neilcook
commented
2 years ago Yes thanks for reporting this Steve, I will fix this in 2.6.2
Closed sshipway closed 2 years ago
neilcook
commented
2 years ago Yes thanks for reporting this Steve, I will fix this in 2.6.2
neilcook
commented
2 years ago The behaviour will be the same as for authentication failure, i.e. 401 plus JSON error.
Describe the bug When weakforced is queried by a host not in the ACL, it returns a 404 status. This should be either a 401, or else a 200 with an API failure status in the returned JSON (this was the behaviour under 2.4).
To Reproduce Send a request to weakforced /?command=ping with the correct credentials, from a client not in the server ACL. Verify response code
curl -w " HTTP Status %{http_code}" -Ss1 -H "Authorization: Basic $AUTH" "http://$ENDPOINT:8084/?command=ping"Expected behavior Ideally, a 401response with a JSON body containing a weakforced error. Failing that, the same behaviour as in 2.4, which was a 200 response with a JSON-formatted error message
Screenshots n/a
OS (please complete the following information):
Additional context This was discovered because it broke our monitoring and unit tests after upgrading to 2.6.1
Standard REST behaviour would be a 401 response for ACL failure and also for authentication failure. An incorrect password does return a 401 status and JSON error in weakforced, as expected.