On Tuesday 25 August 2015, 15:38:18 wrote Carsten Höger:
Hi,
is it possible to secure the api by enforcing a password?
Using the appliance:
$ wget -Sv --no-check-certificate https://172.16.210.154/person/Admin -O -
This route is also requireing a password today. Are you sure you do not have a .netrc? Can you try with curl?
--2015-08-25 15:33:14-- https://172.16.210.154/person/Admin Connecting to 172.16.210.154:443... connected. WARNING: cannot verify 172.16.210.154's certificate, issued by 'emailAddress=test@email.address,OU=Organizational Unit Name,O=Organization Name,L=Test Locality,ST=Test State or Province,C=CC': Self-signed certificate encountered. WARNING: certificate common name '' doesn't match requested host name '172.16.210.154'. HTTP request sent, awaiting response... HTTP/1.1 200 OK Date: Tue, 25 Aug 2015 15:33:14 GMT Server: Apache cache-control: max-age=0, private, must-revalidate vary: Accept-Encoding x-xss-protection: 1; mode=block x-opensuse-runtimes: {"view":0.29869500000000004,"db":0.825372,"backend":0,"xml":0} x-request-id: 4fee742f-a49a-4ad8-870d-e562089dabc0 x-opensuse-apiversion: 2.6.3 x-frame-options: SAMEORIGIN x-runtime: 0.007125 x-content-type-options: nosniff Connection: close X-Powered-By: Phusion Passenger 5.0.7 etag: "1fac7a8b0b5a51791daf3179c386d6ac" Status: 200 OK Cache-Control: public Transfer-Encoding: chunked Content-Type: text/xml; charset=utf-8 Length: unspecified [text/xml] Saving to: 'STDOUT'
- [<=> ] 0 --.-KB/s <person> <login>Admin</login> <email>root@localhost</email> <realname>OBS Instance Superuser</realname> <state>confirmed</state> <globalrole>Admin</globalrole> </person> - [ <=> ] 180 --.-KB/s in 0s
2015-08-25 15:33:14 (10.7 MB/s) - written to stdout [180]
the old 2.4 installation would deny that request:
$ wget -Sv --no-check-certificate https://buildapi.open-xchange.com/person/Admin -O - --2015-08-25 15:36:13-- https://buildapi.open-xchange.com/person/Admin Resolving buildapi.open-xchange.com... 10.20.30.240 Connecting to buildapi.open-xchange.com|10.20.30.240|:443... connected. HTTP request sent, awaiting response... HTTP/1.1 401 Authorization Required Date: Tue, 25 Aug 2015 13:36:13 GMT Server: Apache/2.2.12 (Linux/SUSE) X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.18 X-Opensuse-APIVersion: 2.4.0 WWW-Authenticate: basic realm="API login" X-Opensuse-Errorcode: unknown X-Opensuse-Runtimes: {"view":0.6410629999999999,"db":0,"backend":0,"xml":0} Cache-Control: no-cache X-Request-Id: a5850abe01e7e3564713da42c831cb07 X-Runtime: 0.002770 X-Rack-Cache: miss Status: 401 Content-Length: 123 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: application/xml; charset=utf-8
Username/Password Authentication Failed.
-- mit freundlichen Gruessen/with best regards,
Carsten Hoeger Open-Xchange GmbH
-------------------------------------------------------------------------------- Open-Xchange AG, Rollnerstr. 14, 90408 Nürnberg, Amtsgericht Nürnberg HRB 24738 Vorstand: Rafael Laguna de la Vera, Carsten Dirks Aufsichtsratsvorsitzender: Richard Seibt
European Office: Open-Xchange GmbH, Martinstr. 41, D-57462 Olpe, Germany Amtsgericht Siegen, HRB 8718, Geschäftsführer: Frank Hoberg, Martin Kauss
US Office: Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA --------------------------------------------------------------------------------
-- Adrian Schroeter email: adrian@suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org