thingsboard-developers

diff --git a/application/src/main/java/org/thingsboard/server/controller/AuthController.java b/application/src/main/java/org/thingsboard/server/controller/AuthController.java
index 0246e07..cb2f5b9 100644
--- a/application/src/main/java/org/thingsboard/server/controller/AuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/AuthController.java
@@ -19,8 +19,6 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import lombok.extern.slf4j.Slf4j;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
@@ -30,7 +28,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.bind.annotation.*;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.security.UserCredentials;
-import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.exception.ThingsboardErrorCode;
 import org.thingsboard.server.exception.ThingsboardException;
 import org.thingsboard.server.service.mail.MailService;
@@ -78,9 +75,10 @@ public class AuthController extends BaseController {
     @RequestMapping(value = "/auth/changePassword", method = RequestMethod.POST)
     @ResponseStatus(value = HttpStatus.OK)
     public void changePassword (
-            @RequestParam(value = "currentPassword") String currentPassword,
-            @RequestParam(value = "newPassword") String newPassword) throws ThingsboardException {
+            @RequestBody JsonNode changePasswordRequest) throws ThingsboardException {
         try {
+            String currentPassword = changePasswordRequest.get("currentPassword").asText();
+            String newPassword = changePasswordRequest.get("newPassword").asText();
             SecurityUser securityUser = getCurrentUser();
             UserCredentials userCredentials = userService.findUserCredentialsByUserId(securityUser.getId());
             if (!passwordEncoder.matches(currentPassword, userCredentials.getPassword())) {
@@ -118,9 +116,10 @@ public class AuthController extends BaseController {
     @RequestMapping(value = "/noauth/resetPasswordByEmail", method = RequestMethod.POST)
     @ResponseStatus(value = HttpStatus.OK)
     public void requestResetPasswordByEmail (
-            @RequestParam(value = "email") String email,
+            @RequestBody JsonNode resetPasswordByEmailRequest,
             HttpServletRequest request) throws ThingsboardException {
         try {
+            String email = resetPasswordByEmailRequest.get("email").asText();
             UserCredentials userCredentials = userService.requestPasswordReset(email);
             String baseUrl = constructBaseUrl(request);
             String resetUrl = String.format("%s/api/noauth/resetPassword?resetToken=%s", baseUrl,
@@ -158,10 +157,11 @@ public class AuthController extends BaseController {
     @ResponseStatus(value = HttpStatus.OK)
     @ResponseBody
     public JsonNode activateUser(
-            @RequestParam(value = "activateToken") String activateToken,
-            @RequestParam(value = "password") String password,
+            @RequestBody JsonNode activateRequest,
             HttpServletRequest request) throws ThingsboardException {
         try {
+            String activateToken = activateRequest.get("activateToken").asText();
+            String password = activateRequest.get("password").asText();
             String encodedPassword = passwordEncoder.encode(password);
             UserCredentials credentials = userService.activateUserCredentials(activateToken, encodedPassword);
             User user = userService.findUserById(credentials.getUserId());
@@ -194,10 +194,11 @@ public class AuthController extends BaseController {
     @ResponseStatus(value = HttpStatus.OK)
     @ResponseBody
     public JsonNode resetPassword(
-            @RequestParam(value = "resetToken") String resetToken,
-            @RequestParam(value = "password") String password,
+            @RequestBody JsonNode resetPasswordRequest,
             HttpServletRequest request) throws ThingsboardException {
         try {
+            String resetToken = resetPasswordRequest.get("resetToken").asText();
+            String password = resetPasswordRequest.get("password").asText();
             UserCredentials userCredentials = userService.findUserCredentialsByResetToken(resetToken);
             if (userCredentials != null) {
                 String encodedPassword = passwordEncoder.encode(password);

diff --git a/application/src/test/java/org/thingsboard/server/controller/AbstractControllerTest.java b/application/src/test/java/org/thingsboard/server/controller/AbstractControllerTest.java
index 689f316..19e4329 100644
--- a/application/src/test/java/org/thingsboard/server/controller/AbstractControllerTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/AbstractControllerTest.java
@@ -221,7 +221,10 @@ public abstract class AbstractControllerTest {
         doGet("/api/noauth/activate?activateToken={activateToken}", TestMailService.currentActivateToken)
                 .andExpect(status().isSeeOther())
                 .andExpect(header().string(HttpHeaders.LOCATION, "/login/createPassword?activateToken=" + TestMailService.currentActivateToken));
-        JsonNode tokenInfo = readResponse(doPost("/api/noauth/activate", "activateToken", TestMailService.currentActivateToken, "password", password).andExpect(status().isOk()), JsonNode.class);
+        JsonNode activateRequest = new ObjectMapper().createObjectNode()
+                .put("activateToken", TestMailService.currentActivateToken)
+                .put("password", password);
+        JsonNode tokenInfo = readResponse(doPost("/api/noauth/activate", activateRequest).andExpect(status().isOk()), JsonNode.class);
         validateAndSetJwtToken(tokenInfo, user.getEmail());
         return savedUser;
     }

diff --git a/application/src/test/java/org/thingsboard/server/controller/BaseUserControllerTest.java b/application/src/test/java/org/thingsboard/server/controller/BaseUserControllerTest.java
index 8dac038..e3c87f6 100644
--- a/application/src/test/java/org/thingsboard/server/controller/BaseUserControllerTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/BaseUserControllerTest.java
@@ -17,6 +17,7 @@ package org.thingsboard.server.controller;
 
