806293 – [REST API] Invalid response message when querying domains with invalid credentials

Bug 806293 - [REST API] Invalid response message when querying domains with invalid credentials

Summary: [REST API] Invalid response message when querying domains with invalid creden...

Keywords:
Status:	CLOSED DUPLICATE of bug 806298
Alias:	None
Product:	OKD
Classification:	Red Hat
Component:	Pod
Sub Component:
Version:	2.x
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Xavier Coulon
QA Contact:	libra bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-03-23 11:40 UTC by Xavier Coulon
Modified:	2015-05-15 01:49 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-03-29 13:03:41 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Xavier Coulon 2012-03-23 11:40:40 UTC

When trying to query domains with invalid credentials, the server responds with a 200/OK and an empty list of domains. 
The expected response would be a 403/FORBIDDEN
On the client side, there is no way to distinguish between an account with no domain and bad credentials, so this is pretty serious.

Comment 1 Lili Nader 2012-03-24 02:20:26 UTC

Is this on a devenv?  On the devenv we do not check credentials.  If this is happening on staging or production then this is an issue.

Comment 2 Xavier Coulon 2012-03-26 08:01:00 UTC

Yes, all the requests where executed on stg and production.

Comment 3 Xiaoli Tian 2012-03-29 13:03:41 UTC

It seems it's duplicate of bug 806298, if not , feel free to re-open it.

*** This bug has been marked as a duplicate of bug 806298 ***

Note You need to log in before you can comment on or make changes to this bug.