From b74a042da8250d78f9ed81eedd5ff23ed7ad232c Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Wed, 5 Apr 2023 18:10:29 +0200 Subject: [PATCH] Feature/change auth endpoint from get to post (#1823) * Change auth endpoint from GET to POST * Login with security token * Login with Internet Identity * Update changelog --- CHANGELOG.md | 2 ++ apps/api/src/app/auth/auth.controller.ts | 13 ++++++------- apps/client/src/app/services/data.service.ts | 6 +++--- .../src/app/services/internet-identity.service.ts | 6 +++--- 4 files changed, 14 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a46bf4d7e..d1f6ea9d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed +- Changed the `auth` endpoint of the login with _Security Token_ from `GET` to `POST` +- Changed the `auth` endpoint of the _Internet Identity_ login provider from `GET` to `POST` - Improved the content of the Frequently Asked Questions (FAQ) page - Improved the content of the pricing page diff --git a/apps/api/src/app/auth/auth.controller.ts b/apps/api/src/app/auth/auth.controller.ts index 08d1c1a31..715c284f4 100644 --- a/apps/api/src/app/auth/auth.controller.ts +++ b/apps/api/src/app/auth/auth.controller.ts @@ -7,7 +7,6 @@ import { Controller, Get, HttpException, - Param, Post, Req, Res, @@ -33,13 +32,13 @@ export class AuthController { private readonly webAuthService: WebAuthService ) {} - @Get('anonymous/:accessToken') + @Post('anonymous') public async accessTokenLogin( - @Param('accessToken') accessToken: string + @Body() body: { accessToken: string } ): Promise { try { const authToken = await this.authService.validateAnonymousLogin( - accessToken + body.accessToken ); return { authToken }; } catch { @@ -81,13 +80,13 @@ export class AuthController { } } - @Get('internet-identity/:principalId') + @Post('internet-identity') public async internetIdentityLogin( - @Param('principalId') principalId: string + @Body() body: { principalId: string } ): Promise { try { const authToken = await this.authService.validateInternetIdentityLogin( - principalId + body.principalId ); return { authToken }; } catch { diff --git a/apps/client/src/app/services/data.service.ts b/apps/client/src/app/services/data.service.ts index d4071caeb..845f1e0f2 100644 --- a/apps/client/src/app/services/data.service.ts +++ b/apps/client/src/app/services/data.service.ts @@ -388,9 +388,9 @@ export class DataService { } public loginAnonymous(accessToken: string) { - return this.http.get( - `/api/v1/auth/anonymous/${accessToken}` - ); + return this.http.post(`/api/v1/auth/anonymous`, { + accessToken + }); } public postAccess(aAccess: CreateAccessDto) { diff --git a/apps/client/src/app/services/internet-identity.service.ts b/apps/client/src/app/services/internet-identity.service.ts index 9a4551d3e..833b5d80e 100644 --- a/apps/client/src/app/services/internet-identity.service.ts +++ b/apps/client/src/app/services/internet-identity.service.ts @@ -30,9 +30,9 @@ export class InternetIdentityService implements OnDestroy { const principalId = authClient.getIdentity().getPrincipal(); this.http - .get( - `/api/v1/auth/internet-identity/${principalId.toText()}` - ) + .post(`/api/v1/auth/internet-identity`, { + principalId: principalId.toText() + }) .pipe( catchError(() => { reject();