Closed bellingard closed 8 years ago
Thanks Fabrice. I'll wait for SONAR-6948 then.
Cheers,
SONAR-6948 is fixed, I'll try to use the new API.
Hi Fabrice,
I moved the SVG badges plugin to sonar-ws client 5.5-RC1 API. All in all it works fine, I got rid from internal HTTP based calls to SQ's web services. However I still have the problem you mentioned.
When SQ is configured to "Force user authentication" it seems that my WS cannot be reached. I get the following error :
<error>
<code>401</code>
<msg>Unauthorized</msg>
</error>
However,I see that some SQ web services can be reached when "force user authentication is set. For instance "api/system/status". What can I do to make my WS available even if the "force user authentication" option is set ?
Thanks in advance.
Michel
I think you can generate a user token in sonarqube and use it in request headers as basic authentication.
http://docs.sonarqube.org/display/SONAR/User+Token
when invoking web services: just pass the token instead of your login while doing the basic authentication.
(I'm also interested by this feature)
@pawlakm If "Force user authentication is set", then there's no way someone should be able to call your WS anonymously - that'd be a security issue. So for me, everything looks good :+1:
@bellingard ok, thanks for your feedback @PuKoren I'll have a look at it, thanks !
@PuKoren I generated a token but it doesn't seem to work when provided directly in the url.
@pawlakm yes it wont work in URL, I tried that too, you have to put it in a http header named Autorisation
with a value Basic base64("{token}:")
(this is basic auth protocol, username is the token and password is blank).
Unfortunately this is not as simple as passing a parameter in the URL (I would have loved it) and may require more dev
@PuKoren an alternative would be to have the html img
tag content populated using javascript / ajax. This way the HTTP header could be set, the svg image retrieved and badge displayed.
As it won't be possible to "fix" this behaviour directly in the plugin, I remove the milestone and change the issue type to "discussion".
You can passing the api token in the URL like this:
http(s)://apiToken>@<serverBaseURL/api/badges/gate?key=
thanks @michary that works actually pretty good! (except github actually does not allow passing a username to the image-url)
has anyone managed to get this working for Github?
Nope, had to make our own proxy :/
thanks @PuKoren I don't understand how anyone is using this plugin... Surely most companies will have the "Force user authentication" enabled
@PuKoren Apologies for reviving this old issue, but do you mind detailing your steps getting a proxy setup running?
To easily reproduce:
The logs are clear:
This is because the WS of the plugin calls the server itself w/o passing credentials.
This limitation can be fixed when https://jira.sonarsource.com/browse/SONAR-6948 is implemented.