#3233 Fixed change incorrect GET endpoints to POST

WebContent/WEB-INF/jsp/systemSettings.jsp

@@ -497,7 +497,7 @@
         }
 
         jQuery.ajax({
-            type: 'GET',
+            type: 'POST',
             dataType: 'text',
             url:myLocation+"api/resources/imagesRefresh",
             success: function(msg){

WebContent/WEB-INF/spring-security.xml

@@ -341,6 +341,7 @@
         <!-- REST API User -->
         <!-- Auth -->
         <intercept-url pattern="/api/auth/**" access="permitAll" />
+        <intercept-url pattern="/api/v2/auth/**" access="permitAll" />
 
         <!-- WatchList POST/PUT/GET -->
         <intercept-url pattern="/api/watch-lists" access="hasAnyRole('ROLE_ADMIN', 'ROLE_USER')" method="POST" />
@@ -364,9 +365,9 @@
         <intercept-url pattern="/api/reports/search" access="hasAnyRole('ROLE_ADMIN', 'ROLE_USER')" method="POST" />
         <intercept-url pattern="/api/reports/sendTestEmails" access="hasAnyRole('ROLE_ADMIN', 'ROLE_USER')" method="POST" />
         <intercept-url pattern="/api/reports/instances" access="hasAnyRole('ROLE_ADMIN', 'ROLE_USER')" method="GET" />
-        <intercept-url pattern="/api/reports/instances/{id}/preventPurge/{preventPurge}" access="@guard.hasReportInstanceSetPermission(request,#id)" method="GET" />
+        <intercept-url pattern="/api/reports/instances/{id}/preventPurge/{preventPurge}" access="@guard.hasReportInstanceSetPermission(request,#id)" method="PUT" />
         <intercept-url pattern="/api/reports/instances/{id}" access="@guard.hasReportInstanceOwnerPermission(request,#id)" method="DELETE" />
-        <intercept-url pattern="/api/reports/run/{id}" access="@guard.hasReportSetPermission(request,#id,false)" method="GET" />
+        <intercept-url pattern="/api/reports/run/{id}" access="@guard.hasReportSetPermission(request,#id,false)" method="POST" />
         <intercept-url pattern="/api/reports/{id}" access="@guard.hasReportOwnerPermission(request,#id,false)" method="DELETE" />
 
         <!-- User PUT/GET -->

WebContent/resources/vue-mixins/shared/mixins-export-import.js

@@ -11,7 +11,11 @@ var ExportImportHierarchiPoints = {
             try {
                 axios({
                     method: 'post',
-                    url: 'http://localhost:8080/ScadaBR/api/auth/admin/admin',
+                    url: 'http://localhost:8080/ScadaBR/api/v2/auth',
+                    data: {
+                        username: 'admin',
+                        password: 'admin',
+                    },
                 }).then(function (response) {
                     alert(response.data);
                     alert(response.status);
@@ -28,4 +32,4 @@ var ExportImportHierarchiPoints = {
             alert('import mixins');
         }
     },
-}
+}

doc/RESTAPI/ScadaLTS_API_OAS3.yaml

@@ -15,7 +15,7 @@ info:
     name: 'GPL-2.0'
 paths:
   /auth/{username}/{password}:
-    get:
+    post:
       tags:
         - AuthenticationAPI
       summary: 'Authenticate to the Scada-LTS'
@@ -37,7 +37,7 @@ paths:
           description: 'Logged successful'
           headers: {}
   /auth/logout/{username}:
-    get:
+    post:
       tags:
         - AuthenticationAPI
       summary: 'Logout from Scada-LTS'
@@ -263,6 +263,56 @@ paths:
                 type: array
                 items:
                   $ref: '#/components/schemas/ScadaObjectIdentifier'
+  /datasource/toggle:
+    post:
+      tags:
+        - DataSourceAPI
+      parameters:
+        - name: 'id'
+          description: 'DataSource ID'
+          in: 'query'
+          required: false
+          schema:
+            type: number
+        - name: 'xid'
+          description: 'DataSource Export ID'
+          in: 'query'
+          required: false
+          schema:
+            type: string
+      responses:
+        '200':
+          description: ''
+          content:
+            application/json:
+              schema:
+                type: object
+  /datasource/datapoints/enable:
+    put:
+      tags:
+        - DataSourceAPI
+      parameters:
+        - name: 'id'
+          description: 'DataSource ID'
+          in: 'query'
+          required: false
+          schema:
+            type: number
+        - name: 'xid'
+          description: 'DataSource Export ID'
+          in: 'query'
+          required: false
+          schema:
+            type: string
+      responses:
+        '200':
+          description: ''
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/JsonDataPoint'
   /userProfiles/:
     get:
       tags:
@@ -882,7 +932,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/PointValuesJSON'
   /point_value/updateMetaDataPointByScript/{xid}:
-    get:
+    put:
       tags:
         - PointValueAPI
       parameters:
@@ -895,7 +945,7 @@ paths:
         '200':
           description: ''
   /point_value/updateMetaDataPointsByScript/{xid}:
-    get:
+    put:
       tags:
         - PointValueAPI
       parameters:
@@ -908,12 +958,43 @@ paths:
         '200':
           description: ''
   /point_value/updateAllMetaDataPointsByScript:
-    get:
+    put:
       tags:
         - PointValueAPI
       responses:
         '200':
           description: ''
+  /reports/run/{id}:
+    post:
+      tags:
+        - ReportsAPI
+      parameters:
+        - name: 'id'
+          in: 'path'
+          required: true
+          schema:
+            type: number
+      responses:
+        '200':
+          description: ''
+  /reports/instances/{id}/preventPurge/{preventPurge}:
+    put:
+      tags:
+        - ReportsAPI
+      parameters:
+        - name: 'id'
+          in: 'path'
+          required: true
+          schema:
+            type: number
+        - name: 'preventPurge'
+          in: 'path'
+          required: true
+          schema:
+            type: boolean
+      responses:
+        '200':
+          description: ''
   /users/:
     get:
       tags:
@@ -1559,7 +1640,7 @@ paths:
         '200':
           description: ''
   /resources/imagesRefresh:
-    get:
+    post:
       tags:
         - ResourcesAPI
       responses:
@@ -1590,7 +1671,7 @@ paths:
                       items:
                         type: object
   /view_hierarchy/createFolder/{name}/{parentId}:
-    get:
+    post:
       tags:
         - ViewHierarchyAPI
       parameters:
@@ -1709,7 +1790,7 @@ paths:
       responses:
         '200':
           description: ''
-  /view_hierarchy/getFirsViewId:
+  /view_hierarchy/getFirstViewId:
     get:
       tags:
         - ViewHierarchyAPI
@@ -2217,7 +2298,21 @@ paths:
                         count:
                           type: number
   /systemSettings/purgeData:
-    get:
+    post:
+      tags:
+        - SystemSettingsAPI
+      responses:
+        '200':
+          description: ''
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  status:
+                    type: string
+  /systemSettings/purgeNow:
+    post:
       tags:
         - SystemSettingsAPI
       responses:
@@ -2403,6 +2498,41 @@ paths:
         '200':
           description: ''
 
+  /v2/auth:
+    post:
+      tags:
+        - AuthenticationAPI
+      summary: 'Authenticate to the Scada-LTS'
+      description: 'Login user to the ScadaLTS'
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              required:
+                - username
+                - password
+              properties:
+                username:
+                  type: string
+                password:
+                  type: string
+      responses:
+        '200':
+          description: 'Logged successful'
+          headers: {}
+  /v2/auth/logout:
+    post:
+      tags:
+        - AuthenticationAPI
+      summary: 'Logout from Scada-LTS'
+      description: 'Logout user from Scada-LTS'
+      responses:
+        '200':
+          description: 'Logged out succesful'
+          headers: {}
+
 components:
   schemas:
     JsonDataPoint:
@@ -3096,4 +3226,4 @@ security: []
 tags: []
 externalDocs:
   url: 'https://scada-lts.atlassian.net/wiki/spaces/APIDOC/pages/178716812/REST+API+Documentation'
-  description: 'Confluence API main page'
+  description: 'Confluence API main page'

scadalts-ui/README.md

@@ -24,7 +24,7 @@ Example usage of images was presented in `src/views/LoginPage/index.vue`
 
 ## Using the developmnet server
 When you start a development server to instant application building you have to log into the Scada-LTS. Dev server uses `"http-proxy-middleware-secure-cookies"` dependency to handle the connection within frontend and core application. When your server is ready you have to open your browser on the `http://localhost:3000/#/` and you should be redirected to login page. There you have to open the DevTools (F11 in Chrome) and open "Network" tab to monitor the HTTP requestes. Try to log into the application using the default password.
-When you receive the `xhr response` with RequestURL `*/api/auth/...` from server open that request details and find the **Response Headers** section. Then find a "set-cookie" header and copy that value. Then paste that cookie inside your DevServer because you were propably prompted to input a auth cookie there. If everything is ok you should see the  
+When you receive the `xhr response` with RequestURL `*/api/v2/auth` from server open that request details and find the **Response Headers** section. Then find a "set-cookie" header and copy that value. Then paste that cookie inside your DevServer because you were propably prompted to input a auth cookie there. If everything is ok you should see the  
 `"Successfully saved your cookie. Please refresh."` message from the WebServer. Then you can easily develop the frontend application with on-fly updates and access to backend data. 
 
