Bug 820496 - Not authorised to create CSP Project, but can list projects
Not authorised to create CSP Project, but can list projects
Status: CLOSED NOTABUG
Product: PressGang CCMS
Classification: Community
Component: CSProcessor (Show other bugs)
1.x
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Lee Newson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-10 04:20 EDT by Joshua Wulf
Modified: 2014-10-19 19:00 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-05-10 18:45:45 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Joshua Wulf 2012-05-10 04:20:48 EDT
I can list the specs on the server (none yet):

[jwulf@nitai scratch]$ csprocessor list -H http://docs.fedorareloaded.com:8080
CSProcessor client version: 0.23.2
Loading configuration from /home/jwulf/.config/csprocessor.ini
Connecting to Skynet server: http://docs.fedorareloaded.com:8080/

INFO:  No Content Specifications were found on the Server.



But when I try to push, I get:

[jwulf@nitai scratch]$ csprocessor create -H http://docs.fedorareloaded.com:8080 fudcon 
CSProcessor client version: 0.23.2
Loading configuration from /home/jwulf/.config/csprocessor.ini
Connecting to Skynet server: http://docs.fedorareloaded.com:8080/

ERROR: Unauthorised request!

[jwulf@nitai scratch]$ csprocessor create -H http://docs.fedorareloaded.com:8080 -u jwulf fudcon 
CSProcessor client version: 0.23.2
Loading configuration from /home/jwulf/.config/csprocessor.ini
Connecting to Skynet server: http://docs.fedorareloaded.com:8080/

ERROR: Unauthorised request!



Expected result:

Either unauthorised request in both cases, or success in both cases
Comment 1 Joshua Wulf 2012-05-10 04:49:33 EDT
Desired result: Authorised!
Comment 2 Joshua Wulf 2012-05-10 05:16:17 EDT
I got it to work with this:

csprocessor create -H http://docs.fedorareloaded.com:8080/TopicIndex -u jwulf fudcon 

Perhaps more informative error messages? Both should probably fail with "No server at this URL", or similar.
Comment 3 Lee Newson 2012-05-10 18:45:45 EDT
There is no way to tell if the URL that you enter is a valid REST URL, I can only determine if it is a valid URL. So in this case it is a valid URL and that is simply a setup issue. The best I could do is add something like:

ERROR: Unauthorized Request! Please check your username and the server URL is correct.

As for being able to list specs that doesn't require authentication. Only certain commands require authentication. Create and Push are the main two.
Comment 4 Lee Newson 2012-05-10 18:58:36 EDT
To add to this you can't enforce adding the "TopicIndex" component to the URL because the server may be setup on http://docs.fedorareloaded.com/
Comment 5 Lee Newson 2012-05-10 19:17:38 EDT
Just to add a little more to this. I can check for a 403 error when getting a User however that still doesn't guarantee that it is a REST URL as the http server could be setup to throw that error for accessing that resource.

The only surefire way I can see to do this is, is to have a resource that is guaranteed to return something unique that could be compared to, however that's something that would have to be added via the REST Server.
Comment 6 Joshua Wulf 2012-05-10 21:46:04 EDT
maybe a handshake method?

Then you could reliably say:

"Could not contact server at this URL"
Comment 7 Joshua Wulf 2012-05-10 21:48:32 EDT
Because I had the wrong URL, and it was telling me: "Unauthorized request". 

So I spent a bunch of time looking through the source code and bugs etc... for security / permissions settings, rather than trying to fix the URL.
Comment 8 Lee Newson 2012-05-10 22:17:29 EDT
(In reply to comment #6)
> maybe a handshake method?
> 
> Then you could reliably say:
> 
> "Could not contact server at this URL"

As I said in my last comment this needs to be done on the REST Server not something I can do from the CSP. As such a bug should be filed against that (though given the REST interface is still early on and likely to change I've just noted it down atm for a later stage)

(In reply to comment #7)
> Because I had the wrong URL, and it was telling me: "Unauthorized request". 
> 
> So I spent a bunch of time looking through the source code and bugs etc... for
> security / permissions settings, rather than trying to fix the URL.

As I've already mentioned I'm unable to reliably test if the URL is a REST URL. So if I get back a null value I have to assume they aren't a user. As you mentioned we need a handshake method or something similiar.

Note You need to log in before you can comment on or make changes to this bug.