Project

General

Profile

Bug #12957

On debian 9.4, ncf views.py can not access http://localhost/rudder (but can https://..)

Added by François ARMAND 5 months ago. Updated 5 months ago.

Status:
Released
Priority:
N/A
Category:
Technique editor - API
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
76

Description

An user reported that he wasn't able to access the technique editor on rudder with an authentication error.

Further investigation shows that:

- access trough https works:

% curl -k -H "X-API-Token: $(cat /var/rudder/run/api-token)"  -X GET 'https://localhost/rudder/api/authentication?acl=read'

{"action":"authentication","result":"success","data":"F4909276532903MRXTL"}

But without the s leads to an error:

% curl -k -H "X-API-Token: $(cat /var/rudder/run/api-token)"  -X GET 'http://localhost/rudder/api/authentication?acl=read'

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
  2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The
  requested URL /rudder/api/authentication was not found on this server.</p> <hr>
  <address>Apache/2.4.25 (Debian) Server at localhost Port 80</address> </body></html>

And that changing the URLs in /usr/share/ncf/api/ncf_api_flask_app/views.py (~lines 49 & 51) let the user accesses to the technique editor in rudder.

It works with previous version of debian (like 9.1), so something must have change in the apache version used in debian 9.4.


Related issues

Related to ncf - Architecture #11772: Remove all dsc / metadata logic from ncf Released

Associated revisions

Revision 458d0a72 (diff)
Added by François ARMAND 5 months ago

Fixes #12957: On debian 9.4, ncf views.py can not access http://localhost/rudder (but can https://..)

History

#1 Updated by François ARMAND 5 months ago

  • Project changed from Rudder to ncf

#2 Updated by François ARMAND 5 months ago

  • Category set to Technique editor - API
  • Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings
  • Priority changed from 0 to 76

#3 Updated by François ARMAND 5 months ago

  • Target version changed from 4.1.14 to 4.2.8

In fact, it was introduced in 323762ae where we switched from https to http without reason.

#4 Updated by François ARMAND 5 months ago

#5 Updated by François ARMAND 5 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/ncf/pull/792

#6 Updated by François ARMAND 5 months ago

  • Status changed from Pending technical review to Pending release

#7 Updated by François ARMAND 5 months ago

  • Target version changed from 4.2.8 to 4.2.7

#8 Updated by Vincent MEMBRÉ 5 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.2.7 and 4.3.3 which were released today.

Also available in: Atom PDF