Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.1.4, 2.8.2
-
None
Description
Returning 200 when using an incorrect username and/or password is just not right:
$ curl -v -u incorrect:credentials "https://extranet.atlassian.com/crucible/rest-service/reviews-v1" * Server auth using Basic with user 'incorrect' > GET /crucible/rest-service/reviews-v1 HTTP/1.1 > Authorization: Basic aW5jb3JyZWN0OmNyZWRlbnRpYWxz > User-Agent: curl/7.19.7 (i386-apple-darwin9.8.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3 > Host: extranet.atlassian.com > Accept: */* > < HTTP/1.1 200 OK < Date: Sun, 31 Jan 2010 23:55:11 GMT < Server: Jetty(6.1.16) < Content-Type: application/xml < Last-Modified: Sun, 31 Jan 2010 23:54:54 GMT < ETag: "1264982094949-28036" < Vary: Accept-Encoding < Transfer-Encoding: chunked < <?xml version='1.0' encoding='UTF-8'?><reviews />
This was also raised in the forums: http://forums.atlassian.com/thread.jspa?messageID=257330712
Note that this issue is related to CRUC-1452