You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltacloud.apache.org by "Ronelle Landy (JIRA)" <ji...@apache.org> on 2012/10/03 21:32:12 UTC
[jira] [Closed] (DTACLOUD-323) Incorrect responses for json
requests with missing/invalid credentials
[ https://issues.apache.org/jira/browse/DTACLOUD-323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ronelle Landy closed DTACLOUD-323.
----------------------------------
Using deltacloud gem - latest under test:
curl -v -X GET --user "fake:false" -H 'Accept: application/json' "qeblade39.rhq.lab.eng.bos.redhat.com:3005/api/images"
* About to connect() to qeblade39.rhq.lab.eng.bos.redhat.com port 3005 (#0)
* Trying 10.16.120.64...
* connected
* Connected to qeblade39.rhq.lab.eng.bos.redhat.com (10.16.120.64) port 3005 (#0)
* Server auth using Basic with user 'fake'
> GET /api/images HTTP/1.1
> Authorization: Basic ZmFrZTpmYWxzZQ==
> User-Agent: curl/7.24.0 (x86_64-redhat-linux-gnu) libcurl/7.24.0 NSS/3.13.5.0 zlib/1.2.5 libidn/1.24 libssh2/1.4.1
> Host: qeblade39.rhq.lab.eng.bos.redhat.com:3005
> Accept: application/json
>
< HTTP/1.1 401 Unauthorized
< X-Frame-Options: sameorigin
< X-XSS-Protection: 1; mode=block
< Content-Type: application/json
< Server: Apache-Deltacloud/1.0.4
< X-Deltacloud-Driver: mock
< Content-Length: 82
< Date: Wed, 03 Oct 2012 19:29:14 GMT
< Connection: keep-alive
<
* Connection #0 to host qeblade39.rhq.lab.eng.bos.redhat.com left intact
{"error":{"message":"Authentication required","status":"401","url":"/api/images"}}* Closing connection #0
Closing this JIRA as fixed
> Incorrect responses for json requests with missing/invalid credentials
> ----------------------------------------------------------------------
>
> Key: DTACLOUD-323
> URL: https://issues.apache.org/jira/browse/DTACLOUD-323
> Project: DeltaCloud
> Issue Type: Bug
> Components: Server
> Environment: Deltacloud 1.0.3 running from source under Fedora 17, 64bit.
> Reporter: Tomas Sedovic
> Assignee: Michal Fojtik
> Attachments: deltacloud-stacktrace.txt
>
>
> Requesting a JSON resource that requires authentication (e.g. images) and passing either empty or incorrect credentials results in unexpected responses: 406 for wrong username/password and empty response + server-side exception for missing credentials.
> Steps:
> 1. cd deltacloud/server
> 2. git checkout release-1.0.3
> 3. ./bin/deltacloudd -i mock
> 4. In another shell run these commands:
> $ curl -v http://localhost:3001/api/images -H 'Accept: application/json' -u mockuser:mockpassword
> result: HTTP/1.1 200 OK (this is correct)
> $ curl -v http://localhost:3001/api/images -H 'Accept: application/json' -u mockuser:badpassword
> result: HTTP/1.1 406 Not Acceptable; expected: 401 Unauthorized
> $ curl -v http://localhost:3001/api/images -H 'Accept: application/json'
> result: curl: (52) Empty reply from server, the Deltacloud server logs an exception stacktrace (attached)
> excepted: 401 Unauthorized, no exception on the server
> Tested on Mock and EC2 drivers. This happens only when requesting JSON-formatted data. Asking for XML returns 401 in both cases.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira