Project

General

Profile

Actions

Defect #28001

closed

API query custom_fields: authorization fails

Added by Wolfgang Ocker almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
REST API
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Cant reproduce
Affected version:

Description

Querying the custom_fields using the API:

wget -O - --header='Accept: application/json' --header='X-Redmine-API-Key: mykey' "http://server:3000/custom_fields.json"                                        

fails with "401 Unauthorized Username/Password - Authentication Failed."

Log:

Started GET "/custom_fields.json" for 10.144.178.63 at 2018-01-16 15:57:06 +0000
Processing by CustomFieldsController#index as JSON
  Current user: anonymous
Filter chain halted as :require_admin rendered or redirected
Completed 401 Unauthorized in 6ms (ActiveRecord: 1.2ms)

Whereas querying the users with the same credentials succeeds:

wget -O - --header='Accept: application/json' --header='X-Redmine-API-Key: mykey' "http://server:3000/users.json"                                        

Log:

Started GET "/users.json" for 10.144.178.63 at 2018-01-16 15:58:05 +0000
Processing by UsersController#index as JSON
  Current user: weo (id=5)
  Rendered users/index.api.rsb (17.5ms)
Completed 200 OK in 38ms (Views: 17.7ms | ActiveRecord: 4.5ms)
Environment:
  Redmine version                3.4.4.stable
  Ruby version                   2.4.3-p205 (2017-12-14) [x86_64-linux]
  Rails version                  4.2.8
  Environment                    production
  Database adapter               Mysql2
SCM:
  Subversion                     1.8.10
  Mercurial                      3.1.2
  Bazaar                         2.7.0
  Git                            2.1.4
  Filesystem                     
Redmine plugins:
  a_common_libs                  2.3.3
  redmine_image_clipboard_paste  3.3.0
  redmine_issue_tabs             1.2.3
  sidebar_hide                   0.0.8
Actions #1

Updated by Toshi MARUYAMA almost 8 years ago

  • Description updated (diff)
Actions #2

Updated by Toshi MARUYAMA almost 8 years ago

  • Status changed from New to Closed
  • Resolution set to Invalid

Filter chain halted as :require_admin rendered or redirected
Completed 401 Unauthorized in 6ms (ActiveRecord: 1.2ms)

You need to be admin.

Actions #3

Updated by Wolfgang Ocker almost 8 years ago

  • Status changed from Closed to Reopened

But I'm admin ...

In the failing case the key is associated with current user "anonymous", in the other case with my user id ("weo"). That confuses me a little bit.

Actions #4

Updated by Toshi MARUYAMA almost 8 years ago

  • Status changed from Reopened to Closed
  • Resolution changed from Invalid to Cant reproduce

I cannot reproduce on vanilla Redmine 3.4.4.
Test covers this case.
source:tags/3.4.4/test/integration/api_test/custom_fields_test.rb#L23

Started GET "/test-3.4-stable/custom_fields.json" for 127.0.0.1 at 2018-01-17 02:04:17 +0900
Processing by CustomFieldsController#index as JSON
  Current user: admin (id=1)
  Rendered custom_fields/index.api.rsb (49.1ms)
Completed 200 OK in 86ms (Views: 51.1ms | ActiveRecord: 3.9ms)
Started GET "/test-3.4-stable/custom_fields.json" for 127.0.0.1 at 2018-01-17 02:04:23 +0900
Processing by CustomFieldsController#index as JSON
  Current user: test02 (id=10)
Filter chain halted as :require_admin rendered or redirected
Completed 403 Forbidden in 43ms (ActiveRecord: 0.8ms)
Actions #5

Updated by Wolfgang Ocker almost 8 years ago

I've tried it with a fresh instance of a docker container and it works indeed. I've to find out what went wrong with the current instance.

Thanks a lot for your support and the great software!

Actions #6

Updated by Vince Mallow over 7 years ago

I have same issue on rm 3.4.5
Fixed after upgrade plugin a_common_libs 2.4.0 to 2.4.3

Actions

Also available in: Atom PDF