mirror of
https://github.com/bitwarden/android.git
synced 2024-12-25 18:38:27 +03:00
Use encoded query parameters over path (#2354)
* Use encoded query parameters over path * Prefer POST for requests with sensitive information * Send private information in headers over query * B64 encode email
This commit is contained in:
parent
c02cd1f15b
commit
4d2b53c809
2 changed files with 11 additions and 5 deletions
|
@ -47,7 +47,7 @@ namespace Bit.Core.Abstractions
|
|||
Task RefreshIdentityTokenAsync();
|
||||
Task<SsoPrevalidateResponse> PreValidateSso(string identifier);
|
||||
Task<TResponse> SendAsync<TRequest, TResponse>(HttpMethod method, string path,
|
||||
TRequest body, bool authed, bool hasResponse, bool logoutOnUnauthorized = true);
|
||||
TRequest body, bool authed, bool hasResponse, Action<HttpRequestMessage> alterRequest, bool logoutOnUnauthorized = true);
|
||||
void SetUrls(EnvironmentUrls urls);
|
||||
[Obsolete("Mar 25 2021: This method has been deprecated in favor of direct uploads. This method still exists for backward compatibility with old server versions.")]
|
||||
Task<CipherResponse> PostCipherAttachmentLegacyAsync(string id, MultipartFormDataContent data);
|
||||
|
|
|
@ -10,6 +10,7 @@ using Bit.Core.Exceptions;
|
|||
using Bit.Core.Models.Domain;
|
||||
using Bit.Core.Models.Request;
|
||||
using Bit.Core.Models.Response;
|
||||
using Bit.Core.Utilities;
|
||||
using Newtonsoft.Json;
|
||||
using Newtonsoft.Json.Linq;
|
||||
using Newtonsoft.Json.Serialization;
|
||||
|
@ -183,13 +184,13 @@ namespace Bit.Core.Services
|
|||
|
||||
public Task PostAccountRequestOTP()
|
||||
{
|
||||
return SendAsync<object, object>(HttpMethod.Post, "/accounts/request-otp", null, true, false, false);
|
||||
return SendAsync<object, object>(HttpMethod.Post, "/accounts/request-otp", null, true, false, null, false);
|
||||
}
|
||||
|
||||
public Task PostAccountVerifyOTPAsync(VerifyOTPRequest request)
|
||||
{
|
||||
return SendAsync<VerifyOTPRequest, object>(HttpMethod.Post, "/accounts/verify-otp", request,
|
||||
true, false, false);
|
||||
true, false, null, false);
|
||||
}
|
||||
|
||||
public Task PutUpdateTempPasswordAsync(UpdateTempPasswordRequest request)
|
||||
|
@ -570,7 +571,11 @@ namespace Bit.Core.Services
|
|||
|
||||
public Task<bool> GetKnownDeviceAsync(string email, string deviceIdentifier)
|
||||
{
|
||||
return SendAsync<object, bool>(HttpMethod.Get, $"/devices/knowndevice/{email}/{deviceIdentifier}", null, false, true);
|
||||
return SendAsync<object, bool>(HttpMethod.Get, "/devices/knowndevice", null, false, true, (message) =>
|
||||
{
|
||||
message.Headers.Add("X-Device-Identifier", deviceIdentifier);
|
||||
message.Headers.Add("X-Request-Email", CoreHelpers.Base64UrlEncode(Encoding.UTF8.GetBytes(email)));
|
||||
});
|
||||
}
|
||||
|
||||
#endregion
|
||||
|
@ -624,7 +629,7 @@ namespace Bit.Core.Services
|
|||
public Task<TResponse> SendAsync<TResponse>(HttpMethod method, string path, bool authed) =>
|
||||
SendAsync<object, TResponse>(method, path, null, authed, true);
|
||||
public async Task<TResponse> SendAsync<TRequest, TResponse>(HttpMethod method, string path, TRequest body,
|
||||
bool authed, bool hasResponse, bool logoutOnUnauthorized = true)
|
||||
bool authed, bool hasResponse, Action<HttpRequestMessage> alterRequest = null, bool logoutOnUnauthorized = true)
|
||||
{
|
||||
using (var requestMessage = new HttpRequestMessage())
|
||||
{
|
||||
|
@ -671,6 +676,7 @@ namespace Bit.Core.Services
|
|||
{
|
||||
requestMessage.Headers.Add("Accept", "application/json");
|
||||
}
|
||||
alterRequest?.Invoke(requestMessage);
|
||||
|
||||
HttpResponseMessage response;
|
||||
try
|
||||
|
|
Loading…
Reference in a new issue