Open
Description
New Feature / Enhancement Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
Current Limitation
verifyPassword
currently only accepts get. Most of the endpoints have been moved to accept POST, but not this one. When using GET with verifyPassword, it sends the username
and password
being verified allowing this data to be cached.
parse-server/src/Routers/UsersRouter.js
Lines 493 to 495 in 350b59a
Feature / Enhancement Description
Use POST instead and SDK's should change to POST. I currently only found this being used in the JS SDK, though I have an implementation of it for the Swift SDK that I haven't merged yet. I don't plan on merging the Swift version with GET. Of course, it can also be accessed via REST.
Maybe get rid of GET here? Maybe it's needed for backwards compatibility? Just a thought...
Example Use Case
- User is logged in
- User attempts to verify their password. Hit the
verifyPassword
endpoint with a POST (instead of GET)
Alternatives / Workarounds
Use GET
or don't use verifyPassword
/