search

biocodellc / biocode-fims

Biocode Field Information Management System
4 stars 2 forks source link

Can't get details on a private expedition, even when logged in #106

Closed tigerhawkvok closed 7 years ago

tigerhawkvok commented 7 years ago

Sample response from my server when trying to ping http://www.biscicol.org/biocode-fims/rest/projects/26/expeditions/eabb46e0c229425da905681f2202304b :

{
  "original_mint_response": false,
  "detail_response": "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /biocode-fims/rest/projects/26/expeditions/eabb46e0c229425da905681f2202304b\non this server.</p>\n<hr>\n<address>Apache/2.2.15 (CentOS) Server at www.biscicol.org Port 80</address>\n</body></html>\n",
  "detail_response_decoded": null,
  "target": "http://www.biscicol.org/biocode-fims/rest/projects/26/expeditions/eabb46e0c229425da905681f2202304b",
  "response_header": "HTTP/1.1 403 Forbidden\r\nDate: Fri, 31 Mar 2017 00:55:31 GMT\r\nContent-Length: 358\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n",
  "response_header_login": {
    "0": "HTTP/1.1 200 OK",
    "1": "Date: Fri, 31 Mar 2017 00:55:31 GMT",
    "2": "Server: Jetty(9.2.6.v20141205)",
    "3": "X-FRAME-OPTIONS: DENY",
    "4": "Expires: Thu, 01 Jan 1970 00:00:00 GMT",
    "5": "Content-Type: application/json",
    "6": "Content-Length: 35",
    "7": "Set-Cookie: JSESSIONID=1fawkwr8xjssao6mr99jm17o9;Path=/;HttpOnly",
    "8": "Access-Control-Allow-Origin: *",
    "9": "Connection: close"
  },
  "response_login": {
    "url": "http://www.biscicol.org/"
  },
  "cookies_sent_with_lookup": "JSESSIONID=1fawkwr8xjssao6mr99jm17o9;"
}

A quick snippet of the CURL request:

                $target = "http://www.biscicol.org/biocode-fims/rest/projects/".$fimsMintData["projectId"]."/expeditions/".$projectLink;
                $headers = array(
                    "Accept: application/json",
                );
                $ch = curl_init($target);
                curl_setopt($ch, CURLOPT_HTTPGET, 1);
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt($ch, CURLOPT_SAFE_UPLOAD, false); // required as of PHP 5.6.0
                curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
                curl_setopt($ch, CURLOPT_COOKIE, $cookiesString); # Created earlier on login; contents are cookies_set_with_lookup above
                curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
                curl_setopt($ch, CURLOPT_HEADER, 1);
                $rawResponse2 = curl_exec($ch);
                $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
                $http_response_header = substr($rawResponse2, 0, $header_size);
                $body = substr($rawResponse2, $header_size);
                curl_close($ch);

This means we can't fetch an ARK identifier after it's been generated. (This is an issue here because the response changed such that the ark key is now an object, rather than a string, so several projects need to have their arks updated).

rodney757 commented 7 years ago

It looks like the request was denied because it was missing the Content-Length header. I disabled the rule, if you can try again and let me know if it works for you.

Out of curiosity, do you know when you last made a request to that endpoint? I don't think we changed the mod_security rules recently.

On Thu, Mar 30, 2017 at 6:03 PM, Philip Kahn notifications@github.com wrote:

Sample response from my server when trying to ping http://www.biscicol.org/biocode-fims/rest/projects/26/expeditions/ eabb46e0c229425da905681f2202304b :

{ "original_mint_response": false, "detail_response": "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n\n403 Forbidden\n\n

Forbidden

\n

You don't have permission to access /biocode-fims/rest/projects/26/expeditions/eabb46e0c229425da905681f2202304b\non this server.

\n
\n
Apache/2.2.15 (CentOS) Server at www.biscicol.org Port 80
\n\n", "detail_response_decoded": null, "target": "http://www.biscicol.org/biocode-fims/rest/projects/26/expeditions/eabb46e0c229425da905681f2202304b", "response_header": "HTTP/1.1 403 Forbidden\r\nDate: Fri, 31 Mar 2017 00:55:31 GMT\r\nContent-Length: 358\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n", "response_header_login": { "0": "HTTP/1.1 200 OK", "1": "Date: Fri, 31 Mar 2017 00:55:31 GMT", "2": "Server: Jetty(9.2.6.v20141205)", "3": "X-FRAME-OPTIONS: DENY", "4": "Expires: Thu, 01 Jan 1970 00:00:00 GMT", "5": "Content-Type: application/json", "6": "Content-Length: 35", "7": "Set-Cookie: JSESSIONID=1fawkwr8xjssao6mr99jm17o9;Path=/;HttpOnly", "8": "Access-Control-Allow-Origin: *", "9": "Connection: close" }, "response_login": { "url": "http://www.biscicol.org/" }, "cookies_sent_with_lookup": "JSESSIONID=1fawkwr8xjssao6mr99jm17o9;" }

A quick snippet of the CURL request:

            $target = "http://www.biscicol.org/biocode-fims/rest/projects/".$fimsMintData["projectId"]."/expeditions/".$projectLink;                $headers = array(                    "Accept: application/json",                );                $ch = curl_init($target);                curl_setopt($ch, CURLOPT_HTTPGET, 1);                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);                curl_setopt($ch, CURLOPT_SAFE_UPLOAD, false); // required as of PHP 5.6.0                curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);                curl_setopt($ch, CURLOPT_COOKIE, $cookiesString); # Created earlier on login; contents are cookies_set_with_lookup above                curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);                curl_setopt($ch, CURLOPT_HEADER, 1);                $rawResponse2 = curl_exec($ch);                $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);                $http_response_header = substr($rawResponse2, 0, $header_size);                $body = substr($rawResponse2, $header_size);                curl_close($ch);

This means we can't fetch an ARK identifier after it's been generated. (This is an issue here because the response changed such that the ark key is now an object, rather than a string, so several projects need to have their arks updated).

