Describe the bug
When weakforced is queried by a host not in the ACL, it returns a 404 status. This should be either a 401, or else a 200 with an API failure status in the returned JSON (this was the behaviour under 2.4).
To Reproduce
Send a request to weakforced /?command=ping with the correct credentials, from a client not in the server ACL. Verify response code
Expected behavior
Ideally, a 401response with a JSON body containing a weakforced error.
Failing that, the same behaviour as in 2.4, which was a 200 response with a JSON-formatted error message
Screenshots
n/a
OS (please complete the following information):
OS: Centos
Version 7
Additional context
This was discovered because it broke our monitoring and unit tests after upgrading to 2.6.1
Standard REST behaviour would be a 401 response for ACL failure and also for authentication failure. An incorrect password does return a 401 status and JSON error in weakforced, as expected.
Describe the bug When weakforced is queried by a host not in the ACL, it returns a 404 status. This should be either a 401, or else a 200 with an API failure status in the returned JSON (this was the behaviour under 2.4).
To Reproduce Send a request to weakforced /?command=ping with the correct credentials, from a client not in the server ACL. Verify response code
curl -w " HTTP Status %{http_code}" -Ss1 -H "Authorization: Basic $AUTH" "http://$ENDPOINT:8084/?command=ping"
Expected behavior Ideally, a 401response with a JSON body containing a weakforced error. Failing that, the same behaviour as in 2.4, which was a 200 response with a JSON-formatted error message
Screenshots n/a
OS (please complete the following information):
Additional context This was discovered because it broke our monitoring and unit tests after upgrading to 2.6.1
Standard REST behaviour would be a 401 response for ACL failure and also for authentication failure. An incorrect password does return a 401 status and JSON error in weakforced, as expected.