From a16d02b39d10997ffce9ecd1e443831892ce13e3 Mon Sep 17 00:00:00 2001
From: Matt Gibson <mgibson@bitwarden.com>
Date: Tue, 7 Mar 2023 13:49:12 -0500
Subject: [PATCH] Auth/ps 2465 fix knowndevices path (#4710)

* PS-2450 EC-1073 Do not decode and normalize query

Co-authored-by: Jake Fink <jfink@bitwarden.com>

* Use encoded query parameters over path

* Prefer POST for requests with sensitive information

* Send private information in headers over query

* B64 encode email

---------

Co-authored-by: Jake Fink <jfink@bitwarden.com>
---
 libs/common/src/services/api.service.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libs/common/src/services/api.service.ts b/libs/common/src/services/api.service.ts
index 4aceda36b5..5776348816 100644
--- a/libs/common/src/services/api.service.ts
+++ b/libs/common/src/services/api.service.ts
@@ -1212,8 +1212,10 @@ export class ApiService implements ApiServiceAbstraction {
   }
 
   async getKnownDevice(email: string, deviceIdentifier: string): Promise<boolean> {
-    const path = `/devices/knowndevice/${email}/${deviceIdentifier}`;
-    const r = await this.send("GET", path, null, false, true);
+    const r = await this.send("GET", "/devices/knowndevice", null, false, true, null, (headers) => {
+      headers.set("X-Device-Identifier", deviceIdentifier);
+      headers.set("X-Request-Email", Utils.fromUtf8ToUrlB64(email));
+    });
     return r as boolean;
   }