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.Assert;
 import org.junit.Test;
@@ -73,7 +74,11 @@ public abstract class BaseUserControllerTest extends AbstractControllerTest {
         .andExpect(status().isSeeOther())
         .andExpect(header().string(HttpHeaders.LOCATION, "/login/createPassword?activateToken=" + TestMailService.currentActivateToken));
 
-        JsonNode tokenInfo = readResponse(doPost("/api/noauth/activate", "activateToken", TestMailService.currentActivateToken, "password", "testPassword").andExpect(status().isOk()), JsonNode.class);
+        JsonNode activateRequest = new ObjectMapper().createObjectNode()
+                .put("activateToken", TestMailService.currentActivateToken)
+                .put("password", "testPassword");
+
+        JsonNode tokenInfo = readResponse(doPost("/api/noauth/activate", activateRequest).andExpect(status().isOk()), JsonNode.class);
         validateAndSetJwtToken(tokenInfo, email);
 
         doGet("/api/auth/user")
@@ -117,13 +122,21 @@ public abstract class BaseUserControllerTest extends AbstractControllerTest {
         
         User savedUser = createUserAndLogin(user, "testPassword1");
         logout();
-        doPost("/api/noauth/resetPasswordByEmail", "email", email)
+
+        JsonNode resetPasswordByEmailRequest = new ObjectMapper().createObjectNode()
+                .put("email", email);
+
+        doPost("/api/noauth/resetPasswordByEmail", resetPasswordByEmailRequest)
         .andExpect(status().isOk());
         doGet("/api/noauth/resetPassword?resetToken={resetToken}", TestMailService.currentResetPasswordToken)
         .andExpect(status().isSeeOther())
         .andExpect(header().string(HttpHeaders.LOCATION, "/login/resetPassword?resetToken=" + TestMailService.currentResetPasswordToken));
-        
-        JsonNode tokenInfo = readResponse(doPost("/api/noauth/resetPassword", "resetToken", TestMailService.currentResetPasswordToken, "password", "testPassword2").andExpect(status().isOk()), JsonNode.class);
+
+        JsonNode resetPasswordRequest = new ObjectMapper().createObjectNode()
+                .put("resetToken", TestMailService.currentResetPasswordToken)
+                .put("password", "testPassword2");
+
+        JsonNode tokenInfo = readResponse(doPost("/api/noauth/resetPassword", resetPasswordRequest).andExpect(status().isOk()), JsonNode.class);
         validateAndSetJwtToken(tokenInfo, email);
 
         doGet("/api/auth/user")

diff --git a/ui/src/app/api/login.service.js b/ui/src/app/api/login.service.js
index 272e4df..74f9587 100644
--- a/ui/src/app/api/login.service.js
+++ b/ui/src/app/api/login.service.js
@@ -65,8 +65,8 @@ function LoginService($http, $q) {
 
     function sendResetPasswordLink(email) {
         var deferred = $q.defer();
-        var url = '/api/noauth/resetPasswordByEmail?email=' + email;
-        $http.post(url, null).then(function success(response) {
+        var url = '/api/noauth/resetPasswordByEmail';
+        $http.post(url, {email: email}).then(function success(response) {
             deferred.resolve(response);
         }, function fail() {
             deferred.reject();
@@ -76,8 +76,8 @@ function LoginService($http, $q) {
 
     function resetPassword(resetToken, password) {
         var deferred = $q.defer();
-        var url = '/api/noauth/resetPassword?resetToken=' + resetToken + '&password=' + password;
-        $http.post(url, null).then(function success(response) {
+        var url = '/api/noauth/resetPassword';
+        $http.post(url, {resetToken: resetToken, password: password}).then(function success(response) {
             deferred.resolve(response);
         }, function fail() {
             deferred.reject();
@@ -87,8 +87,8 @@ function LoginService($http, $q) {
 
     function activate(activateToken, password) {
         var deferred = $q.defer();
-        var url = '/api/noauth/activate?activateToken=' + activateToken + '&password=' + password;
-        $http.post(url, null).then(function success(response) {
+        var url = '/api/noauth/activate';
+        $http.post(url, {activateToken: activateToken, password: password}).then(function success(response) {
             deferred.resolve(response);
         }, function fail() {
             deferred.reject();
@@ -98,8 +98,8 @@ function LoginService($http, $q) {
 
     function changePassword(currentPassword, newPassword) {
         var deferred = $q.defer();
-        var url = '/api/auth/changePassword?currentPassword=' + currentPassword + '&newPassword=' + newPassword;
-        $http.post(url, null).then(function success(response) {
+        var url = '/api/auth/changePassword';
+        $http.post(url, {currentPassword: currentPassword, newPassword: newPassword}).then(function success(response) {
             deferred.resolve(response);
         }, function fail() {
             deferred.reject();