Defect #14429
closedBasic API Authentication does not work with http://user:pass@URL
0%
Description
When posting an Issue using the API, for example to this URL:
http://USERNAME:Pass@URL.com/issues.xml
it fails on line: authenticate_with_http_basic do |username, password| of the file app/controllers/application_controller.rb
However, when I test with a Authorization header added, with user encoded as explained in: http://en.wikipedia.org/wiki/Basic_access_authentication#Client_side
EG: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
It works.
I believe this is a bug, and for the moment I do now know how to fix this in Ruby (not my language).
However I am trying to use the fulmo plugin, and would rather not be forced to customize it to send auth data using Headers, as I'd have to create a whole new plugin.
Updated by Go MAEDA over 3 years ago
- Status changed from New to Closed
- Priority changed from High to Normal
- Resolution set to Wont fix
I think that the processing of the username and password embedded in a URL should be done by your application, not by Redmine.
And according to RFC 3986, embedding a password in a URL is deprecated.