Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-3008

REST should return a 401 when using invalid basic http credentials instead of falling back to anonymous

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Medium
    • 3.2.0
    • 2.1.4, 2.8.2
    • Integrations
    • None

    Description

      Returning 200 when using an incorrect username and/or password is just not right:

      $ curl -v -u incorrect:credentials "https://extranet.atlassian.com/crucible/rest-service/reviews-v1" 
* Server auth using Basic with user 'incorrect'
> GET /crucible/rest-service/reviews-v1 HTTP/1.1
> Authorization: Basic aW5jb3JyZWN0OmNyZWRlbnRpYWxz
> User-Agent: curl/7.19.7 (i386-apple-darwin9.8.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3
> Host: extranet.atlassian.com
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Sun, 31 Jan 2010 23:55:11 GMT
< Server: Jetty(6.1.16)
< Content-Type: application/xml
< Last-Modified: Sun, 31 Jan 2010 23:54:54 GMT
< ETag: "1264982094949-28036"
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
< 
<?xml version='1.0' encoding='UTF-8'?><reviews />

      This was also raised in the forums: http://forums.atlassian.com/thread.jspa?messageID=257330712

      Note that this issue is related to CRUC-1452

      Attachments

        Issue Links

          is related to

          Suggestion - CRUC-1452 REST API should notify client if session token is invalid

          • Closed
          relates to

          Suggestion - CRUC-3843 Unify user, group, watches and notification management / storage in FECRU

          • Closed

          Activity

            People

              lpater Lukasz Pater
              evzijst Erik van Zijst (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: