API does not allow Basic Auth over HTTPS

Jonher937 commented 4 years ago

Current UI and client versions:

Built from develop

Steps to reproduce the issue:

Setup HTTP and HTTPS ports.
Send a API request against http://127.0.0.1:5600/api/v1/search using Basic auth, works as expected.
Send a API request against https://127.0.0.1:5601/api/v1/search using Basic auth, returns Protocol mismatch

At this point aIsSecure = true but we have Session:TYPE_BASIC_AUTH and not Session:TYPE_SECURE so we get Protocol mismatch back.

https://github.com/airdcpp-web/airdcpp-webclient/blob/develop/airdcpp-webapi/web-server/ApiRouter.cpp#L125-L129

// Require using the same protocol that was used for logging in
if ((aRequest.getSession()->getSessionType() == Session::TYPE_SECURE) != aIsSecure) {
    aRequest.setResponseErrorStr("Protocol mismatch");
    return websocketpp::http::status_code::not_acceptable;
}

maksis commented 4 years ago

Can you confirm that it's working with the latest changes?

Jonher937 commented 4 years ago

It does, thank you for the quick fix!

airdcpp-web / airdcpp-webclient

API does not allow Basic Auth over HTTPS #365

Current UI and client versions:

Steps to reproduce the issue: