search

tooxie / shiva-server

A RESTful API to your music collection
http://shiva.readthedocs.org/en/latest/intro.html
MIT License
556 stars 51 forks source link

Cannot connect, error 401 #176

Open fredele opened 8 years ago

fredele commented 8 years ago

In the config file, the doc. says that I must put a SECRET KEY. I've done that, but know how can the shiva-client know this Key to connect to the server ? When I run http://localhost:9002/ the sever says Unautorized.And when I try http://localhost:9002/users I got a message dialog: I have tried to create an accout with the provided utility, and I can't still log in with the user/password I provided ?

The doc. says that when ALLOW_ANONYMOUS_ACCESS is set to true, all this protection is by-passed, but when i try I have a 404 error, not a 401 anymore ...

Isn't all that stuff just over-complicated ? Can't all that stuff be disabled as default ?

tooxie commented 8 years ago

Hey @fredele!

Just to clarify the different return codes, when ALLOW_ANONYMOUS_ACCESS is False (the default) every single URL you try will return 401. That's a security measure, so you can't try out random URLs and figure out which ones exists and which ones don't.

Now, the 404 that you are getting under /users/ is unexpected. I will investigate it.

Once you introduce authentication it all becomes less pretty, it's kind of unavoidable :confused:. But I think you are right, it should be disabled by default. How else would you simplify the whole process?

Thanks for the bug report!