Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The admin associated with the provided api key cannot be authenticated #1621

Closed
abdeldjalil-fellah opened this issue May 20, 2024 · 1 comment
Closed

The admin associated with the provided api key cannot be authenticated #1621

abdeldjalil-fellah opened this issue May 20, 2024 · 1 comment
Labels
support request request for free support. Check out our support policy

Comments

@abdeldjalil-fellah
Copy link

abdeldjalil-fellah commented May 20, 2024
edited
Loading

Bug description

using an api key created with empty admin and scope=1 returns: error: the admin associated with the provided api key cannot be authenticated, although it mentioned in the api doc : admin (string): admin associated with this API key. If empty and the scope is "admin scope" the key can impersonate any admin

Steps to reproduce

  • having an admin user with Allow to impersonate the user, in REST API, with an API key checked
  • create an api key using:
    curl -s -k -X POST "https://sftpgo.example.com/api/v2/apikeys" -H "Content-Type: application/json" -H "Authorization: Bearer <token>" -d '{"name": "key1", "scope": 1, "admin": ""}'
  • try to add a user using that api key:
    curl -s -k -X POST "https://sftpgo.example.com/api/v2/users" -H "Content-Type: application/json" -H "X-SFTPGO-API-KEY: <apikey>" -d '{"username": "test", "password": "****", "status": 1, "quota_size": 1000000000, "permissions": {"/": ["*"]}}'

response: error: the admin associated with the provided api key cannot be authenticated

although it mentioned in the api doc : admin (string): admin associated with this API key. If empty and the scope is "admin scope" the key can impersonate any admin

Expected behavior

the key can impersonate any admin

SFTPGo version

SFTPGo 2.6.0 19e9857

Configuration

version: "3.8"
name: sftpgo
services:
  main:
    image: drakkan/sftpgo:latest
    container_name: sftpgo
    restart: always
    depends_on:
      - db
    environment:
      - SFTPGO_DATA_PROVIDER__DRIVER=postgresql
      - SFTPGO_DATA_PROVIDER__NAME=${POSTGRES_DB}
      - SFTPGO_DATA_PROVIDER__HOST=sftpgo-db
      - SFTPGO_DATA_PROVIDER__PORT=5432
      - SFTPGO_DATA_PROVIDER__USERNAME=${POSTGRES_USER}
      - SFTPGO_DATA_PROVIDER__PASSWORD=${POSTGRES_PASSWORD}
    ports:
      - "127.0.0.1:8080:8080"
      - "2022:2022"
    volumes:
      - ./config:/var/lib/sftpgo
      - ./storage:/srv/sftpgo

  db:
    image: postgres:15
    container_name: sftpgo-db
    restart: unless-stopped
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}
    volumes:
      - ./database:/var/lib/postgresql/data
@abdeldjalil-fellah abdeldjalil-fellah added the bug Something isn't working label May 20, 2024
@drakkan drakkan added support request request for free support. Check out our support policy and removed bug Something isn't working labels May 20, 2024
@abdeldjalil-fellah
Copy link
Author

the solution is also in the doc: If no admin/user is associated to the provided key you need to add ".username" at the end of the key. For example if your API key is "6ajKLwswLccVBGpZGv596G.ySAXc8vtp9hMiwAuaLtzof" and you want to impersonate the admin with username "myadmin" you have to use "6ajKLwswLccVBGpZGv596G.ySAXc8vtp9hMiwAuaLtzof.myadmin" as API key

@abdeldjalil-fellah abdeldjalil-fellah changed the title [Bug]: the admin associated with the provided api key cannot be authenticated the admin associated with the provided api key cannot be authenticated May 20, 2024
@abdeldjalil-fellah abdeldjalil-fellah changed the title the admin associated with the provided api key cannot be authenticated The admin associated with the provided api key cannot be authenticated May 20, 2024
@drakkan drakkan closed this as not planned Won't fix, can't repro, duplicate, stale May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support request request for free support. Check out our support policy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@drakkan @abdeldjalil-fellah