mirror of
https://github.com/rommapp/romm.git
synced 2026-02-05 11:07:55 +08:00
b1ba322408
Stop using query parameters for user creation and update endpoints in the API. Instead, use the request body to pass user data. This change stops leaking sensitive information like passwords in the URL. Fixes #2010
34 lines
1.0 KiB
Python
34 lines
1.0 KiB
Python
from fastapi import UploadFile
|
|
from fastapi.param_functions import Form
|
|
from pydantic import BaseModel
|
|
|
|
|
|
class UserForm(BaseModel):
|
|
username: str | None = None
|
|
password: str | None = None
|
|
email: str | None = None
|
|
role: str | None = None
|
|
enabled: bool | None = None
|
|
ra_username: str | None = None
|
|
avatar: UploadFile | None = None
|
|
|
|
|
|
class OAuth2RequestForm:
|
|
def __init__(
|
|
self,
|
|
grant_type: str = Form(default="password"),
|
|
scope: str = Form(default=""),
|
|
username: str | None = Form(default=None),
|
|
password: str | None = Form(default=None),
|
|
client_id: str | None = Form(default=None),
|
|
client_secret: str | None = Form(default=None),
|
|
refresh_token: str | None = Form(default=None),
|
|
):
|
|
self.grant_type = grant_type
|
|
self.scopes = scope.split()
|
|
self.username = username
|
|
self.password = password
|
|
self.client_id = client_id
|
|
self.client_secret = client_secret
|
|
self.refresh_token = refresh_token
|