Actions
Bug #12957
closed
On debian 9.4, ncf views.py can not access http://localhost/rudder (but can https://..)
Status:
Released
Priority:
N/A
Assignee:
Category:
Web - Technique editor
Target version:
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
0
Name check:
Fix check:
Regression:
Description
An user reported that he wasn't able to access the technique editor on rudder with an authentication error.
Further investigation shows that:
- access trough https works:
% curl -k -H "X-API-Token: $(cat /var/rudder/run/api-token)" -X GET 'https://localhost/rudder/api/authentication?acl=read'
{"action":"authentication","result":"success","data":"F4909276532903MRXTL"}
But without the s leads to an error:
% curl -k -H "X-API-Token: $(cat /var/rudder/run/api-token)" -X GET 'http://localhost/rudder/api/authentication?acl=read' <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /rudder/api/authentication was not found on this server.</p> <hr> <address>Apache/2.4.25 (Debian) Server at localhost Port 80</address> </body></html>
And that changing the URLs in /usr/share/ncf/api/ncf_api_flask_app/views.py (~lines 49 & 51) let the user accesses to the technique editor in rudder.
It works with previous version of debian (like 9.1), so something must have change in the apache version used in debian 9.4.
Updated by François ARMAND over 6 years ago
- Category set to Technique editor - API
- Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
- User visibility set to Operational - other Techniques | Technique editor | Rudder settings
- Priority changed from 0 to 76
Updated by François ARMAND over 6 years ago
- Target version changed from 4.1.14 to 414
In fact, it was introduced in commit:323762ae where we switched from https to http without reason.
Updated by François ARMAND over 6 years ago
- Related to Architecture #11772: Remove all dsc / metadata logic from ncf added
Updated by François ARMAND over 6 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Nicolas CHARLES
- Pull Request set to https://github.com/Normation/ncf/pull/792
Updated by François ARMAND over 6 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset commit:458d0a72ceb0ec763bd0365d232aeab236df0d11.
Updated by François ARMAND over 6 years ago
- Target version changed from 414 to 4.2.7
Updated by Vincent MEMBRÉ over 6 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 4.2.7 and 4.3.3 which were released today.
- 4.2.7: Announce Changelog
- 4.3.3: Announce Changelog
- Download: https://www.rudder-project.org/site/get-rudder/downloads/
Updated by Alexis Mousset over 2 years ago
- Project changed from 41 to Rudder
- Category changed from Technique editor - API to Web - Technique editor
- Priority changed from 76 to 0
Actions