Actions
Defect #18113
closed
REST API KEY doesn't work with basic authentication
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
REST API
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Cant reproduce
Affected version:
Description
If I try to access the api using my key and basic authentication it doesn't work. It does if I use the key as a parameter.
$ curl -v -u MyAPIKey:randompassword https://IP/users/current.xml
* STATE: INIT => CONNECT handle 0x800477e8; line 1028 (connection #-5000)
* Hostname was NOT found in DNS cache
* Trying IP...
* STATE: CONNECT => WAITCONNECT handle 0x800477e8; line 1076 (connection #0)
* Connected to (IP) port 443 (#0)
* STATE: PROTOCONNECT => DO handle 0x800477e8; line 1208 (connection #0)
* Server auth using Basic with user 'MyAPIKey'
> GET /users/current.xml HTTP/1.1
> Authorization: Basic base64_of_MyAPIKey:randompassword
> User-Agent: curl/7.37.1
> Host: IP
> Accept: */*
>
* STATE: DO => DO_DONE handle 0x800477e8; line 1281 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x800477e8; line 1407 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x800477e8; line 1420 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 401 Authorization Required
< Date: Thu, 16 Oct 2014 07:21:17 GMT
* Server Apache is not blacklisted
< Server: Apache
< Strict-Transport-Security: max-age=31536000; includeSubDomains
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Redmine API"
< X-UA-Compatible: IE=Edge,chrome=1
< Cache-Control: no-cache
< X-Request-Id: 2ea6385fbc1564b902112fd5397a88ac
< X-Runtime: 0.006031
< X-Rack-Cache: miss
< Content-Type: application/xml; charset=utf-8
< Transfer-Encoding: chunked
<
* STATE: PERFORM => DONE handle 0x800477e8; line 1590 (connection #0)
* Connection #0 to host IP left intact
* Expire cleared
Redmine log:
Started GET "/users/current.xml" for XXX at 2014-10-16 09:21:32 +0200
Processing by UsersController#show as XML
Parameters: {"id"=>"current"}
Current user: anonymous
Filter chain halted as :check_if_login_required rendered or redirected
Completed 401 Unauthorized in 3.3ms (ActiveRecord: 0.7ms)
$ curl -v https://IP/users/current.xml?key=MyAPIKey
* STATE: INIT => CONNECT handle 0x800477e8; line 1028 (connection #-5000)
* Hostname was NOT found in DNS cache
* Trying IP...
* STATE: CONNECT => WAITCONNECT handle 0x800477e8; line 1076 (connection #0)
* Connected to (IP) port 443 (#0)
* STATE: PROTOCONNECT => DO handle 0x800477e8; line 1208 (connection #0)
> GET /users/current.xml?key=MyAPIKey HTTP/1.1
> User-Agent: curl/7.37.1
> Host: IP
> Accept: */*
>
* STATE: DO => DO_DONE handle 0x800477e8; line 1281 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x800477e8; line 1407 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x800477e8; line 1420 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< Date: Thu, 16 Oct 2014 07:24:31 GMT
* Server Apache is not blacklisted
< Server: Apache
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-UA-Compatible: IE=Edge,chrome=1
< ETag: "3299271e718c967be9ce47132e0f3033"
< Cache-Control: max-age=0, private, must-revalidate
< X-Request-Id: 915ced07c7be89d4423c0dda47cfddc6
< X-Runtime: 0.072114
< X-Rack-Cache: miss
< Content-Type: application/xml; charset=utf-8
< Transfer-Encoding: chunked
<
* STATE: PERFORM => DONE handle 0x800477e8; line 1590 (connection #0)
* Connection #0 to host IP left intact
* Expire cleared
<?xml version="1.0" encoding="UTF-8"?><user><id>3</id><login>xxx</login><firstname>xxx</firstname><lastname>xxx</lastname><mail>.....
Redmine log:
Started GET "/users/current.xml?key=MyAPIKey" for 10.11.1.164 at 2014-10-16 09:24:31 +0200
Processing by UsersController#show as XML
Parameters: {"key"=>"MyAPIKey", "id"=>"current"}
Current user: xxx (id=3)
Rendered users/show.api.rsb (3.6ms)
Completed 200 OK in 70.1ms (Views: 3.8ms | ActiveRecord: 21.5ms)
Updated by 
Updated by 
Updated by
Actions