mirror of
https://github.com/bitwarden/server.git
synced 2024-12-25 17:27:45 +01:00
Use encoded query parameters over path (#2682)
* Use encoded query parameters over path * Prefer POST for requests with sensitive information * Send private information in headers over query * B64 encode email
This commit is contained in:
parent
11c59addf4
commit
465681c712
@ -4,6 +4,7 @@ using Bit.Core.Entities;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Utilities;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
@ -130,6 +131,14 @@ public class DevicesController : Controller
|
||||
await _deviceService.DeleteAsync(device);
|
||||
}
|
||||
|
||||
[AllowAnonymous]
|
||||
[HttpGet("knowndevice")]
|
||||
public async Task<bool> GetByIdentifierQuery(
|
||||
[FromHeader(Name = "X-Request-Email")] string email,
|
||||
[FromHeader(Name = "X-Device-Identifier")] string deviceIdentifier)
|
||||
=> await GetByIdentifier(CoreHelpers.Base64UrlDecodeString(email), deviceIdentifier);
|
||||
|
||||
[Obsolete("Path is deprecated due to encoding issues, use /knowndevice instead.")]
|
||||
[AllowAnonymous]
|
||||
[HttpGet("knowndevice/{email}/{identifier}")]
|
||||
public async Task<bool> GetByIdentifier(string email, string identifier)
|
||||
|
Loading…
Reference in New Issue
Block a user