If I do a GET on a specific domain i have while using erroneous credentials I get 404: curl -v -k -H "Accept: application/xml" --user "adietish:BADPW" https://openshift.redhat.com/broker/rest/domains/1329997507457 -X GET < HTTP/1.1 404 Not Found < Date: Fri, 23 Mar 2012 11:42:33 GMT < Server: Apache/2.2.15 (Red Hat) < X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4 < X-Runtime: 0.945164 < Cache-Control: no-cache < X-UA-Compatible: IE=Edge,chrome=1 < Status: 404 < Content-Type: application/xml; charset=utf-8 < Vary: Accept-Encoding,User-Agent < ProxyTime: D=968946 < Connection: close < Transfer-Encoding: chunked < <?xml version="1.0" encoding="UTF-8"?> <response> <type nil="true"></type> <status>not_found</status> <messages> <message> <exit-code>127</exit-code> <field nil="true"></field> <text>Domain 1329997507457 not found.</text> <severity>error</severity> </message> </messages> <data nil="true"></data> <version>1.0</version> </response> I would have expected the response code 403
The very same request (to the same existing domain) while using valid credentials, lists the expected informations.
since this is on production the authentication should be failing and routing the user to login or return a 401.
switched severity to urgent since we cannot differentiate if a user has no domain or he's simply not authorized
5764b5c849d19492c7186cf5d3bd66dfd564e955
(In reply to comment #4) > 5764b5c849d19492c7186cf5d3bd66dfd564e955 Test this on devenv_1679, configure the instance to integrated environment (which will require authentication for user), Access with invalid password will return access denied curl -k -H 'Accept: application/xml' --user 'xtian+test5:invalidpwd' https://$instancedns/broker/rest/domains/doms6 -X GET HTTP Basic: Access denied. Access with valid password but non-exist domain: curl -k -H 'Accept: application/xml' --user 'xtian+test5:validpwd' https://$instancedns/broker/rest/domains/doms7 -X GET <?xml version="1.0" encoding="UTF-8"?> <response> <type nil="true"></type> <data> <datum nil="true"></datum> </data> <messages> <message> <exit-code>127</exit-code> <severity>error</severity> <text>Domain doms7 not found.</text> <field nil="true"></field> </message> </messages> <status>not_found</status> <version>1.0</version> </response>
*** Bug 806293 has been marked as a duplicate of this bug. ***
looks perfect, thanks!