pycontribs / python-crowd

A python client to the Atlassian Crowd REST API. ❗️seeking-new-maintainer
https://github.com/pycontribs/python-crowd
BSD 2-Clause "Simplified" License
45 stars 41 forks source link

the validate_session functionreturn 400 error code #33

Closed yrcourage closed 8 years ago

yrcourage commented 8 years ago

I get a crowd.token_key from cookies. Then I use the validate_session(token) to validate the session,the crowd server return a 400 error code. My crowd server version is 2.8.3.

aelse commented 8 years ago

I've just tested against 2.8.4 using examples/simple_token_auth.py, which gets a session token from Crowd and then calls validate_session. This works.

Assuming the token you got from cookies is valid, make sure that your app can authenticate itself to Crowd (you did create an Application in Crowd, right?). eg.

# 'testapp' and 'testpass' will be whatever values you used to set up your application in Crowd
cs = crowd.CrowdServer('http://localhost:8095/crowd', 'testapp', 'testpass')
cs.auth_ping()  # should return True
yrcourage commented 8 years ago

Actually, every function works well but the validate_session. When I publish my application under the same domain with crowd, the 400 error happens. But if I publish my application under a different ip address, the validate_session function works well.

aelse commented 8 years ago

When you set up a generic application in Crowd you specify the remote IP addresses. If the IP you come from doesn't match then Crowd should reject the request (at least that's how I understand it - https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Address+or+Hostname).

I'm not certain what you mean when you say "under the same domain" but that it works on other IP addresses. Check that every IP your request might be coming from is in the list of remotes (including 127.0.0.1 if you're talking to localhost). If everything worked from a particular host except validate_session that would be very strange.

Please try running the simple_token_auth.py script (modifying it with your app settings). That should work and if it does not then I think it is due to the settings you have in Crowd for your application or there's something different happening when you run it on one domain from another.