Project

General

Profile

Actions

Defect #14429

closed

Basic API Authentication does not work with http://user:pass@URL

Added by Genadi Saltikov over 11 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Wont fix
Affected version:

Description

When posting an Issue using the API, for example to this URL:
http://USERNAME:Pass@URL.com/issues.xml

it fails on line: authenticate_with_http_basic do |username, password| of the file app/controllers/application_controller.rb
However, when I test with a Authorization header added, with user encoded as explained in: http://en.wikipedia.org/wiki/Basic_access_authentication#Client_side
EG: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

It works.

I believe this is a bug, and for the moment I do now know how to fix this in Ruby (not my language).
However I am trying to use the fulmo plugin, and would rather not be forced to customize it to send auth data using Headers, as I'd have to create a whole new plugin.

Actions #1

Updated by Go MAEDA over 3 years ago

  • Status changed from New to Closed
  • Priority changed from High to Normal
  • Resolution set to Wont fix

I think that the processing of the username and password embedded in a URL should be done by your application, not by Redmine.

And according to RFC 3986, embedding a password in a URL is deprecated.

Actions

Also available in: Atom PDF