Closed col-panic closed 4 years ago
indeed, can you please submit a PR to change AUTH from using a key in the URL to some other method supported by Redmine?
I will, thank you
@col-panic hey, are you planning to make this change soon?
Sorry, I completely forgot this. Found out that in my scenario having the key in the logs is not that problematic. However, I think the problem still counts for other projects.
Considering https://www.redmine.org/projects/redmine/wiki/Rest_api#Authentication IMHO a valid approach would be to remove builder.addParameter("key"
in com.taskadapter.redmineapi.internal.URIConfigurator#createUri
and instead modifying the Http*
constructors in com.taskadapter.redmineapi.internal.Transport
to e.g.
final HttpPost request = new HttpPost(uploadURI);
request.addHeader("X-Redmine-API-Key", getTheApiKey());
I currently have problems correctly setting up the project - can't run the unit tests - and due to the current situation I am severly time limited.
here is one way of doing it - https://github.com/taskadapter/redmine-java-api/pull/346
Currently the slf4j logs the apikey - this should not be the case.
[pipe-redmine sendlog 18039] 2020-01-31 14:09:37,618 DEBUG c.t.r.internal.comm.BaseCommunicator - GET https://redmine.medelexis.ch/issues/18039.json?include=watchers&key=DO_NOT_SHOW_THE_API_KEY_HERE HTTP/1.1