Defect #12472

Roles REST API does not accept API authentication

Added by Vincent Caron about 5 years ago. Updated about 5 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:REST API
Target version:-
Resolution:Fixed Affected version:

Description

While using the Roles REST API, I encountered a bogus issue with authentication while the global setting "Authentication required" was on : I could not fetch /roles.{json|xml}, I always got a 401 whatever auth I tried (cookie, plain, header).

The following patch against SVN trunk should fix it, at least it works correctly now for me :

Index: app/controllers/roles_controller.rb
===================================================================
--- app/controllers/roles_controller.rb (revision 10851)
+++ app/controllers/roles_controller.rb (working copy)
@@ -19,8 +19,8 @@
   layout 'admin'

   before_filter :require_admin, :except => [:index, :show]
-  before_filter :require_admin_or_api_request, :only => [:index, :show]
   before_filter :find_role, :only => [:show, :edit, :update, :destroy]
+  accept_api_auth :index, :show

   def index
     respond_to do |format|

Related issues

Related to Redmine - Feature #11502: Expose roles details via REST API Closed

Associated revisions

Revision 10893
Added by Jean-Philippe Lang about 5 years ago

Fixed that roles API should accept API auth for when authentication is required (#12472).

Revision 10895
Added by Jean-Philippe Lang about 5 years ago

Merged r10893 into 2.1-stable (#12472).

Revision 10896
Added by Jean-Philippe Lang about 5 years ago

Merged r10893 into 1.4-stable (#12472).

History

#1 Updated by Jean-Philippe Lang about 5 years ago

  • Subject changed from Roles REST API auth incorrect to Roles REST API does not accept API authentication
  • Category changed from Accounts / authentication to REST API
  • Status changed from New to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version set to 2.1.5

Fixed in r10893.

#2 Updated by Jean-Philippe Lang about 5 years ago

  • Tracker changed from Patch to Defect
  • Status changed from Resolved to Closed
  • Resolution set to Fixed

Merged.

#3 Updated by Toshi MARUYAMA about 5 years ago

  • Status changed from Closed to Reopened

In 2.1-stable and 1.4-stable, "accept_api_auth" is duplicates.
Is it correct?
source:branches/2.1-stable/app/controllers/roles_controller.rb@10895#L24

  accept_api_auth :index
  accept_api_auth :index, :show

#4 Updated by Toshi MARUYAMA about 5 years ago

RolesController#show added at trunk r10620.
1.4-stable and 2.1-stable don't have RolesController#show.

#5 Updated by Jean-Philippe Lang about 5 years ago

  • Status changed from Reopened to Closed
  • Target version changed from 2.1.5 to 2.2.0
  • Affected version (unused) set to devel

You're right. Reverted in stable branches.

#6 Updated by Toshi MARUYAMA about 5 years ago

  • Target version deleted (2.2.0)

Also available in: Atom PDF