MAGETWO-52371: Marketplace credentials are exposed via URL

mazhalai · mazhalai · commit 8d0758c77019 · 2016-04-28T12:25:11.000-05:00
- removal of password from json response.
diff --git a/setup/src/Magento/Setup/Controller/Marketplace.php b/setup/src/Magento/Setup/Controller/Marketplace.php
@@ -90,12 +90,12 @@ public function checkAuthAction()
                 );
                 $isValid = json_decode($isValid, true);
                 if ($isValid['success'] === true) {
-                    return new JsonModel(['success' => true, 'data' => $authDataJson]);
+                    return new JsonModel(['success' => true, 'data' => ['username' => $authDataJson['username']]]);
                 } else {
                     return new JsonModel(['success' => false, 'message' => $isValid['message']]);
                 }
             }
-            return new JsonModel(['success' => false, 'data' => $authDataJson]);
+            return new JsonModel(['success' => false, 'data' => ['username' => $authDataJson['username']]]);
         } catch (\Exception $e) {
             return new JsonModel(['success' => false, 'message' => $e->getMessage()]);
         }

Original file line number	Diff line number	Diff line change
`@@ -90,12 +90,12 @@ public function checkAuthAction()`
`90`	`90`	`);`
`91`	`91`	`$isValid = json_decode($isValid, true);`
`92`	`92`	`if ($isValid['success'] === true) {`
`93`		`- return new JsonModel(['success' => true, 'data' => $authDataJson]);`
	`93`	`+ return new JsonModel(['success' => true, 'data' => ['username' => $authDataJson['username']]]);`
`94`	`94`	`} else {`
`95`	`95`	`return new JsonModel(['success' => false, 'message' => $isValid['message']]);`
`96`	`96`	`}`
`97`	`97`	`}`
`98`		`- return new JsonModel(['success' => false, 'data' => $authDataJson]);`
	`98`	`+ return new JsonModel(['success' => false, 'data' => ['username' => $authDataJson['username']]]);`
`99`	`99`	`} catch (\Exception $e) {`
`100`	`100`	`return new JsonModel(['success' => false, 'message' => $e->getMessage()]);`
`101`	`101`	`}`