nt_web_template/full-stack-fastapi-template
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

🔒 Update login.py to receive password as body (#33)

Browse Source 
Change `new_password` from a query parameter to a body parameter for security.

(Why this is problematic is discussed in the top answer to https://stackoverflow.com/questions/2629222/are-querystring-parameters-secure-in-https-http-ssl)
This commit is contained in:
dmontagu
2019-05-28 22:24:09 -07:00
committed by Sebastián Ramírez
parent eae33cda72
commit 546dc8bdcb
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
{{cookiecutter.project_slug}}/backend/app/app/api/api_v1/endpoints/login.py
View File

@@ -1,6 +1,6 @@
from datetime import timedelta from datetime import timedelta
from fastapi import APIRouter, Depends, HTTPException from fastapi import APIRouter, Body, Depends, HTTPException
from fastapi.security import OAuth2PasswordRequestForm from fastapi.security import OAuth2PasswordRequestForm
from sqlalchemy.orm import Session from sqlalchemy.orm import Session
@@ -74,7 +74,7 @@ def recover_password(email: str, db: Session = Depends(get_db)):
@router.post("/reset-password/", tags=["login"], response_model=Msg) @router.post("/reset-password/", tags=["login"], response_model=Msg)
def reset_password(token: str, new_password: str, db: Session = Depends(get_db)): def reset_password(token: str, new_password: str = Body(...), db: Session = Depends(get_db)):
""" """
Reset password Reset password
""" """