I can't send json.htm by HTTP

[Stolowka]

I can send something like
https://192.168.1.2/json.htm?type=command&param=udevice&idx=164&nvalue=0&svalue=12
and of course, in header I have
Authorization: Basic xxx
Bu when I try send it by HTTP
http://192.168.1.2:8080/json.htm?type=command&param=udevice&idx=164&nvalue=0&svalue=12
I always get 401 - unauthorized

ps. have enabled also "Allow Basic-Auth authentication over plain HTTP (API only)."

[kiddigital]

You still have to sent a Basic authorization header even over http.

Or (more unsafe) add the IP address of the client to the 'Trusted network' list.

BTW. Best to ask these questions on the forum.

[szczukot]

Yes. I didn't remove header with basic auth.
I only change HTTPS->HTTP (and port)

ps This is not question I think.
ps 2. I'm pretty sure, that this worked, because i see many logs from this source. And after reset domoticz (maybe with upgrade, I'm not sure) this GET stop working.
ps 3. And I also try trusted network - without success. This is exactly this same portion of code.

[szczukot]

I check it also by Postman

[kiddigital]

You can start Domoticz with some additional debug parameters that will show exactly what is going on.

See the forum for details.

BTW. Remove the trusted network list as it might be interfering.

Make sure the Users are setup correctly.

[szczukot]

OMG. I did not make it, because after few restarts, now this is working by HTP even without "allow basic auth by hhtp" and without trusted network.

[kiddigital]

Run with the debug flags and see what is really going on.

You might have an active session cookie somewhere, using a proxy, etc.

[szczukot]

Today I add logging:
-loglevel debug -debuglevel auth

and after restart I have the first situation again (allow basic auth checked and get 401):

2024-04-29 08:00:02.172 Debug: [web:443] CheckAuthToken(b019c9abf2380f138761356c2c579a7f_MjlmMDY1MGUtZTA1Yi00YzczLWIyMDctNWU0OGQ1YTU4NjRk_admin) : user authenticated
2024-04-29 08:00:02.172 Debug: [web:443] isPage 1 isAction 0 isUpgrade 0 needsAuthentication 1 isAuthenticated 1 (admin)
2024-04-29 08:00:04.822 Debug: [Basic] Found a Basic Auth Header (json)
2024-04-29 08:00:04.822 Debug: [Auth Check] Basic Authorization rejected as it is not done over HTTPS or not explicitly allowed over HTTP!
2024-04-29 08:00:04.822 Debug: [web:8080] isPage 1 isAction 0 isUpgrade 0 needsAuthentication 1 isAuthenticated 0 ()
2024-04-29 08:00:05.407 Debug: [web:443] isPage 0 isAction 0 isUpgrade 1 needsAuthentication 1 isAuthenticated 0 ()

I also checked Database, and AllowPlainBasicAuth = 1

And after another restart now is working

2024-04-29 08:12:48.647 Debug: [Basic] Found a Basic Auth Header (json)
2024-04-29 08:12:48.647 Debug: [Auth Check] Found Basic Authorization for API call: Method BASIC, Userdata json, rights 1
2024-04-29 08:12:48.647 Debug: [web:8080] isPage 1 isAction 0 isUpgrade 0 needsAuthentication 1 isAuthenticated 1 (json)

[szczukot]

I'm not sure, but when server starting we have

	if (m_sql.GetPreferencesVar("AllowPlainBasicAuth", nValue))
	{
		m_webservers.SetAllowPlainBasicAuth(static_cast<bool>(nValue));
	}

and it used servercollection

but when I change in settigns "Allow HTTP", is calling
m_pWebEm->SetAllowPlainBasicAuth(AllowPlainBasicAuth);
and this method doesn't set m_AllowPlainBasicAuth properly

[kiddigital]

Please check if you are changing the settings over HTTP or HTTPS when testing without restarting.

[szczukot]

When I change settings without restaring nothing changes in API authorization behavior (but this option changed in database).
But after restart I have exactly the same behavior as it is enabled in the settings before restart.
I tested it few times.

[kiddigital]

If you think you found a bug, please report how to consistently reproduce the problem so we can reproduce it as well and try to fix the problem.

[szczukot]

1. Disable "Allow Basic-Auth authentication over plain HTTP (API only)". Apply settings
2. Restart Ddomoticz
3. Send any json.htm with basic auth by HTTP
4. We will get an 401 error of course
5. Enable "Allow Basic-Auth authentication over plain HTTP (API only)". Apply settings
6. Send any json.htm with basic auth by HTTP
   7) We still get an 401 error
7. Restart domoticz
8. Send any json.htm with basic auth by HTTP
9. Now is works

In my opinion, this line do nothing:

domoticz/main/WebServerCmds.cpp

Line 2583 in 0043123

m_pWebEm->SetAllowPlainBasicAuth(AllowPlainBasicAuth);

[kiddigital]

Are you doing step 5 through the UI over HTTP or HTTPS?

[szczukot]

I'm not sure ;)

[kiddigital]

Try changing the setting over HTTP when performing these steps.

[szczukot]

For HTTP works ok.
That problem is only for HTTPS.
m_AllowPlainBasicAuth need to be set for both servers - not only for HTTP.