Fix change password form

This commit removes an unused header in the UI that was causing attempts to guess the user by an invalid JWT token when multitenancy was enabled. Signed-off-by: Jose Javier Merchante <jjmerchante@bitergia.com>
chaoss · Apr 12, 2024 · 1a06e2b · 1a06e2b
1 parent 6c680d6
commit 1a06e2b
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/releases/unreleased/change-password-form-fixed.yml b/releases/unreleased/change-password-form-fixed.yml
@@ -0,0 +1,10 @@
+---
+title: Change password form fixed
+category: fixed
+author: Jose Javier Merchante <jjmerchante@bitergia.com>
+issue: null
+notes: >
+  An unused header in the UI made the attempts
+  to change the password fail. It tried to guess
+  the user from an invalid JWT token when multitenancy
+  was enabled.
diff --git a/ui/src/views/ChangePassword.vue b/ui/src/views/ChangePassword.vue
@@ -96,10 +96,8 @@ export default {
     },
     headers() {
       const csrftoken = Cookies.get("csrftoken");
-      const authtoken = Cookies.get("sh_authtoken");
       const headers = {
         "X-CSRFToken": csrftoken,
-        Authorization: `JWT ${authtoken}`,
       };
 
       return headers;