Bug #541

OCCI API should return 403 Forbidden when the user cannot be authenticated, instead of 404 Not Found

Added by Cyril Rohr over 9 years ago. Updated about 9 years ago.

Status:ClosedStart date:03/23/2011
Priority:NormalDue date:
Assignee:Tino Vázquez% Done:

0%

Category:-
Target version:Release 3.0
Resolution:fixed Pull request:
Affected Versions:

Description

The following test case is using BonFIRE specific code, but it should be the same with vanilla OpenNebula:

crohr@parachute: $ curl -ki https://server.ltd/storage --cert certs/brokercert.pem --key keys/brokernewkey.pem -H'X-Bonfire-Asserted-Id: crohr'
HTTP/1.1 404 Not Found
Content-Type: text/html;charset=utf-8
Date: Wed, 23 Mar 2011 07:47:10 GMT
Server: WEBrick/1.3.1 (Ruby/1.8.7/2010-12-23)
Content-Length: 62

[ImagePoolInfo] User couldn't be authenticated, aborting call.

Would it be possible to return 403 instead of 404?

Associated revisions

Revision a046dc2c
Added by Tino Vázquez about 9 years ago

Bug #541: If there is no auth data, a 401 is returned.

Revision 7e74a089
Added by Abel Coronado almost 3 years ago

B #5484: Custom vars in CONTEXT shouldn't let objects be created (#541)

Revision e499d6e8
Added by Abel Coronado almost 3 years ago

B #5484: Custom vars in CONTEXT shouldn't let objects be created (#541)

(cherry picked from commit 7e74a08989ed7e842beb84cabb96eb7eace02799)

History

#1 Updated by Ruben S. Montero over 9 years ago

  • Assignee changed from Daniel Molina to Tino Vázquez

#2 Updated by Tino Vázquez about 9 years ago

  • Status changed from New to Closed
  • Resolution set to fixed
  • Addon deleted (Ldap Authentication)

If the auth info is not present, or not valid, a 401 is returned.

Also available in: Atom PDF