Use POST for reset (OWASP#197)

appsectr · Apr 29, 2023 · 5d6f5f8 · 5d6f5f8
1 parent 92a732a
commit 5d6f5f8
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/postman_collections/crAPI.postman_collection.json b/postman_collections/crAPI.postman_collection.json
@@ -33,7 +33,7 @@
           }
         ],
         "request": {
-          "method": "GET",
+          "method": "POST",
           "header": [
             {
               "key": "User-Agent",

diff --git a/services/identity/src/main/java/com/crapi/controller/AuthController.java b/services/identity/src/main/java/com/crapi/controller/AuthController.java
@@ -182,7 +182,7 @@ public ResponseEntity<JwtResponse> loginWithTokenV2(
   }
 
   /** @return success or failure of password updation. */
-  @GetMapping("/reset-test-users")
+  @PostMapping("/reset-test-users")
   public ResponseEntity<?> resetPassword() {
     ArrayList<SeedUser> userDetailList = new TestUsers().getUsers();
     for (SeedUser userDetails : userDetailList) {