search

oxyno-zeta / s3-proxy

S3 Reverse Proxy with GET, PUT and DELETE methods and authentication (OpenID Connect and Basic Auth)
https://oxyno-zeta.github.io/s3-proxy/
Apache License 2.0
297 stars 33 forks source link

Receiving `500 Internal Server Error` instead of `403 Forbidden` #437

Closed redat00 closed 5 months ago

redat00 commented 6 months ago

Describe the bug

Hi, me again, this time for an issue I'm having. I tried to set-up the proxy in the most simple way, using basic authentication. I tried to follow the documentation as much as I could, but I think that I might be missing something regarding of the different parts interact with each other (resources, targets etc..)

When running a cURL request with the correct username and password, everything's fine. But with a wrong username and password, I'm getting a 500 Internal Server Error ...

As I said, I'm unsure about how everything interact with each other :

I can copy/paste the stack trace if needed, but it can easily be reproduced.

To Reproduce

Start the server with the following configuration. 

# Log configuration
log:
  level: debug
  format: json
  filePath: /var/log/s3-proxy.log

# Server configuration
server:
  listenAddr: 0.0.0.0
  port: 8080

# Targets configuration
targets:
  test-bucket:
    resources:
      - path: /
        methods: GET
        basic:
          credentials:
            user: user1
            password:
              value: secret
      - path: /
        methods: PUT
        basic:
          credentials:
            user: user2
            password:
              value: secret
    mount:
      path:
        - /
      provider: authprovider
      methods:
        - GET
        - PUT
        - DELETE
    bucket:
      name: test
      region: default
      s3Endpoint: storage.example.org
      credentials:
        accessKey:
          value: random
        secretKey:
          value:  random
    actions:
      GET:
        enabled: true
      PUT:
        enabled: true

authProviders:
  basic:
    authprovider:
      realm: Auth Provider

Then run the following command :

This one will succeed

curl -XGET http://127.0.0.1:8080/ --user "user1:secret"

This one will not, but not in the expected way

curl -XGET http://127.0.0.1:8080/ --user "user1:badpassword"

Expected behavior

I expect to be receiving a 403 Forbidden

Version and platform :

redat00 commented 6 months ago

Just saw the issue #401 which seem to be the exact same "problem" So this is fine if it's how the app should react, even tho it's not ideal

(I'll see if I can do a PR to improve this, but as said in the other issue, it's not a small change)

oxyno-zeta commented 6 months ago

That's exactly the same root cause. I need more time to work on this. I know how to manage it perfectly, just lacking time for this :( . I will try to work on those soon.

oxyno-zeta commented 6 months ago

@redat00 : I've checked your configuration and I cannot reproduce the error since configuration is invalid. Can you give me the working one and logs of your error please ? As you are using basic auth, I don't think the error is the same as in #401

github-actions[bot] commented 5 months ago

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days

redat00 commented 5 months ago

This was the error yes!

The configuration was invalid, but instead of the app telling me that the application was invalid, it's starting as usual, and then just reply 500 errors. With a correctly configured app, the problem in fact disappear !