HTTP Basic Auth doesn't work in v2.1.0-M2

[r-brown]

Hello,

I'm trying to configure Swagger to use default demo account with HTTP Basic Auth.

Below is my index.html configuration:

...
            function addAuthorization() {
                var username = $('#input_username').val();
                var password = $('#input_password').val();
                if (username && username.trim() != "" && password && password.trim() != "") {
                    var basicAuth = new SwaggerClient.PasswordAuthorization('basic', username, password);
                    window.swaggerUi.api.clientAuthorizations.add("basicAuth", basicAuth);
                }
            }
...

source: https://github.com/Labs64/NetLicensing-API/blob/gh-pages/index.html

... and JSON definition:

...
                "security": [
                    {
                        "basicAuth": []
                    }
                ]
...
    "securityDefinitions": {
        "basicAuth": {
            "type": "basic",
            "description": "HTTP Basic Authentication. Works over `HTTP` and `HTTPS`"
        }
    },
...

source: https://github.com/Labs64/NetLicensing-API/blob/gh-pages/v2.0/netlicensing.json

With this configuration basicAuth header is not set and I'm always getting browser prompt dialog for credentials entry. Could you help me with this issue?

Live version can be found here: http://io.labs64.com/NetLicensing-API/

[fehguy]

We just pushed a fix to the develop_2.0 that should help address this. This affects the index.html as well as the library--can you please look at the updates and test the updates?

[r-brown]

I've just updated codebase with 'develop_2.0' and got following error (see screenshot)

window.swaggerUi.api is null

[ponelat]

The line that's throwing you an error has a typo... You need to change from .api to .apis in the above screenshot.

[webron]

@ponelat - but that's in our sources ;) https://github.com/swagger-api/swagger-ui/blob/develop_2.0/dist/index.html#L63

[ponelat]

Apologies, @r-brown I've tested against your spec, it works now :D

[r-brown]

No issues guys - I should be able recognize this on my own :-/ I'll try again the same with the _develop2.0 and report here.

[webron]

keep in mind it's not merged into develop_2.0 yet. and still, if it's a bug, it needs to be handled, so thanks for the report.

[r-brown]

Sure; the change #1240 is trivial and I'll merge this locally before test. Thx!

[r-brown]

I've just updated swagger-ui version at http://io.labs64.com/NetLicensing-API/ to _develop2.0 and tried both .api and .apis (see console output below)

> window.swaggerUi.api
> 3.module.exports {authorizationScheme: null, authorizations: null, basePath: "/core/v2/rest", debug: false, info: Object…}
> window.swaggerUi.apis
> undefined

.api at least contains some definitions but still doesn't work - basicAuth header is not set yet.

[ponelat]

Again I must apologize, my previous comment is erroneous! I blindly made the change, everything worked - so I carried on... The real bug is the second addAuthorization() call which happens before swaggerUi has loaded.

The real fix, which is slightly older than my comment above, explains why it was working on my side.

You can return poor little window.swaggerUi.api to his original self and remove the line below.

 // pre-populate on the page using demo account
            $('#input_username').val("demo");
            $('#input_password').val("demo");
            addAuthorization(); // <--- this evil little bugger! Remove.

And if everything is absolutely hunky-dory, I will stop apologizing and fix it!

[r-brown]

I've changed the code as you suggested, but the header still doesn't contain Authorization. So I'm already getting HTTP401 on OPTIONS /core/v2/rest/licensee HTTP/1.1.

[ponelat]

Hmmm, so you've checked in Chrome(or other browser) and you don't see the request header.. "Authorization:Basic ZGVtbzpkZW1v" Which happens to be demo:demo

If not, I'm going to take a closer look at your code (if you don't mind) I'd like to put some debug info in.. I'll be around soon. Thanks for bearing with us.

[r-brown]

I've checked this with the following browsers:

• IE11
• Chrome 42.0.x
• Safari 8.0.5 (auth prompt window appears)

Sure, feel free to dig into the code; I can also grant access to the repo https://github.com/Labs64/NetLicensing-API if necessary.

[fehguy]

OK looks like a chicken & egg problem. You need to return a 200 for the OPTIONS request when calling your server. That is required for seeing IF it can even send the authorizations header. Once that's done, it should work.

[ponelat]

@r-brown did you get a chance to see if you can get a successful(200) response from OPTIONS? Looking to close the issue, but want to make sure all the bugs are fixed :)

[r-brown]

Hi @ponelat,

I've just changed Apache HTTPD configuration for CORS preflight requests and... it works http://io.labs64.com/NetLicensing-API/

Used swagger-ui version: _'develop2.0' (branch)

Thank you for your support!