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/biocodellc/biocode-fims/issues/106, or mute the thread https://github.com/notifications/unsubscribe-auth/ADwox1rhL--YJQy_rzIep-ERJwTJeu8Nks5rrFD6gaJpZM4MvGkn .

tigerhawkvok commented 7 years ago

I'll try again in an hour or so, but the instant-check still failed. FYI, Content-Length isn't listed as a required header/arg on http://www.biscicol.org/apidocs/?url=http://www.biscicol.org/apidocs/current/service.json#!/Expeditions/getExpedition .

This particular endpoint I hadn't hit before; this is just getting added in now to deal with the case of bad expeditions when the identifier endpoint is modified for some reason (eg, right now in our database the last few projects all have Array as the ark -- see https://github.com/AmphibiaWeb/amphibian-disease-tracker/issues/227#issuecomment-290571238).

Thus, I'm adding a function wherein if we try to re-mint an expedition and fail (because it was "bad" but actually already made -- FIMS gives HTTP/400 here) to instead return the already existing one from FIMS.

For my narrow use case, having a re-mint instead return the existing values instead of HTTP/400 would make this a non-issue for me, but if this is a real issue then this should still be resolved.

jdeck88 commented 7 years ago

The swagger docs just express the requirements for entry into the application itself. Unfortunately, mod security applies another layer of protection that is not documented explicitly in the swagger docs. However the best way to negotiate mod security is to make sure requests are fully formed with all of the usual headers in the request.

John

On Thu, Mar 30, 2017 at 6:47 PM, Philip Kahn notifications@github.com wrote:

I'll try again in an hour or so, but the instant-check still failed. FYI, Content-Length isn't listed as a required header/arg on http://www.biscicol.org/apidocs/?url=http://www. biscicol.org/apidocs/current/service.json#!/Expeditions/getExpedition .

This particular endpoint I hadn't hit before; this is just getting added in now to deal with the case of bad expeditions when the identifier endpoint is modified for some reason (eg, right now in our database the last few projects all have Array as the ark -- see AmphibiaWeb/amphibian-disease-tracker#227 (comment) https://github.com/AmphibiaWeb/amphibian-disease-tracker/issues/227#issuecomment-290571238 ).

Thus, I'm adding a function wherein if we try to re-mint an expedition and fail (because it was "bad" but actually already made -- FIMS gives HTTP/400 here) to instead return the already existing one from FIMS.

For my narrow use case, having a re-mint instead return the existing values instead of HTTP/400 would make this a non-issue for me, but if this is a real issue then this should still be resolved.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/biocodellc/biocode-fims/issues/106#issuecomment-290593125, or mute the thread https://github.com/notifications/unsubscribe-auth/ABGdxcK_VY3SLP91DcfUT5KjBzira4Ngks5rrFsygaJpZM4MvGkn .

-- John Deck (541) 914-4739

tigerhawkvok commented 7 years ago

Well, some progress -- but it's still not respecting the cookies from login

{
  "original_mint_response": false,
  "detail_response": "{\"developerMessage\":\"\",\"usrMessage\":\"You are not a member of this private project\",\"time\":\"2017-03-31 15:16:03.325\",\"httpStatusCode\":403}",
  "detail_decoded": {
    "developerMessage": "",
    "usrMessage": "You are not a member of this private project",
    "time": "2017-03-31 15:16:03.325",
    "httpStatusCode": 403
  },
  "target": "http://www.biscicol.org/biocode-fims/rest/projects/26/expeditions/eabb46e0c229425da905681f2202304b",
  "response_header": "HTTP/1.1 403 Forbidden\r\nDate: Fri, 31 Mar 2017 19:16:03 GMT\r\nServer: Jetty(9.2.6.v20141205)\r\nX-FRAME-OPTIONS: DENY\r\nContent-Type: application/json\r\nContent-Length: 137\r\nAccess-Control-Allow-Origin: *\r\nConnection: close\r\n\r\n",
  "response_header_login": {
    "0": "HTTP/1.1 200 OK",
    "1": "Date: Fri, 31 Mar 2017 19:16:02 GMT",
    "2": "Server: Jetty(9.2.6.v20141205)",
    "3": "X-FRAME-OPTIONS: DENY",
    "4": "Expires: Thu, 01 Jan 1970 00:00:00 GMT",
    "5": "Content-Type: application/json",
    "6": "Content-Length: 35",
    "7": "Set-Cookie: JSESSIONID=1w022rp8cce9yatev8javge7a;Path=/;HttpOnly",
    "8": "Access-Control-Allow-Origin: *",
    "9": "Connection: close"
  },
  "response_login": {
    "url": "http://www.biscicol.org/"
  },
  "cookies_sent_with_lookup": "JSESSIONID=1w022rp8cce9yatev8javge7a;"
}
rodney757 commented 7 years ago

Using curl from the cmd line, I'm able to successfully login and then access the expeditions service

tigerhawkvok commented 7 years ago

Fails on the command line here, too:

fims-expedition-fail

rodney757 commented 7 years ago

okay, this is fixed now. there was a bug with public projects returning the error you were recieving

jdeck88 commented 7 years ago

@tigerhawkvok does this take care of issue?