diff --git a/browserid/lib/wsapi.js b/browserid/lib/wsapi.js index c2761d5ad916d553fed6f94382779c607d960e43..a58a1e60f69479696489d2e672b08f5d8b34e46b 100644 --- a/browserid/lib/wsapi.js +++ b/browserid/lib/wsapi.js @@ -63,12 +63,12 @@ function setup(app) { * this involves creating a secret url that must be delivered to the * user via their claimed email address. Upon timeout expiry OR clickthrough * the staged user account transitions to a valid user account */ - app.get('/wsapi/stage_user', checkParams([ "email", "pass", "pubkey", "site" ]), function(req, resp) { + app.post('/wsapi/stage_user', checkParams([ "email", "pass", "pubkey", "site" ]), function(req, resp) { // bcrypt the password // we should be cloning this object here. - var stageParams = req.query; - stageParams['hash'] = bcrypt.encrypt_sync(req.query.pass, bcrypt.gen_salt_sync(10)); + var stageParams = req.body; + stageParams['hash'] = bcrypt.encrypt_sync(stageParams.pass, bcrypt.gen_salt_sync(10)); try { // upon success, stage_user returns a secret (that'll get baked into a url diff --git a/browserid/static/dialog/controllers/dialog_controller.js b/browserid/static/dialog/controllers/dialog_controller.js index 8744d723808a298ffbd0c439626d79e658ef1e58..05d2734098538bd5eced4fe7b0406ec2f8fb932f 100644 --- a/browserid/static/dialog/controllers/dialog_controller.js +++ b/browserid/static/dialog/controllers/dialog_controller.js @@ -191,11 +191,14 @@ $.Controller("Dialog", {}, { var self = this; $.ajax({ - url: '/wsapi/stage_user?email=' + encodeURIComponent(email) - + '&pass=' + encodeURIComponent(pass) - + '&pubkey=' + encodeURIComponent(keypair.pub) - + '&site=' + encodeURIComponent(this.remoteOrigin.replace(/^(http|https):\/\//, '')), - success: function() { + type: "post", + url: '/wsapi/stage_user', + data: {email: email, + pass: pass, + pubkey : keypair.pub, + site : this.remoteOrigin.replace(/^(http|https):\/\//, ''), + csrf : self.csrf}, + success: function() { // account successfully staged, now wait for email confirmation self.doConfirmEmail(email, keypair); }, diff --git a/browserid/tests/registration-status-wsapi-test.js b/browserid/tests/registration-status-wsapi-test.js index 96a0bdb8ac7a5c52f293c83482743cce78181d9c..eec961955cc2df13206b90e8e6815e0d5a1e7515 100755 --- a/browserid/tests/registration-status-wsapi-test.js +++ b/browserid/tests/registration-status-wsapi-test.js @@ -31,7 +31,7 @@ suite.addBatch({ // now start a registration suite.addBatch({ "start registration": { - topic: wsapi.get('/wsapi/stage_user', { + topic: wsapi.post('/wsapi/stage_user', { email: 'first@fakeemail.com', pass: 'firstfakepass', pubkey: 'fakepubkey', @@ -112,7 +112,7 @@ suite.addBatch({ suite.addBatch({ "re-registering an existing email": { - topic: wsapi.get('/wsapi/stage_user', { + topic: wsapi.post('/wsapi/stage_user', { email: 'first@fakeemail.com', pass: 'secondfakepass', pubkey: 'secondfakepubkey',