You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2018/11/20 21:16:47 UTC

[GitHub] rob05c opened a new pull request #3045: Fix TO Go auth wrapper to be after other wrappers

rob05c opened a new pull request #3045: Fix TO Go auth wrapper to be after other wrappers
URL: https://github.com/apache/trafficcontrol/pull/3045
 
 
   This specifically fixes a major bug, where auth failure returns a 200.
   
   This causes a major bug in the TO Go client, (and likely other
   clients)which assumes a 200 to be success, and then goes on to request
   data, gets more auth failures with 200's, but thinks they're success,
   and thinks the JSON is just missing all fields, which are defaulted
   to 0/empty string/null.
   
   This causes other bugs that just went unnoticed, like missing the
   Access-Control headers, X-Server-Name, and gzipping.
   
   #### What does this PR do?
   
   This specifically fixes a major bug, where auth failure returns a 200, breaking clients.
   
   #### Which TC components are affected by this PR?
   
   - [ ] Documentation
   - [ ] Grove
   - [ ] Traffic Analytics
   - [ ] Traffic Monitor
   - [ ] Traffic Ops
   - [ ] Traffic Ops ORT
   - [ ] Traffic Portal
   - [ ] Traffic Router
   - [ ] Traffic Stats
   - [ ] Traffic Vault
   - [ ] Other _________
   
   #### What is the best way to verify this PR?
   
   Run Traffic Ops and e.g. `curl -Lvsk https://your-traffic-ops.example.net/api/1.2/cdns`, you should get a `401`, along with `access-control` and `x-server-name` headers. 
   
   Run `curl -Lvsk -H "Accept-Encoding: gzip" https://localhost/api/1.2/cdns | gunzip`, and verify a `content-encoding: gzip` header, and successful decoding by `gunzip`.
   
   Go to `https://your-traffic-ops.example.net/api/1.2/cdns` in a web browser (which hasn't previously logged in, and therefore doesn't have an auth cookie, and verify the same results in a debug console (Readable error, `content-encoding: gzip`, `401` code).
   
   #### Check all that apply
   
   - [ ] This PR includes tests
   - [ ] This PR includes documentation updates
   - [ ] This PR includes an update to CHANGELOG.md
   - [ ] This PR includes all required license headers
   - [ ] This PR includes a database migration (ensure that migration sequence is correct)
   - [ ] This PR fixes a serious security flaw. Read more: [www.apache.org/security](http://www.apache.org/security/)
   
   <!--
       Licensed to the Apache Software Foundation (ASF) under one
       or more contributor license agreements.  See the NOTICE file
       distributed with this work for additional information
       regarding copyright ownership.  The ASF licenses this file
       to you under the Apache License, Version 2.0 (the
       "License"); you may not use this file except in compliance
       with the License.  You may obtain a copy of the License at
   
         http://www.apache.org/licenses/LICENSE-2.0
   
       Unless required by applicable law or agreed to in writing,
       software distributed under the License is distributed on an
       "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
       KIND, either express or implied.  See the License for the
       specific language governing permissions and limitations
       under the License.
   -->
   
   
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services