Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API docs wrong auth header #494

Closed
Flo2410 opened this issue Jan 25, 2024 · 2 comments
Closed

API docs wrong auth header #494

Flo2410 opened this issue Jan 25, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@Flo2410
Copy link

Flo2410 commented Jan 25, 2024

Describe the bug
In the API docs it states that the auth header is Authentication, but in reality it is Authorization.

Note: Domain and API token are redacted.

To Reproduce

The request

curl -X 'GET' 'https://partdb.example.com/api/info' -H 'accept: application/ld+json' -H 'Authentication: Bearer some_api_token'

gets the response:

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='http://partdb.example.com/en/login'" />

        <title>Redirecting to http://partdb.example.com/en/login</title>
    </head>
    <body>
        Redirecting to <a href="https://partdb.example.com/en/login">http://partdb.example.com/en/login</a>.
    </body>
</html>

Expected behavior

The correct way is:

curl -X 'GET' 'https://partdb.example.com/api/info' -H 'accept: application/ld+json' -H 'Authorization: Bearer some_api_token'

This returns the expected JSON response.

Also, shouldn't the API respond with an 401 Unauthorized error instead of redirecting to the login page?

Server Side

  • Part-DB Version: 1.10.4
  • PHP Version: 8.1.27 (SAPI: fpm-fcgi)
  • Database Server: 10.4.12-MariaDB

Desktop (please complete the following information):

  • OS: Debian 6.5.13-1 (2023-11-29) x86_64 GNU/Linux
  • Kernel: Linux 6.5.0-5-amd64
  • Shell: zsh 5.9 (x86_64-debian-linux-gnu)
  • curl: 8.5.0 (x86_64-pc-linux-gnu)
@Flo2410 Flo2410 added the bug Something isn't working label Jan 25, 2024
jbtronics added a commit that referenced this issue Jan 25, 2024
@jbtronics
Fixed wrong header in API authentication docs
e4634ec 
This fix issue #494
@jbtronics
Copy link
Member

Thanks for the notice. I corrected the header name in documentation

jbtronics added a commit that referenced this issue Jan 25, 2024
@jbtronics
Return a 401 message with an JSON encoded body, if no authentication …
f0519ae 
…header is passed for an API request.

Also for browser requests, a flash message is shown in that case, prompting the user to authenticate.

This follows a suggestion from issue #494
@jbtronics
Copy link
Member

jbtronics commented Jan 25, 2024
edited

With the latest version from the master branch, a 401 response with an JSON encoded error message, should be returned, when the authorization header is missing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbtronics @Flo2410