Project

General

Profile

Actions

Bug #12957

closed

On debian 9.4, ncf views.py can not access http://localhost/rudder (but can https://..)

Added by François ARMAND over 4 years ago. Updated 8 months ago.

Status:
Released
Priority:
N/A
Category:
Web - Technique editor
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
0
Regression:

Description

An user reported that he wasn't able to access the technique editor on rudder with an authentication error.

Further investigation shows that:

- access trough https works:

% curl -k -H "X-API-Token: $(cat /var/rudder/run/api-token)"  -X GET 'https://localhost/rudder/api/authentication?acl=read'

{"action":"authentication","result":"success","data":"F4909276532903MRXTL"}

But without the s leads to an error:

% curl -k -H "X-API-Token: $(cat /var/rudder/run/api-token)"  -X GET 'http://localhost/rudder/api/authentication?acl=read'

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
  2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The
  requested URL /rudder/api/authentication was not found on this server.</p> <hr>
  <address>Apache/2.4.25 (Debian) Server at localhost Port 80</address> </body></html>

And that changing the URLs in /usr/share/ncf/api/ncf_api_flask_app/views.py (~lines 49 & 51) let the user accesses to the technique editor in rudder.

It works with previous version of debian (like 9.1), so something must have change in the apache version used in debian 9.4.


Related issues 1 (0 open1 closed)

Related to Rudder - Architecture #11772: Remove all dsc / metadata logic from ncf ReleasedFrançois ARMANDActions
Actions #1

Updated by François ARMAND over 4 years ago

  • Project changed from Rudder to 41
Actions #2

Updated by François ARMAND over 4 years ago

  • Category set to Technique editor - API
  • Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings
  • Priority changed from 0 to 76
Actions #3

Updated by François ARMAND over 4 years ago

  • Target version changed from 4.1.14 to 414

In fact, it was introduced in commit:323762ae where we switched from https to http without reason.

Actions #4

Updated by François ARMAND over 4 years ago

Actions #5

Updated by François ARMAND over 4 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/ncf/pull/792
Actions #6

Updated by François ARMAND over 4 years ago

  • Status changed from Pending technical review to Pending release

Applied in changeset commit:458d0a72ceb0ec763bd0365d232aeab236df0d11.

Actions #7

Updated by François ARMAND over 4 years ago

  • Target version changed from 414 to 4.2.7
Actions #8

Updated by Vincent MEMBRÉ over 4 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.2.7 and 4.3.3 which were released today.

Actions #9

Updated by Alexis Mousset 8 months ago

  • Project changed from 41 to Rudder
  • Category changed from Technique editor - API to Web - Technique editor
  • Priority changed from 76 to 0
Actions

Also available in: Atom PDF