[BB-1053] registration: post validation via POST and not GET (!415) · Merge requests · opencraft / dev / console · GitLab

Boros Gábor requested to merge dachary/BB-1053-validate-password into master Mar 23, 2019

Created by: dupainaulevain

What is being changed?

Post registration validation via POST and not GET

Why is it neeeded?

So that password & password_confirmation do not leak in server logs

Testing instructions

make run.dev
firefox http://localhost:5000/registration
type the password and the password confirmation
without this commit see the following line in the logs displayed by make run.dev and the password you just typed

06:55:16 web.1                 | 192.168.160.1 - - [09/Mar/2019 06:55:16] "GET /api/v1/registration/register/validate/?accept_terms=false&footer_bg_color=%23ffffff&header_bg_color=%23ffffff&link_color=%23126f9a&main_color=%23126f9a&password=frobnitza&password_confirmation=frobnitza&subscribe_to_updates=false HTTP/1.1" 200 -

with this commit see the following line in the logs displayed by make run.dev without the password you just typed

06:55:16 web.1                 | 192.168.160.1 - - [09/Mar/2019 06:55:16] "POST /api/v1/registration/register/validate/ HTTP/1.1" 200 -