Just a question about /login

[carekapt]

I'm using Ubuntu Server 20.04 and just installed mod_authnz_jwt from source...so far so good, I used the configuration example and recreated the same folder /var/www/html/demo/login and /var/www/html/demo/secured.

I have generated a jwt.htpasswd with a single user for testing, so far I get the Unauthorized warning on /var/www/html/demo/secured, but when I try to access /var/www/html/demo/login it shows the warning:

Method Not Allowed The requested method GET is not allowed for this URL

Am I doing something wrong? Or do I need an extra step?

Kind regards, carekaPT

[AnthonyDeroche]

Hello,

The /login URI is intended to process posted data (via POST). If you need a form to POST your login/password, you need to build it.

Kind regards

[carekapt]

Hi there.

Thanks for the quick reply.

I created a simple HTML page with a login form, sending the login credentials to /demo/login, but still I get the same error message

Method Not Allowed

The requested method GET is not allowed for this URL.

Maybe something failed during installation? I ran debian_testes.sh but I don't understand the output, it's supposed to show error on purpose?

@.***:/home/mod_authnz_jwt/tests# ./debian_tests.sh sudo cp apache_jwt.conf /etc/apache2/sites-available/ sudo cp jwt.htpasswd /var/www/jwt.htpasswd sudo mkdir -p /var/www/testjwt/ sudo touch /var/www/testjwt/index.html

sudo mkdir -p /opt/mod_jwt_tests

sudo openssl ecparam -name secp256k1 -genkey -noout -out /opt/mod_jwt_tests/ec-priv.pem sudo openssl ec -in /opt/mod_jwt_tests/ec-priv.pem -pubout -out /opt/mod_jwt_tests/ec-pub.pem read EC key writing EC key

sudo openssl genpkey -algorithm RSA -out /opt/mod_jwt_tests/rsa-priv.pem -pkeyopt rsa_keygen_bits:4096 ...........................................................++++ ............................................................................................................................................................++++ sudo openssl rsa -pubout -in /opt/mod_jwt_tests/rsa-priv.pem -out /opt/mod_jwt_tests/rsa-pub.pem writing RSA key

sudo chmod 644 /opt/mod_jwt_tests/*.pem

if ! sudo a2query -m rewrite > /dev/null; then sudo a2enmod rewrite fi if ! sudo a2query -s apache_jwt > /dev/null; then sudo a2ensite apache_jwt fi sudo service apache2 restart

if ! grep -q "testjwt.local" /etc/hosts; then echo "127.0.0.1 testjwt.local" | sudo tee --append /etc/hosts > /dev/null fi

python3 -m unittest discover . -v -f test_invalid_aud_should_fail (test_auth_by_token.TestAuthByToken) ...

FAIL: test_invalid_aud_should_fail (test_auth_by_token.TestAuthByToken) (alg='HS256', public_key=b'nullchar\x00secret', private_key=b'nullchar\x00secret')

Traceback (most recent call last): File "/home/mod_authnz_jwt/tests/test_jwt.py", line 57, in handler func(_self, alg, public_key, private_key, secured_url, login_url) File "/home/mod_authnz_jwt/tests/test_auth_by_token.py", line 70, in test_invalid_aud_should_fail self.assertEqual(code, 401) AssertionError: 502 != 401

---

Ran 1 test in 0.114s

FAILED (failures=1)

Anthony Deroche @.***> escreveu no dia sábado, 12/06/2021 à(s) 07:29:

Hello,

The /login URI is intended to process posted data (via POST). If you need a form to POST your login/password, you need to build it.

Kind regards

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/AnthonyDeroche/mod_authnz_jwt/issues/60#issuecomment-860008356, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJEBNZ7JE4RS2JL4JPVTKZLTSL5EZANCNFSM46QNLQRQ .

-- Com os melhores cumprimentos, Nuno A.C. Machado da Silva

[carekapt]

Reinstalled everything from scratch, run the debian_tests.sh and got this: test_invalid_aud_should_fail (test_auth_by_token.TestAuthByToken) ... ok test_invalid_exp_should_fail (test_auth_by_token.TestAuthByToken) ... ok test_invalid_iss_should_fail (test_auth_by_token.TestAuthByToken) ... ok test_invalid_nbf_should_fail (test_auth_by_token.TestAuthByToken) ... ok test_invalid_signature_should_fail (test_auth_by_token.TestAuthByToken) ... ok test_login_with_json_should_fail (test_auth_by_token.TestAuthByToken) ... ok test_login_with_urlencoded_should_success (test_auth_by_token.TestAuthByToken) ... ok test_malformed_token_should_fail (test_auth_by_token.TestAuthByToken) ... ok test_should_success (test_auth_by_token.TestAuthByToken) ... ok test_token_exp_missing_should_success (test_auth_by_token.TestAuthByToken) ... ok test_with_leeway_should_success (test_auth_by_token.TestAuthByToken) ... ok test_get_on_login_path_should_fail (test_login.TestLogin) ... ok test_login_should_success_with_cookie (test_login.TestLogin) ... ok test_login_should_success_with_custom_cookie_attributes (test_login.TestLogin) ... ok test_login_should_success_with_custom_cookie_name (test_login.TestLogin) ... ok test_login_should_success_with_custom_token_name (test_login.TestLogin) ... ok test_login_should_success_with_json (test_login.TestLogin) ... ok test_login_with_bad_credentials_should_fail (test_login.TestLogin) ... ok

---

Ran 18 tests in 0.391s

OK

But still, I get the same error Method Not Allowed The requested method GET is not allowed for this URL.

AnthonyDeroche, I just created a bash script for Ubuntu to install from source, create apache2 config and apache2 structure folder with a demo login page....can I send it to you to revision? It's kinda "first encounter script' to make it work on a fresh Ubuntu server ,

[kersplat]

I had the same error with my simple login page. Resolved it by specifying the method in the form tag.

<form action="/demo/login" method="post">