| << Back to previous view |
|
[QB-1181] No http 401 error when using RESTful API without authentication
|
|
| Status: | Resolved |
| Project: | QuickBuild |
| Component/s: | None |
| Affects Version/s: | 3.1.65 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major |
| Reporter: | Lee Ji Sup | Assigned To: | Robin Shen |
| Resolution: | Incomplete | Votes: | 0 |
| Remaining Estimate: | Unknown | Time Spent: | Unknown |
| Original Estimate: | Unknown | ||
| Description |
|
It seems no http 401 error happens when using RESTful API without authentication.
curl http://XXX/latest_builds?parent_configuration_id=1&recursive=true ( no -u option) => 401 Error happens before 3.1.64 => Empty XML returns after 3.1.64, including new QB 4. Most libraries (including httplib2) authenticate just after when 401 error happens. This bug makes applications using RESTful APIs get empty data even if they pass ID and password to library. |
| Comments |
| Comment by Robin Shen [ 26/Dec/11 01:24 PM ] |
|
The url ought to be :
http://XXX/rest/latest_builds?parent_configuration_id=1&recursive=true I tested with QB4 and 401 will be returned in case of unauthorized access. Please re-open this issue if you still observe this behavior. |
| Comment by Lee Ji Sup [ 06/Jan/12 07:17 AM ] |
|
####### 4.0.14 => Empty XML returns
$ curl http://QB4/rest/version 4.0.14 $ curl http://QB4/rest/configurations?parent_id=1 <?xml version="1.0" encoding="UTF-8"?> <list/> ####### 3.1.53 => 401 Error returns (This is preferred action) $ curl http://QB3/rest/version $ curl http://QB3/rest/configurations?parent_id=1 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/> <title>Error 401 UNAUTHORIZED</title> </head> <body><h2>HTTP ERROR 401</h2> <p>Problem accessing /rest/configurations. Reason: <pre> UNAUTHORIZED</pre></p><hr /><i><small>Powered by Jetty://</small></i><br/> <br/> ... |
| Comment by Robin Shen [ 06/Jan/12 09:23 AM ] |
| In QB4, the configurations result API has been modified to return accessible list of configurations. if some configurations under the tree is not accessible, they will be filtered off. This behaves just like the dashboard (where the tree is filtered off based on user permissions). If no configurations are authorized, an empty list will be simply returned. This is changed due to feedback of some other users. |