 If you have an issue with that try to logout from the core ScadaLTS application (that which is hosted on port 8080) and make sure cookies has been deleted there. In Chrome dev-tools open the "Appication" tab and click "Clear all cookies" button.

scadalts-ui/cypress/integration/ScadaLTS_Views/modern_charts.cy.js

@@ -10,7 +10,7 @@ context('Verify Modern Watch List Page and Modern Charts', () => {
 
 	describe('Chart with 1 datapoint', function () {
 		it('Create chart', function () {
-			cy.request('/api/auth/admin/admin');
+			cy.request('POST', '/api/v2/auth', { username: 'admin', password: 'admin' });
 			cy.get('#watchListSelect').select('Test_WL_1');
 			cy.get('i[class="glyphicon glyphicon-refresh"]').click();
 			cy.get('.hello').find('svg');

scadalts-ui/cypress/support/commands.js

@@ -51,7 +51,12 @@ Cypress.Commands.add('restLogin', (username = 'admin', password = 'admin') => {
 	log.snapshot('before');
 	cy.request({
 		log: false,
-		url: `/api/auth/${username}/${password}`,
+		method: 'POST',
+		url: '/api/v2/auth',
+		body: {
+			username,
+			password,
+		},
 	})
 		.its('body', { log: false })
 		.should('include', 'true');

scadalts-ui/src/store/dataSource/index.js

@@ -340,7 +340,10 @@ const ds = {
 
 		enableAllDataPoints({commit, dispatch}, dataSourceId) {
 			return new Promise((resolve, reject) => {
-				dispatch('requestGet', `/datasource/datapoints/enable?id=${dataSourceId}`)
+				dispatch('requestPut', {
+					url: `/datasource/datapoints/enable?id=${dataSourceId}`,
+					data: null,
+				})
 				.then((resp) => {
 					commit('ENABLE_ALL_DATA_POINTS_IN_DS', dataSourceId);
 					resolve();
@@ -353,7 +356,10 @@ const ds = {
 
 		toggleDataSource({commit, dispatch}, dataSourceId) {
 			return new Promise((resolve, reject) => {
-				dispatch('requestGet', `/datasource/toggle?id=${dataSourceId}`)
+				dispatch('requestPost', {
+					url: `/datasource/toggle?id=${dataSourceId}`,
+					data: null,
+				})
 				.then(() => {
 					commit('TOGGLE_DATA_SOURCE', dataSourceId);
 					resolve();

scadalts-ui/src/store/reports/index.js

@@ -50,7 +50,10 @@ const storeReports = {
 			.catch(() => { dispatch('showErrorNotification', 'Reports not loaded')});
 		},
 		setPreventPurge({ commit, dispatch }, payload) {
-			dispatch('requestGet', `/reports/instances/${payload.id}/preventPurge/${payload.preventPurge}`)
+			dispatch('requestPut', {
+				url: `/reports/instances/${payload.id}/preventPurge/${payload.preventPurge}`,
+				data: null,
+			})
 				.then((r) => { commit(TOGGLE_PURGE, r)})
 				.catch(() => { dispatch('showErrorNotification', 'Failed to save this property')});
 		},
@@ -67,7 +70,7 @@ const storeReports = {
 		},
 
 		runReport({ dispatch }, id) {
-			return dispatch('requestGet', `/reports/run/${id}`);
+			return dispatch('requestPost', { url: `/reports/run/${id}`, data: null });
 		},
 		fetchReports({ dispatch }, payload) {
 			return dispatch('requestPost', {

scadalts-ui/src/store/systemSettings/index.js

@@ -286,7 +286,7 @@ const storeSystemSettings = {
 		purgeData(context) {
 			return new Promise((resolve, reject) => {
 				axios
-					.get(`${context.state.systemSettingsApiUrl}/purgeData`, {
+					.post(`${context.state.systemSettingsApiUrl}/purgeData`, null, {
 						timeout: 5000,
 						useCredentials: true,
 						credentials: 'same-origin',
@@ -305,7 +305,7 @@ const storeSystemSettings = {
 		},
 
 		purgeNow({dispatch}) {
-			return dispatch('requestGet', '/systemSettings/purgeNow');
+			return dispatch('requestPost', { url: '/systemSettings/purgeNow', data: null });
 		},
 
 		configurationEqual(ctx, objects) {