diff --git a/browserid/app.js b/browserid/app.js
index 4152448b06b0329edc0f330cbe823a09f861b275..3c4ecd0d904b7f1d97a57eb751ecf10ea7d5fd3e 100644
--- a/browserid/app.js
+++ b/browserid/app.js
@@ -73,6 +73,8 @@ exports.setup = function(server) {
}
});
+ server.use(express.bodyParser());
+
// a tweak to get the content type of host-meta correct
server.use(function(req, resp, next) {
if (req.url === '/.well-known/host-meta') {
diff --git a/browserid/lib/wsapi.js b/browserid/lib/wsapi.js
index 9ea84c5e66cd72a81b33636080bbd5f286f503f8..659eb6e74e4ed5443941614a39f1071fa667febe 100644
--- a/browserid/lib/wsapi.js
+++ b/browserid/lib/wsapi.js
@@ -11,24 +11,26 @@ const db = require('./db.js'),
function checkParams(params) {
return function(req, resp, next) {
- var urlobj = url.parse(req.url, true);
- var getArgs = urlobj.query;
- req.get = getArgs;
-
+ var params_in_request=null;
+ if (req.method === "POST") {
+ params_in_request = req.body;
+ } else {
+ var getArgs = req.query;
+ req.get = getArgs;
+ params_in_request = getArgs;
+ }
+
try {
params.forEach(function(k) {
- if (!getArgs.hasOwnProperty(k) || typeof getArgs[k] !== 'string') {
+ if (!params_in_request.hasOwnProperty(k) || typeof params_in_request[k] !== 'string') {
throw k;
}
});
} catch(e) {
console.log("error : " + e.toString());
- console.log(getArgs);
return httputils.badRequest(resp, "missing '" + e + "' argument");
}
- console.log("about to call next");
next();
- console.log("done calling next");
};
}
@@ -64,7 +66,7 @@ function setup(app) {
var getArgs = req.get;
// bcrypt the password
- getArgs.hash = bcrypt.encrypt_sync(getArgs.pass, bcrypt.gen_salt_sync(4));
+ getArgs.hash = bcrypt.encrypt_sync(getArgs.pass, bcrypt.gen_salt_sync(10));
try {
// upon success, stage_user returns a secret (that'll get baked into a url
@@ -175,15 +177,12 @@ function setup(app) {
}
});
- app.get('/wsapi/remove_email', checkAuthed, checkParams(["email"]), function(req, resp) {
- // this should really be POST, but for now I'm having trouble seeing
- // how to get POST args properly, so it's a GET (Ben).
- // hmmm, I really want express or some other web framework!
- var getArgs = req.get;
+ app.post('/wsapi/remove_email', checkAuthed, checkParams(["email"]), function(req, resp) {
+ var email = req.body.email;
- db.removeEmail(req.session.authenticatedUser, getArgs.email, function(error) {
+ db.removeEmail(req.session.authenticatedUser, email, function(error) {
if (error) {
- console.log("error removing email " + getArgs.email);
+ console.log("error removing email " + email);
httputils.badRequest(resp, error.toString());
} else {
httputils.jsonResponse(resp, true);
@@ -228,20 +227,11 @@ function setup(app) {
});
app.post('/wsapi/sync_emails', checkAuthed, function(req,resp) {
- var requestBody = "";
- req.on('data', function(str) {
- requestBody += str;
- });
- req.on('end', function() {
- try {
- var emails = JSON.parse(requestBody);
- } catch(e) {
- httputils.badRequest(resp, "malformed payload: " + e);
- }
- db.getSyncResponse(req.session.authenticatedUser, emails, function(err, syncResponse) {
- if (err) httputils.serverError(resp, err);
- else httputils.jsonResponse(resp, syncResponse);
- });
+ var emails = req.body;
+
+ db.getSyncResponse(req.session.authenticatedUser, emails, function(err, syncResponse) {
+ if (err) httputils.serverError(resp, err);
+ else httputils.jsonResponse(resp, syncResponse);
});
});
diff --git a/browserid/static/manage.html b/browserid/static/manage.html
index 643e3d97ae1e317bc8eb84789135cae3feebd01f..5081533787a3bdb4ca9c831b7ea6c16c25265f5f 100644
--- a/browserid/static/manage.html
+++ b/browserid/static/manage.html
@@ -87,7 +87,7 @@ function display_saved_ids()
delete t[e];
window.localStorage.emails = JSON.stringify(t);
// remove email from server
- $.get("/wsapi/remove_email", {"email" : e}, function(response) {
+ $.post("/wsapi/remove_email", {"email" : e}, function(response) {
alert("response is : " +response);
display_saved_ids();
});