Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication issue - Password with colon #682

Open
newtonion opened this issue Jan 29, 2020 · 1 comment
Open

Authentication issue - Password with colon #682

newtonion opened this issue Jan 29, 2020 · 1 comment

Comments

@newtonion
Copy link

Server version 2.6.1 with authentication extension enabled, using .net jsreport.Client 3.0.1 or Powershell

When attempting to authentication via the client if the password used for the account has a colon in it, the authentication fails. Can reproduce in .net client and also when manufacturing the web request in powershell. The below example uses the API to do a full import of a zip file.

To reproduce, point this powershell script at a jsreport server with a user configured as 'testuser' with a password of 'test:password'. Be sure to update the URL/file to import. User will be able to log in through the web UI, but cannot issue an API request. After changing the user password to 'test@password' the user can then make API requests.

$ErrorActionPreference = 'Stop'

#cred parms
$user = "testuser"
$pass = "test:password"
$pair = "${user}:${pass}"
$bytes = [System.Text.Encoding]::ASCII.GetBytes($pair)
$base64 = [System.Convert]::ToBase64String($bytes)

#request parms
$url = "<insert url here>/api/import?fullImport=true"
$file = "<insert file path here>\import.zip"
$key = "import.zip"
Try {
    Add-Type -AssemblyName 'System.Net.Http'
    $client = New-Object System.Net.Http.HttpClient
    $client.DefaultRequestHeaders.Authorization = New-Object System.Net.Http.Headers.AuthenticationHeaderValue("Basic",$base64)
    $content = New-Object System.Net.Http.MultipartFormDataContent
    $fileStream = [System.IO.File]::OpenRead($file)
    $fileName = [System.IO.Path]::GetFileName($file)
    $fileContent = New-Object System.Net.Http.StreamContent($fileStream)
    $content.Add($fileContent, $key, $fileName)

    $result = $client.PostAsync($url, $content).Result
    $result.EnsureSuccessStatusCode()
}
Catch {
    Write-Error $_
    exit 1
}
Finally {
    if ($client -ne $null) { $client.Dispose() }
    if ($content -ne $null) { $content.Dispose() }
    if ($fileStream -ne $null) { $fileStream.Dispose() }
    if ($fileContent -ne $null) { $fileContent.Dispose() }
}
@pofider
Copy link
Contributor

pofider commented Jan 29, 2020

Thank you for the issue.

It seems it is an open bug in the external lib we use for authentication.
jaredhanson/passport-http#20
jaredhanson/passport-http#69

If we find a time we will problably need to fork it and use our own version as the maintainer doesn't seem to react on PR for quite some time.

This was referenced Feb 3, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pofider @newtonion