[ https://issues.apache.org/jira/browse/KNOX-3032?focusedWorklogId=916840&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-916840 ]
ASF GitHub Bot logged work on KNOX-3032: ---------------------------------------- Author: ASF GitHub Bot Created on: 29/Apr/24 12:24 Start Date: 29/Apr/24 12:24 Worklog Time Spent: 10m Work Description: smolnar82 opened a new pull request, #902: URL: https://github.com/apache/knox/pull/902 ## What changes were proposed in this pull request? I updated the passcode verification logic in a way such that it returns an HTTP error response with 401 error code if clients want to verify a passcode token without properly configured token state service. ## How was this patch tested? I added the missing JUnit test cases and re-run the `curl` command I used for reproducing the issue: ``` $ curl -iku Passcode:TkdVd1l6VTBPR0l0TmpVMk9DMDBNRFl4TFdFelpHTXROakk1TURnd09EYzJOVEJoOjpNREV6T0dGaFpXUXRZMkV5WVMwME4yWXhMVGhsWkRndFpUQmpNemszTlRrMlpqazE= https://localhost:8443/gateway/proxy-token/health/v1/gateway-status HTTP/1.1 401 Unauthorized Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=iso-8859-1 Content-Length: 684 <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 401 Error in token provider config: passcode use with knox.token.exp.server-managed set to false.</title> </head> <body><h2>HTTP ERROR 401 Error in token provider config: passcode use with knox.token.exp.server-managed set to false.</h2> <table> <tr><th>URI:</th><td>/gateway/proxy-token/health/v1/gateway-status</td></tr> <tr><th>STATUS:</th><td>401</td></tr> <tr><th>MESSAGE:</th><td>Error in token provider config: passcode use with knox.token.exp.server-managed set to false.</td></tr> <tr><th>SERVLET:</th><td>proxy-token-knox-gateway-servlet</td></tr> </table> </body> </html> ``` Issue Time Tracking ------------------- Worklog Id: (was: 916840) Remaining Estimate: 0h Time Spent: 10m > Passcode token verification doesn't return error when TSS is disabled > --------------------------------------------------------------------- > > Key: KNOX-3032 > URL: https://issues.apache.org/jira/browse/KNOX-3032 > Project: Apache Knox > Issue Type: Bug > Components: Server > Affects Versions: 2.0.0 > Reporter: Sandor Molnar > Assignee: Sandor Molnar > Priority: Major > Fix For: 2.1.0 > > Attachments: proxy-token.xml > > Time Spent: 10m > Remaining Estimate: 0h > > *Steps to reproduce:* > * configure a new topology (e.g. proxy-token) with {{JWTProvider}} where > {{knox.token.exp.server-managed}} is set to {{false}} (see an example in the > attachment) > * acquire a Knox Token using the Token Generation UI > * use the {{Passcode}} field in a {{curl}} request against a service > endpoint in the new topology > *Current results:* > Knox returns an HTTP response with 200 status code > {noformat} > $ curl -iku > Passcode:TkdVd1l6VTBPR0l0TmpVMk9DMDBNRFl4TFdFelpHTXROakk1TURnd09EYzJOVEJoOjpNREV6T0dGaFpXUXRZMkV5WVMwME4yWXhMVGhsWkRndFpUQmpNemszTlRrMlpqazE= > https://localhost:8443/gateway/proxy-token/health/v1/gateway-status > HTTP/1.1 200 OK > Date: Mon, 29 Apr 2024 08:33:06 GMT > Content-Length: 0 > {noformat} > *Expected results:* > An HTTP response should have been received with 401 and the proper error > message. -- This message was sent by Atlassian Jira (v8.20.10#820010)