Closed Eloiii closed 1 year ago
When we try to change the state of a resource like this :
curl --location 'http://localhost:8001/resources/1/state' \ --header 'X-REMOTE-IDENT: docker' \ --header 'Content-Type: application/json' \ --data '{ "state": "Alive" }'
we get (for every type of state ["Absent", "Alive", "Suspected"]):
["Absent", "Alive", "Suspected"]
{ "status": "Bad user", "api_timestamp": 1679919725.0524163, "api_timezone": "UTC" }
Although docker/docker is a valid authentication :
curl --location 'localhost:8001/authentication?basic_user=docker&basic_password=docker'
returns
{ "basic authentication": "valid", "api_timestamp": 1679919784.3839092, "api_timezone": "UTC" }
We get the same result when we replace "docker" by "user1" in the "X-REMOTE-IDENT" header field.
Is there any other user able to do this action ?
When we try to change the state of a resource like this :
we get (for every type of state
["Absent", "Alive", "Suspected"]):Although docker/docker is a valid authentication :
returns
We get the same result when we replace "docker" by "user1" in the "X-REMOTE-IDENT" header field.
Is there any other user able to do this action ?