Authentication required - why?

[wernerflamme]

Expected behavior

Our idoit installation allows to use the API without login, using the API key only.

Since I want to share the idoitcli invocation scripts, it should be sufficient to use the API key in the credentials file. But it is not, idoitcli complains (see below).

I'd like to see idoitcli working without logon. Sharing scrips nearly always includes config files laying around anywhere, and since they are not even encrypted, everyone can read each other's credentials. This is especially bad when using SSO...

Actual behavior

12:38 user@host:~/.idoitcli> idoitcli show vsrvr.intranet.my.corp
One or more errors found in configuration settings:
Configuration setting "api.username" is too short. Minimum length is 1 character(s).
Configuration setting "api.password" is too short. Minimum length is 1 character(s).
Cannot proceed unless you fix your configuration

If I use "x" and "y", respectively, I get

No proper configuration for i-doit API calls: i-doit responded with an error: Authentication error [error: Either your username or password is invalid.]

Since username and password are not required, this data should not not be transmitted and thus this error should now show.

Steps to reproduce the behavior

Empty the password and username entries. Or enter non-fitting data. And use idoitcli afterwards.

Environment

Question	Answer
idoitcli version	idoitcli 0.7
PHP version	PHP 7.2.5
i-doit version	i-doit 1.11.1 PRO
i-doit API add-on version	1.9

Server logs

Excerpt taken from /var/log/apache2/error.log:

no access to the system

Excerpt taken from /var/www/html/i-doit/log/api_*.log:

no access to this system. Might be /srv/www/... on SLES instead ;)

P.S.: according to https://kb.i-doit.com/pages/viewpage.action?pageId=7831613, a user login is not required, it can be configured off.

[bheisig]

Thanks for your report. This bug will be fixed in the next version.