Bug #541

OCCI API should return 403 Forbidden when the user cannot be authenticated, instead of 404 Not Found

Added by Cyril Rohr over 10 years ago. Updated about 10 years ago.

Status:ClosedStart date:03/23/2011
Priority:NormalDue date:
Assignee:Tino Vázquez% Done:

0%

Category:-
Target version:Release 3.0
Resolution:fixed Pull request:
Affected Versions:

Description

The following test case is using BonFIRE specific code, but it should be the same with vanilla OpenNebula:

crohr@parachute: $ curl -ki https://server.ltd/storage --cert certs/brokercert.pem --key keys/brokernewkey.pem -H'X-Bonfire-Asserted-Id: crohr'
HTTP/1.1 404 Not Found
Content-Type: text/html;charset=utf-8
Date: Wed, 23 Mar 2011 07:47:10 GMT
Server: WEBrick/1.3.1 (Ruby/1.8.7/2010-12-23)
Content-Length: 62

[ImagePoolInfo] User couldn't be authenticated, aborting call.

Would it be possible to return 403 instead of 404?

Associated revisions

Revision a046dc2c
Added by Tino Vázquez about 10 years ago

Bug #541: If there is no auth data, a 401 is returned.

Revision 7e74a089
Added by Abel Coronado over 3 years ago

B #5484: Custom vars in CONTEXT shouldn't let objects be created (#541)

Revision e499d6e8
Added by Abel Coronado over 3 years ago

B #5484: Custom vars in CONTEXT shouldn't let objects be created (#541)

(cherry picked from commit 7e74a08989ed7e842beb84cabb96eb7eace02799)

History

#1 Updated by Ruben S. Montero over 10 years ago

  • Assignee changed from Daniel Molina to Tino Vázquez

#2 Updated by Tino Vázquez about 10 years ago

  • Status changed from New to Closed
  • Resolution set to fixed
  • Addon deleted (Ldap Authentication)

If the auth info is not present, or not valid, a 401 is returned.

Also available in: Atom PDF