Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication Error when using Hive API (Patch) #951

Closed
RtKelleher opened this issue Apr 9, 2019 · 7 comments

Comments

Projects
None yet
3 participants
@RtKelleher
Copy link

commented Apr 9, 2019

Authentication error while attempting to PATCH a case via Hive API

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu
TheHive version / git hash Latest
Package Type DEB

Problem Description

Receiving a 401 non-auth when attempting to update the case via API. API key works for POST but not PATCH

Steps to Reproduce

  1. curl -XGET -H 'Authorization: Bearer correct key' hxxp://redacted:9000/api/case/AWmmIanujG3xWCFBpAsG

  2. curl -v -XPATCH -H 'Authorization: Bearer: correct key' -H "Content-type: application/json" -d '{"resolutionStatus": "Other","summary": "auto - closed by user request(Hive API)"}' 'hxxp://redacted.com:9000/api/case/AWmmIanujG3xWCFBpAsG'

  3. curl -v --request PATCH -H 'Authorization: Bearer: correct key' -H "Content-type: application/json" -d '{"resolutionStatus": "Other","summary": "auto - closed by user request(Hive API)"}' 'hxxp://redacted>:9000/api/case/AWmmIanujG3xWCFBpAsG'

Possible Solutions

Unknown

Complementary information

  • User is Read, Write, API
  • 1 works where 2/3 don't
  • (/edit)PATCH works if you utilize basic authorization, including log the bottom.

Application Log
`2019-04-09 13:44:09,478 [ERROR] from org.elastic4play.controllers.Authenticated in application-akka.actor.default-dispatcher-17 - Authentication failure:
session: AuthenticationError User session not found
pki: AuthenticationError Certificate authentication is not configured
key: AuthenticationError Only bearer authentication is supported
init: AuthenticationError Use of initial user is forbidden because users exist in database'

'2019-04-09 13:44:09,479 [INFO] from org.elastic4play.ErrorHandler in application-akka.actor.default-dispatcher-17 - PATCH /api/case/:AWmmIanujG3xWCFBpAsG returned 401
org.elastic4play.AuthenticationError: Authentication failure
at org.elastic4play.controllers.Authenticated.$anonfun$getContext$4(Authenticated.scala:261)
at scala.concurrent.Future.$anonfun$flatMap$1(Future.scala:303)
at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:37)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:44)
at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)`

Curl output -Verbose

Trying Remote Ip...
TCP_NODELAY set
Connected to redacted.com (Remote IP) port 9000 (#0)
PATCH /api/case/AWmmIanujG3xWCFBpAsG HTTP/1.1
Host: redacted.com:9000
User-Agent: curl/7.54.0
Accept: /
Authorization: Bearer: correct key
Content-type: application/json
Content-Length: 82
upload completely sent off: 82 out of 82 bytes
< HTTP/1.1 401 Unauthorized
< Date: Tue, 09 Apr 2019 17:53:52 GMT
< Content-Type: application/json
< Content-Length: 65
Connection #0 to host redacted.com left intact

Relevant Application.conf
/etc/thehive# cat application.conf
search {
index = the_hive
cluster = hive
host = ["127.0.0.1:9300"]
}
auth {
provider = [local, ad]
ad {
domainFQDN = "MYDOMAIN.local"
serverNames = [ADSERVER1, ADSERVER2]
domainName = "MYDOMAIN"
useSSL = true
}
}
{
warning = 5m
inactivity = 1h
}
play.http.parser.maxMemoryBuffer= 1M
play.http.parser.maxDiskBuffer = 1G
play.modules.enabled += connectors.cortex.CortexConnector
cortex {
"CORTEX-SERVER-ID" {
url = "http://127.0.0.1:9001"
key = "somekey"
}
}
play.http.secret.key="somekey"

Works with Basic Auth
curl -v --request PATCH -u user:pw -H "Content-type: application/json" -d '{"resolutionStatus": "Other","summary": "auto - closed by user request(Hive API)"}' http://server9000/api/case/AWmmIanujG3xWCFBpAsG

Trying server...
TCP_NODELAY set
Connected to server (server) port 9000 (#0)
Server auth using Basic with user 'user'
PATCH /api/case/AWmmIanujG3xWCFBpAsG HTTP/1.1
Host: server:9000
Authorization: Basic redacted
User-Agent: curl/7.54.0
Accept: /
Content-type: application/json
Content-Length: 82
upload completely sent off: 82 out of 82 bytes
< HTTP/1.1 200 OK
< Set-Cookie: THE_HIVE_SESSION=session cookie; SameSite=Lax; Path=/; HTTPOnly
< Date: Tue, 09 Apr 2019 19:39:30 GMT
< Content-Type: application/json
< Content-Length: 695
< Connection #0 to host server left intact
< {"flag":false,"customFields":{"serviceNowTicketNumber":
< {"string":null,"order":1}},"description":"","title":"=ETC......"}

@crackytsi

This comment has been minimized.

Copy link

commented Apr 9, 2019

In 2 and 3 there is a ":" before the caseid. Thats wrong.
Seems to be your problem...

@RtKelleher

This comment has been minimized.

Copy link
Author

commented Apr 9, 2019

In 2 and 3 there is a ":" before the caseid. Thats wrong.
Seems to be your problem...

The above : was a typo from an earlier attempt. I get the same error without :. Updated the original question to prevent further confusion.

curl -v --request PATCH -H 'Authorization: Bearer: ' -H "Content-type: application/json" -d '{"resolutionStatus": "Other","summary": "auto - closed by user request(Hive API)"}' 'http://.com:9000/api/case/AWmmIanujG3xWCFBpAsG'

TCP_NODELAY set
Connected to .com () port 9000 (#0)
PATCH /api/case/AWmmIanujG3xWCFBpAsG HTTP/1.1
Host: .com:9000
User-Agent: curl/7.54.0
Accept: /
Authorization: Bearer:
Content-type: application/json
Content-Length: 82
upload completely sent off: 82 out of 82 bytes
< HTTP/1.1 401 Unauthorized
< Date: Tue, 09 Apr 2019 18:19:30 GMT
< Content-Type: application/json
< Content-Length: 65

Same with -XPATCH

@crackytsi

This comment has been minimized.

Copy link

commented Apr 10, 2019

I guess you correctly added the API key (because it is missing and not marked as repalced here)...?

Did you try authentication using Basic-auth with user/Password?
curl -XPATCH -u user:password ....

@RtKelleher

This comment has been minimized.

Copy link
Author

commented Apr 10, 2019

I guess you correctly added the API key (because it is missing and not marked as repalced here)...?

Did you try authentication using Basic-auth with user/Password?
curl -XPATCH -u user:password ....

Yes to both of your questions, I also tried other APIs/making a new API key as part of the above steps.

@nadouani

This comment has been minimized.

Copy link
Contributor

commented May 10, 2019

PATCH and POST use the same authentication check. I don't get why it could work for POST and not for PATCH

@nadouani

This comment has been minimized.

Copy link
Contributor

commented May 10, 2019

Are you using

-H "Authorization: Bearer XXXX"

or

-H "Authorization: Bearer:XXXX"
@RtKelleher

This comment has been minimized.

Copy link
Author

commented May 31, 2019

Are you using

-H "Authorization: Bearer:XXXX"

without the extra : it worked, thank you for your assistance

@RtKelleher RtKelleher closed this May 31, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.