[ 
https://issues.apache.org/jira/browse/KNOX-3032?focusedWorklogId=916840&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-916840
 ]

ASF GitHub Bot logged work on KNOX-3032:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 29/Apr/24 12:24
            Start Date: 29/Apr/24 12:24
    Worklog Time Spent: 10m 
      Work Description: smolnar82 opened a new pull request, #902:
URL: https://github.com/apache/knox/pull/902

   ## What changes were proposed in this pull request?
   
   I updated the passcode verification logic in a way such that it returns an 
HTTP error response with 401 error code if clients want to verify a passcode 
token without properly configured token state service.
   
   
   ## How was this patch tested?
   
   I added the missing JUnit test cases and re-run the `curl` command I used 
for reproducing the issue:
   ```
   $ curl -iku 
Passcode:TkdVd1l6VTBPR0l0TmpVMk9DMDBNRFl4TFdFelpHTXROakk1TURnd09EYzJOVEJoOjpNREV6T0dGaFpXUXRZMkV5WVMwME4yWXhMVGhsWkRndFpUQmpNemszTlRrMlpqazE=
 https://localhost:8443/gateway/proxy-token/health/v1/gateway-status
   HTTP/1.1 401 Unauthorized
   Cache-Control: must-revalidate,no-cache,no-store
   Content-Type: text/html;charset=iso-8859-1
   Content-Length: 684
   
   <html>
   <head>
   <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
   <title>Error 401 Error in token provider config: passcode use with 
knox.token.exp.server-managed set to false.</title>
   </head>
   <body><h2>HTTP ERROR 401 Error in token provider config: passcode use with 
knox.token.exp.server-managed set to false.</h2>
   <table>
   <tr><th>URI:</th><td>/gateway/proxy-token/health/v1/gateway-status</td></tr>
   <tr><th>STATUS:</th><td>401</td></tr>
   <tr><th>MESSAGE:</th><td>Error in token provider config: passcode use with 
knox.token.exp.server-managed set to false.</td></tr>
   <tr><th>SERVLET:</th><td>proxy-token-knox-gateway-servlet</td></tr>
   </table>
   
   </body>
   </html>
   ```
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 916840)
    Remaining Estimate: 0h
            Time Spent: 10m

> Passcode token verification doesn't return error when TSS is disabled
> ---------------------------------------------------------------------
>
>                 Key: KNOX-3032
>                 URL: https://issues.apache.org/jira/browse/KNOX-3032
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 2.0.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 2.1.0
>
>         Attachments: proxy-token.xml
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> *Steps to reproduce:*
>  * configure a new topology (e.g. proxy-token) with {{JWTProvider}} where 
> {{knox.token.exp.server-managed}} is set to {{false}} (see an example in the 
> attachment)
>  * acquire a Knox Token using the Token Generation UI
>  * use the {{Passcode}} field in a {{curl}} request against a service 
> endpoint in the new topology
> *Current results:*
> Knox returns an HTTP response with 200 status code
> {noformat}
> $ curl -iku 
> Passcode:TkdVd1l6VTBPR0l0TmpVMk9DMDBNRFl4TFdFelpHTXROakk1TURnd09EYzJOVEJoOjpNREV6T0dGaFpXUXRZMkV5WVMwME4yWXhMVGhsWkRndFpUQmpNemszTlRrMlpqazE=
>  https://localhost:8443/gateway/proxy-token/health/v1/gateway-status
> HTTP/1.1 200 OK
> Date: Mon, 29 Apr 2024 08:33:06 GMT
> Content-Length: 0
> {noformat}
> *Expected results:*
> An HTTP response should have been received with 401 and the proper error 
> message.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to