Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-10830

Web API authentication by passcode does not work when forced authentication is enabled

    Details

    • Edition:
    • Production Notes:
      None

      Description

      When Force user authentication is enabled authentication by passcode does not work..

      Steps to reproduce:

      1. Activate Force user authentication
      2.  $ curl -v -H "X-Sonar-Passcode: burro" http://localhost:6730/api/system/health
        * STATE: INIT => CONNECT handle 0x600057910; line 1422 (connection #-5000)
        * Added connection 0. The cache now contains 1 members
        * STATE: CONNECT => WAITRESOLVE handle 0x600057910; line 1458 (connection #0)
        *   Trying ::1...
        * TCP_NODELAY set
        * STATE: WAITRESOLVE => WAITCONNECT handle 0x600057910; line 1539 (connection #0)
        * Connected to localhost (::1) port 6730 (#0)
        * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057910; line 1591 (connection #0)
        * Marked for [keep alive]: HTTP default
        * STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057910; line 1605 (connection #0)
        * STATE: PROTOCONNECT => DO handle 0x600057910; line 1626 (connection #0)
        > GET /api/system/health HTTP/1.1
        > Host: localhost:6730
        > User-Agent: curl/7.55.1
        > Accept: */*
        > X-Sonar-Passcode: burro
        >
        * STATE: DO => DO_DONE handle 0x600057910; line 1688 (connection #0)
        * STATE: DO_DONE => WAITPERFORM handle 0x600057910; line 1813 (connection #0)
        * STATE: WAITPERFORM => PERFORM handle 0x600057910; line 1823 (connection #0)
        * HTTP 1.1 or later with persistent connection, pipelining supported
        < HTTP/1.1 401
        < X-Frame-Options: SAMEORIGIN
        < X-XSS-Protection: 1; mode=block
        < X-Content-Type-Options: nosniff
        < Content-Length: 0
        < Date: Wed, 30 May 2018 12:17:51 GMT
        <
        * STATE: PERFORM => DONE handle 0x600057910; line 1992 (connection #0)
        * multi_done
        * Connection #0 to host localhost left intact
        * Expire cleared
        

      Discussed and confirmed with Simon Brandhof and Christophe Levis

        Attachments

          Activity

            People

            • Assignee:
              eric.hartmann Eric Hartmann
              Reporter:
              michal.budzowski Michal Budzowski
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: