Defect #28001
closedAPI query custom_fields: authorization fails
0%
Description
Querying the custom_fields using the API:
wget -O - --header='Accept: application/json' --header='X-Redmine-API-Key: mykey' "http://server:3000/custom_fields.json"
fails with "401 Unauthorized Username/Password - Authentication Failed."
Log:
Started GET "/custom_fields.json" for 10.144.178.63 at 2018-01-16 15:57:06 +0000 Processing by CustomFieldsController#index as JSON Current user: anonymous Filter chain halted as :require_admin rendered or redirected Completed 401 Unauthorized in 6ms (ActiveRecord: 1.2ms)
Whereas querying the users with the same credentials succeeds:
wget -O - --header='Accept: application/json' --header='X-Redmine-API-Key: mykey' "http://server:3000/users.json"
Log:
Started GET "/users.json" for 10.144.178.63 at 2018-01-16 15:58:05 +0000 Processing by UsersController#index as JSON Current user: weo (id=5) Rendered users/index.api.rsb (17.5ms) Completed 200 OK in 38ms (Views: 17.7ms | ActiveRecord: 4.5ms)
Environment: Redmine version 3.4.4.stable Ruby version 2.4.3-p205 (2017-12-14) [x86_64-linux] Rails version 4.2.8 Environment production Database adapter Mysql2 SCM: Subversion 1.8.10 Mercurial 3.1.2 Bazaar 2.7.0 Git 2.1.4 Filesystem Redmine plugins: a_common_libs 2.3.3 redmine_image_clipboard_paste 3.3.0 redmine_issue_tabs 1.2.3 sidebar_hide 0.0.8
       Updated by Toshi MARUYAMA almost 8 years ago
      Updated by Toshi MARUYAMA almost 8 years ago
      
    
    - Status changed from New to Closed
- Resolution set to Invalid
Filter chain halted as :require_admin rendered or redirected
Completed 401 Unauthorized in 6ms (ActiveRecord: 1.2ms)
You need to be admin.
       Updated by Wolfgang Ocker almost 8 years ago
      Updated by Wolfgang Ocker almost 8 years ago
      
    
    - Status changed from Closed to Reopened
But I'm admin ...
In the failing case the key is associated with current user "anonymous", in the other case with my user id ("weo"). That confuses me a little bit.
       Updated by Toshi MARUYAMA almost 8 years ago
      Updated by Toshi MARUYAMA almost 8 years ago
      
    
    - Status changed from Reopened to Closed
- Resolution changed from Invalid to Cant reproduce
I cannot reproduce on vanilla Redmine 3.4.4.
Test covers this case.
source:tags/3.4.4/test/integration/api_test/custom_fields_test.rb#L23
Started GET "/test-3.4-stable/custom_fields.json" for 127.0.0.1 at 2018-01-17 02:04:17 +0900 Processing by CustomFieldsController#index as JSON Current user: admin (id=1) Rendered custom_fields/index.api.rsb (49.1ms) Completed 200 OK in 86ms (Views: 51.1ms | ActiveRecord: 3.9ms) Started GET "/test-3.4-stable/custom_fields.json" for 127.0.0.1 at 2018-01-17 02:04:23 +0900 Processing by CustomFieldsController#index as JSON Current user: test02 (id=10) Filter chain halted as :require_admin rendered or redirected Completed 403 Forbidden in 43ms (ActiveRecord: 0.8ms)
       Updated by Wolfgang Ocker almost 8 years ago
      Updated by Wolfgang Ocker almost 8 years ago
      
    
    I've tried it with a fresh instance of a docker container and it works indeed. I've to find out what went wrong with the current instance.
Thanks a lot for your support and the great software!
       Updated by Vince Mallow over 7 years ago
      Updated by Vince Mallow over 7 years ago
      
    
    I have same issue on rm 3.4.5
Fixed after upgrade plugin a_common_libs 2.4.0 to 2.4.3