Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User is able to transfer another users money #8

Open
Nefrin opened this issue Jul 9, 2019 · 0 comments
Open

User is able to transfer another users money #8

Nefrin opened this issue Jul 9, 2019 · 0 comments
Labels
bug Something isn't working

Comments

@Nefrin
Copy link
Contributor

Nefrin commented Jul 9, 2019

A regular user is able to send a POST request to /v1/transactions/transfer with a specified sender in the JSON body.

POST /v1/transactions/transfer HTTP/1.1
Host: localhost:8080
Content-Type: application/json
Authorization: Basic e3t1c2VyX2xvZ2lufX06
User-Agent: PostmanRuntime/7.15.0
Accept: */*
Cache-Control: no-cache
Postman-Token: 9b1333f0-3cad-40e4-ac47-cd9d082ea049,66371bc1-65fc-4fcc-abe5-48e77cd3b389
Host: localhost:8080
accept-encoding: gzip, deflate
content-length: 76
Connection: keep-alive
cache-control: no-cache

{
   "sender": {{admin_id}},
   "receiver": {{current_user_id}},
   "amount": 300
}

This example request is answered with a 201 Accepted. This is most likely a bad thing.

@Nefrin Nefrin added the bug Something isn't working label Jul 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant