); - if (username) { - params = params.append('username', username); - } - if (oldPassword) { - params = params.append('old_password', oldPassword); - } - return this.http.post('api/user/validate_password', null, { params }); + return this.http.post('api/user/validate_password', { + password: password, + username: username, + old_password: oldPassword + }); } } -- 2.39.5