Correcting the HTTP methods for the public urls of forgotPassword & resetPassword
This commit is contained in:
Arpit Mohan
parent
f75331b116
commit
20ea476dc7
|
|
@ -87,9 +87,9 @@ public class SecurityConfig {
|
|||
// This is because the flow enters AclFilter as well and needs to be whitelisted there
|
||||
.matchers(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/login"),
|
||||
ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, USER_URL),
|
||||
ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, USER_URL + "/forgotPassword"),
|
||||
ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, USER_URL + "/verifyPasswordResetToken"),
|
||||
ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, USER_URL + "/resetPassword"))
|
||||
ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, USER_URL + "/forgotPassword"),
|
||||
ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, USER_URL + "/verifyPasswordResetToken"),
|
||||
ServerWebExchangeMatchers.pathMatchers(HttpMethod.PUT, USER_URL + "/resetPassword"))
|
||||
.permitAll()
|
||||
.pathMatchers("/public/**").permitAll()
|
||||
.anyExchange()
|
||||
|
|
|
|||
|
|
@ -23,10 +23,10 @@ url_allow = true {
|
|||
|
||||
# All public URLs must go into this list. Anything not in this list requires an authenticated session to access
|
||||
public_operations = [
|
||||
{"method" : "POST", "url" : "/api/v1/users/forgotPassword" },
|
||||
{"method" : "GET", "url" : "/api/v1/users/forgotPassword" },
|
||||
{"method" : "POST", "url" : "/api/v1/users" },
|
||||
{"method" : "POST", "url" : "/api/v1/users/verifyPasswordResetToken" },
|
||||
{"method" : "POST", "url" : "/api/v1/users/resetPassword" },
|
||||
{"method" : "GET", "url" : "/api/v1/users/verifyPasswordResetToken" },
|
||||
{"method" : "PUT", "url" : "/api/v1/users/resetPassword" },
|
||||
]
|
||||
|
||||
# This is a global list of all the routes for all controllers. Any new controller that is written must
|
||||
|
|
|
|||
Binary file not shown.
Loading…
Reference in New Issue
Block a user