History | Log In     View a printable version of the current page.  
Issue Details (XML | Word | Printable)

Key: QB-1181
Type: Bug Bug
Status: Resolved Resolved
Resolution: Incomplete
Priority: Major Major
Assignee: Robin Shen
Reporter: Lee Ji Sup
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
QuickBuild

No http 401 error when using RESTful API without authentication

Created: 26/Dec/11 08:07 AM   Updated: 06/Jan/12 09:23 AM
Component/s: None
Affects Version/s: 3.1.65
Fix Version/s: None

Original Estimate: Unknown Remaining Estimate: Unknown Time Spent: Unknown


 Description  « Hide
It seems no http 401 error happens when using RESTful API without authentication.

curl http://XXX/latest_builds?parent_configuration_id=1&recursive=true ( no -u option)
=> 401 Error happens before 3.1.64
=> Empty XML returns after 3.1.64, including new QB 4.

Most libraries (including httplib2) authenticate just after when 401 error happens.
This bug makes applications using RESTful APIs get empty data even if they pass ID and password to library.

 All   Comments   Work Log   Change History      Sort Order:
Robin Shen [26/Dec/11 01:24 PM]
The url ought to be :
http://XXX/rest/latest_builds?parent_configuration_id=1&recursive=true

I tested with QB4 and 401 will be returned in case of unauthorized access. Please re-open this issue if you still observe this behavior.

Lee Ji Sup [06/Jan/12 07:17 AM]
####### 4.0.14 => Empty XML returns
$ curl http://QB4/rest/version
4.0.14
$ curl http://QB4/rest/configurations?parent_id=1
<?xml version="1.0" encoding="UTF-8"?>

<list/>

####### 3.1.53 => 401 Error returns (This is preferred action)
$ curl http://QB3/rest/version
$ curl http://QB3/rest/configurations?parent_id=1
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 401 UNAUTHORIZED</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /rest/configurations. Reason:
<pre> UNAUTHORIZED</pre></p><hr /><i><small>Powered by Jetty://&lt;/small&gt;&lt;/i&gt;&lt;br/>
<br/>
...

Robin Shen [06/Jan/12 09:23 AM]
In QB4, the configurations result API has been modified to return accessible list of configurations. if some configurations under the tree is not accessible, they will be filtered off. This behaves just like the dashboard (where the tree is filtered off based on user permissions). If no configurations are authorized, an empty list will be simply returned. This is changed due to feedback of some other users.