From 9b7a26fc3708ac42d7d29c4329adbde465d29220 Mon Sep 17 00:00:00 2001
From: Johannes Zellner <johannes@cloudron.io>
Date: Thu, 9 Feb 2017 13:02:41 +0100
Subject: Send username/password in body and fix cli

---
 src/auth.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/auth.js')

diff --git a/src/auth.js b/src/auth.js
index f49ca38..5f83cea 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -47,13 +47,13 @@ if (LDAP_URL && LDAP_USERS_BASE_DN) {
         function (req, res, next) {
             var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
             if (!users) return res.send(401);
-            if (!users[req.query.username]) return res.send(401);
+            if (!users[req.body.username]) return res.send(401);
 
-            bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
+            bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {
                 if (error || !valid) return res.send(401);
 
                 req.user = {
-                    username: req.query.username
+                    username: req.body.username
                 };
 
                 next();
-- 
cgit v1.2.3