Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authenticate endpoint doesnt handle wrong request method (GET) #165

Closed
mstfdkmn opened this issue Dec 15, 2023 · 2 comments
Closed

authenticate endpoint doesnt handle wrong request method (GET) #165

mstfdkmn opened this issue Dec 15, 2023 · 2 comments
Assignees
@korydraughn
Labels
bug Something isn't working consortium-member
Milestone
0.2.0

Comments

@mstfdkmn
Copy link

mstfdkmn commented Dec 15, 2023
edited
Loading

Bug Report

iRODS Version, OS and Version

4.3.1, almalinux8

What did you try to do?

Accidentally I called GET against the /authenticate endpoint.

Expected behavior

Nothing. Expected the server is running normal and the client should encounter nothing.

Observed behavior (including steps to reproduce, if applicable)

When the client called this,

[irods@dev-u0137480 go-http-client]$ curl -X GET -u rods:rods http://localhost:9000/irods-http-api/0.1.0/authenticate
curl: (52) Empty reply from server

The server crashed with:

[2023-12-15 13:50:58.641] [P:2326977] [error] [T:2327026] parse_url: curl_url_get(CURLUPART_QUERY) error: 16
Segmentation fault (core dumped)

The server is configured with the basic authentication schema. Might be related to #139?
@trel
Copy link
Member

trel commented Dec 15, 2023

Yuck. We'll definitely shore that up. Thanks.

@trel trel added the bug Something isn't working label Dec 15, 2023
@trel trel added this to the 0.2.0 milestone Dec 15, 2023
@trel
Copy link
Member

trel commented Dec 15, 2023

Yes, looks extremely related to #139. Need more bumpers.

@korydraughn korydraughn self-assigned this Dec 27, 2023
korydraughn added a commit to korydraughn/irods_client_http_api that referenced this issue Jan 10, 2024
@korydraughn
[irods#139,irods#165] Run OIDC logic only when OIDC stanza is present.
bd096c9 
This commit makes it so that the server only runs OIDC authentication
code paths when the OIDC stanza is present.

Before this commit, the server would crash when the following was true:
- The configuration file did not contain an OIDC stanza.
- A user sent a GET request to the /authenticate endpoint.

The server crashed because the GET logic of the endpoint handled a
special OIDC case.
alanking pushed a commit that referenced this issue Jan 10, 2024
@korydraughn @alanking
[#139,#165] Run OIDC logic only when OIDC stanza is present.
46cd95a 
This commit makes it so that the server only runs OIDC authentication
code paths when the OIDC stanza is present.

Before this commit, the server would crash when the following was true:
- The configuration file did not contain an OIDC stanza.
- A user sent a GET request to the /authenticate endpoint.

The server crashed because the GET logic of the endpoint handled a
special OIDC case.
korydraughn added a commit to korydraughn/irods_client_http_api that referenced this issue Jan 12, 2024
@korydraughn
[irods#139,irods#165] Return 405 when HTTP GET is used for basic auth…
1747da2 
…entication.
alanking pushed a commit that referenced this issue Jan 12, 2024
@korydraughn @alanking
[#139,#165] Return 405 when HTTP GET is used for basic authentication.
efe4043
@ll4strw ll4strw mentioned this issue Jan 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@korydraughn korydraughn

Labels
bug Something isn't working consortium-member
Projects
None yet
Milestone
0.2.0
Development

No branches or pull requests
3 participants
@trel @korydraughn @mstfdkmn