[
https://issues.apache.org/jira/browse/KNOX-3032?focusedWorklogId=916840&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-916840
]
ASF GitHub Bot logged work on KNOX-3032:
----------------------------------------
Author: ASF GitHub Bot
Created on: 29/Apr/24 12:24
Start Date: 29/Apr/24 12:24
Worklog Time Spent: 10m
Work Description: smolnar82 opened a new pull request, #902:
URL: https://github.com/apache/knox/pull/902
## What changes were proposed in this pull request?
I updated the passcode verification logic in a way such that it returns an
HTTP error response with 401 error code if clients want to verify a passcode
token without properly configured token state service.
## How was this patch tested?
I added the missing JUnit test cases and re-run the `curl` command I used
for reproducing the issue:
```
$ curl -iku
Passcode:TkdVd1l6VTBPR0l0TmpVMk9DMDBNRFl4TFdFelpHTXROakk1TURnd09EYzJOVEJoOjpNREV6T0dGaFpXUXRZMkV5WVMwME4yWXhMVGhsWkRndFpUQmpNemszTlRrMlpqazE=
https://localhost:8443/gateway/proxy-token/health/v1/gateway-status
HTTP/1.1 401 Unauthorized
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 684
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 401 Error in token provider config: passcode use with
knox.token.exp.server-managed set to false.</title>
</head>
<body><h2>HTTP ERROR 401 Error in token provider config: passcode use with
knox.token.exp.server-managed set to false.</h2>
<table>
<tr><th>URI:</th><td>/gateway/proxy-token/health/v1/gateway-status</td></tr>
<tr><th>STATUS:</th><td>401</td></tr>
<tr><th>MESSAGE:</th><td>Error in token provider config: passcode use with
knox.token.exp.server-managed set to false.</td></tr>
<tr><th>SERVLET:</th><td>proxy-token-knox-gateway-servlet</td></tr>
</table>
</body>
</html>
```
Issue Time Tracking
-------------------
Worklog Id: (was: 916840)
Remaining Estimate: 0h
Time Spent: 10m
> Passcode token verification doesn't return error when TSS is disabled
> ---------------------------------------------------------------------
>
> Key: KNOX-3032
> URL: https://issues.apache.org/jira/browse/KNOX-3032
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 2.0.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 2.1.0
>
> Attachments: proxy-token.xml
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> *Steps to reproduce:*
> * configure a new topology (e.g. proxy-token) with {{JWTProvider}} where
> {{knox.token.exp.server-managed}} is set to {{false}} (see an example in the
> attachment)
> * acquire a Knox Token using the Token Generation UI
> * use the {{Passcode}} field in a {{curl}} request against a service
> endpoint in the new topology
> *Current results:*
> Knox returns an HTTP response with 200 status code
> {noformat}
> $ curl -iku
> Passcode:TkdVd1l6VTBPR0l0TmpVMk9DMDBNRFl4TFdFelpHTXROakk1TURnd09EYzJOVEJoOjpNREV6T0dGaFpXUXRZMkV5WVMwME4yWXhMVGhsWkRndFpUQmpNemszTlRrMlpqazE=
> https://localhost:8443/gateway/proxy-token/health/v1/gateway-status
> HTTP/1.1 200 OK
> Date: Mon, 29 Apr 2024 08:33:06 GMT
> Content-Length: 0
> {noformat}
> *Expected results:*
> An HTTP response should have been received with 401 and the proper error
> message.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
