From 781eeb6a13bf70b565eaf05b2d45882ccbd10135 Mon Sep 17 00:00:00 2001
From: Jonathan Bernard <jdb@jdb-labs.com>
Date: Mon, 8 May 2017 12:39:12 -0500
Subject: [PATCH] Change `auth-token` endpoint from `GET` to `POST`.

---
 src/main/nim/strawbosspkg/server.nim | 11 +++++++++--
 src/test/nim/tserver.nim             | 10 ++++++----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/main/nim/strawbosspkg/server.nim b/src/main/nim/strawbosspkg/server.nim
index ab02f24..8d4fe1f 100644
--- a/src/main/nim/strawbosspkg/server.nim
+++ b/src/main/nim/strawbosspkg/server.nim
@@ -130,9 +130,16 @@ proc start*(cfg: StrawBossConfig): void =
 
     get "/ping": resp($(%*"pong"), JSON)
 
-    get "/auth-token":
+    post "/auth-token":
+      var uname, pwd: string
       try:
-        let authToken = makeAuthToken(cfg, @"username", @"password")
+        let jsonBody = parseJson(request.body)
+        uname = jsonBody["username"].getStr
+        pwd = jsonBody["password"].getStr
+      except: resp(Http400, makeJsonResp(Http400), JSON)
+
+      try:
+        let authToken = makeAuthToken(cfg, uname, pwd)
         resp("\"" & $authToken & "\"", JSON)
       except: resp(Http401, makeJsonResp(Http401, getCurrentExceptionMsg()), JSON)
 
diff --git a/src/test/nim/tserver.nim b/src/test/nim/tserver.nim
index 19779b7..450cffe 100644
--- a/src/test/nim/tserver.nim
+++ b/src/test/nim/tserver.nim
@@ -8,9 +8,9 @@ import ../../main/nim/strawbosspkg/server
 import ../../main/nim/strawbosspkg/private/util
 
 # test helpers
-proc newAuthenticatedHttpClient(apiBase, uname, pwd: string): HttpClient = 
+proc newAuthenticatedHttpClient(apiBase, uname, pwd: string): HttpClient =
   result = newHttpClient()
-  let authResp = result.get(apiBase & "/auth-token?username=" & uname & "&password=" & pwd)
+  let authResp = result.post(apiBase & "/auth-token", $(%*{"username": uname, "password": pwd}))
   assert authResp.status.startsWith("200")
   result.headers = newHttpHeaders({"Authorization": "Bearer " & parseJson(authResp.body).getStr})
 
@@ -54,11 +54,13 @@ suite "strawboss server":
       resp.body == "\"pong\""
 
   test "fail auth":
-    let resp = http.get(apiBase & "/auth-token?username=bob@builder.com&password=notpassword")
+    let resp = http.post(apiBase & "/auth-token",
+      $(%*{"username": "bob@builder.com", "password": "notpassword"}))
     check resp.status.startsWith("401")
 
   test "auth":
-    let resp = http.get(apiBase & "/auth-token?username=bob@builder.com&password=password")
+    let resp = http.post(apiBase & "/auth-token",
+      $(%*{"username": "bob@builder.com", "password": "password"}))
     check resp.status.startsWith("200")
 
   test "verify valid auth token":