Bug 23146: (QA follow-up) Make sure we use the absolute path
When making a request using any tool (like cUrl or Postman) you get a 'Basic authentication disabled' error (if it is actually disabled) or an 'invalid password' error if it is disabled. This is because the comparisson of the path we do passes on oauth.t but fails on external tools. This is probably related to our stack including Apache URL mappings and then in the plack.psgi file. The safest way is to just ask Mojo::URL the absolute path to be sure. To test: - Having the rest of the patches applied and plack restarted, run: [1] $ curl -X POST -H 'Authorization: Basic ZGQ2NjlmNGUtZmI1NS00Y2YzLWE4ZmYtYmFiYzJiNDIwNWY1OmM0ZDJmYmYzLWYwOWMtNGJkZi1iNWE4LTgxMDJmNjcwYTI1Mw' -i 'http://kohadev.myDNSname.org:8081/api/v1/oauth/token' --data grant_type=client_credentials => FAIL: It fails saying Basic auth is disabled - Run: $ kshell k$ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass - Apply this patch - Replicate your curl/postman test => SUCCESS: It now works as expected - Run: k$ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests still pass! - Sign off :-D [1] You need to generate a client_id and client_secret, and encode them using: encode_base64url( "$client_id:$client_secret" ); Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This commit is contained in:
parent
23065fe0d8
commit
d52f58682c
GPG key ID:
422B469130441A0F
1 changed files with 1 additions and 1 deletions
|
|
@ -71,7 +71,7 @@ sub under {
|
|||
"Configuration prevents the usage of this endpoint by unprivileged users");
|
||||
}
|
||||
|
||||
if ( $c->req->url->to_string eq '/api/v1/oauth/token' ) {
|
||||
if ( $c->req->url->to_abs->path eq '/api/v1/oauth/token' ) {
|
||||
# Requesting a token shouldn't go through the API authenticaction chain
|
||||
$status = 1;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue