Bug 806293 - [REST API] Invalid response message when querying domains with invalid credentials
Summary: [REST API] Invalid response message when querying domains with invalid creden...
Keywords:
Status: CLOSED DUPLICATE of bug 806298
Alias: None
Product: OKD
Classification: Red Hat
Component: Pod
Version: 2.x
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Xavier Coulon
QA Contact: libra bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-23 11:40 UTC by Xavier Coulon
Modified: 2015-05-15 01:49 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-29 13:03:41 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Xavier Coulon 2012-03-23 11:40:40 UTC
When trying to query domains with invalid credentials, the server responds with a 200/OK and an empty list of domains. 
The expected response would be a 403/FORBIDDEN
On the client side, there is no way to distinguish between an account with no domain and bad credentials, so this is pretty serious.

Comment 1 Lili Nader 2012-03-24 02:20:26 UTC
Is this on a devenv?  On the devenv we do not check credentials.  If this is happening on staging or production then this is an issue.

Comment 2 Xavier Coulon 2012-03-26 08:01:00 UTC
Yes, all the requests where executed on stg and production.

Comment 3 Xiaoli Tian 2012-03-29 13:03:41 UTC
It seems it's duplicate of bug 806298, if not , feel free to re-open it.

*** This bug has been marked as a duplicate of bug 806298 ***


Note You need to log in before you can comment on or make changes to this bug.