What's on your network?
It is currently Fri Apr 27, 2018 4:38 pm

All times are UTC + 10 hours

Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Thu Nov 24, 2016 2:42 am 

Joined: Tue Nov 22, 2016 1:50 am
Posts: 1
Hi All, when attempting to retrieve a valid auth token regardless of the credentials I always get {"valid": false, "admin": false} as a response. See detailed commands below

curl -L -v -u open-audit_enterprise -H "Content-Type: applicatil+json" -c ./cookiefile -XGET "http://localhost/open-audit/index.php/login/login_auth"
Enter host password for user 'open-audit_enterprise':
* About to connect() to localhost port 80 (#0)
* Trying connected
* Connected to localhost ( port 80 (#0)
* Server auth using Basic with user 'open-audit_enterprise'
> GET /open-audit/index.php/login/login_auth HTTP/1.1
> Authorization: Basic b3Blbi1hdWRpdF9lbnRlcnByaXNlOnMwMHBBS2lYOg==
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: localhost
> Accept: */*
> Content-Type: applicatil+json
< HTTP/1.1 200 OK
< Date: Wed, 23 Nov 2016 16:32:38 GMT
< Server: Apache/2.2.15 (CentOS)
< X-Powered-By: PHP/5.3.3
* Added cookie PHPSESSID="carogn77idh05pv2n705odnmb1" for domain localhost, path /, expire 0
< Set-Cookie: PHPSESSID=carogn77idh05pv2n705odnmb1; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Content-Length: 32
< Connection: close
< Content-Type: application/json
* Closing connection #0
{"valid": false, "admin": false}

Despite being issued a cookie, when I try to use it, it rejects any API query I may choose to issue

Open Audit version

Reply with quote  
PostPosted: Thu Nov 24, 2016 8:14 am 

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
Login code in controllers\login.php looks to URI segment 3 and 4 for username and password or POST variables username and password. So try "http://localhost/open-audit/index.php/login/login_auth/specify_username/specify_password"

It does look like the response is not correct for a properly authenticated LDAP login for a non-admin user. Seems like line 386
echo '{"valid": false, "admin": false}';
should be
echo '{"valid": true, "admin": false}';
And the response header should be 200 not 403.

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 10 hours

Who is online

Users browsing this forum: No registered users and 4 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group