search

apache / cloudstack

Apache CloudStack is an opensource Infrastructure as a Service (IaaS) cloud computing platform
https://cloudstack.apache.org/
Apache License 2.0
2.13k stars 1.11k forks source link

Creating an account has GET-like URL parameters #4558

Closed ngrosc closed 3 years ago

ngrosc commented 3 years ago
ISSUE TYPE
COMPONENT NAME
UI
CLOUDSTACK VERSION
4.14
CONFIGURATION

N/A

OS / ENVIRONMENT

N/A

SUMMARY

creating a new account using the web ui has some useless? get-like url parameters. maybe, this was a get request some time ago and then switched to post without cleaning the url part?

STEPS TO REPRODUCE
  1. use tcpdump/burp or some other traffic capture tool
  2. create a new account
  3. review the called urls
EXPECTED RESULTS

a post request to the api endpoint 

https://***/client/api?command=createAccount&response=json

with the payload in its body

ACTUAL RESULTS

a post request to the api endpoint 

https://***/client/api?command=createAccount&username=dummyaccount&email=dummy@dummy.local&firstname=dummy&lastname=dummy&password=dummypass&domainid=****&roleid=****&response=json

with the payload in its body. when creating a user account, the request is as expected

davidjumani commented 3 years ago

@ngrosc @DaanHoogland I've created a fix in the new UI, let me know if this needs to be addressed in the old UI as well

DaanHoogland commented 3 years ago

I think the old UI was removed in master so, no. would not make sense.

nvazquez commented 3 years ago

Closing this issue as it has been fixed by PR #4812