Just to try and make it a bit more clear Morten, I think this is the issue Rangarai is asking about is below:
In 2.29 and 2.28, an unauthorized username/password returns a 302. curl -I -u admin:distric -H 'Accept: application/json' https://play.dhis2.org/2.29/api/me HTTP/1.1 302 Server: nginx/1.4.6 (Ubuntu) Date: Sat, 21 Apr 2018 06:44:10 GMT Content-Length: 0 Connection: keep-alive X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Location: https://play.dhis2.org/2.29/dhis-web-commons/security/login.action In 2.27, this same request returns a 401. curl -I -u admin:distric -H 'Accept: application/json' https://play.dhis2.org/2.27/api/me HTTP/1.1 401 Server: nginx/1.4.6 (Ubuntu) Date: Sat, 21 Apr 2018 06:44:27 GMT Content-Type: text/html;charset=utf-8 Content-Length: 1071 Connection: keep-alive X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Set-Cookie: JSESSIONID=05596EBFC26A7C1843D298E98619C7FB; Path=/2.27; HttpOnly WWW-Authenticate: Basic realm="DHIS2" Content-Language: en On Fri, Apr 20, 2018 at 1:40 PM, Rangarirai Matavire <matavi...@gmail.com> wrote: > Hi Morten, > > The password is set wrong deliberately so as to get a 401 or other > response. The problem is when you set the wrong password or username you > get endless redirects from the API. > > Regards, > > > On Fri, Apr 20, 2018 at 1:24 PM, Morten Olav Hansen <mor...@dhis2.org> > wrote: > >> It should be district, not distric... but also people keep changing our >> internal passwords (our database resets every 24 hour) >> >> -- >> Morten Olav Hansen >> Senior Engineer, DHIS 2 >> University of Oslo >> http://www.dhis2.org >> >> On Fri, Apr 20, 2018 at 12:09 PM, Rangarirai Matavire < >> matavi...@gmail.com> wrote: >> >>> By the way, its not just the error response code that is worrying, but >>> also the loop of redirects that starts, this makes it difficult to handle >>> the response for an http client. To see this loop of redirects, you can add >>> -L to curl as below. >>> >>> curl -I -L -u admin:distric -H 'Accept: application/json' >>> https://play.dhis2.org/2.28/api/me >>> >>> I think this behaviour should be corrected as it may lead to unexpected >>> behaviour of apps. >>> >>> Regards >>> >>> On Wed, Apr 18, 2018 at 11:10 PM, Rangarirai Matavire < >>> matavi...@gmail.com> wrote: >>> >>>> Hi Devs, >>>> >>>> I am wondering whether the behaviour I am seeing is a bug or something >>>> to be expected due to some change. >>>> >>>> When I run the following curl command: >>>> >>>> curl -I -u admin:distric -H 'Accept: application/json' >>>> https://play.dhis2.org/2.29/api/me >>>> >>>> I get an HTTP 302 response. Note that I have deliberately set the >>>> password wrong so I can mock a 401 unauthorized response. I get the same >>>> response when I run the command on version 2.28. However, as expected, when >>>> I run it on 2.27, 2.26 etc I get a 401 HTTP response. >>>> >>>> I hope someone can assist. >>>> >>>> Regards, >>>> >>>> Ranga >>>> >>> >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~dhis2-devs >>> Post to : dhis2-devs@lists.launchpad.net >>> Unsubscribe : https://launchpad.net/~dhis2-devs >>> More help : https://help.launchpad.net/ListHelp >>> >>> >> > > _______________________________________________ > Mailing list: https://launchpad.net/~dhis2-devs > Post to : dhis2-devs@lists.launchpad.net > Unsubscribe : https://launchpad.net/~dhis2-devs > More help : https://help.launchpad.net/ListHelp > > -- Jason P. Pickering email: jason.p.picker...@gmail.com tel:+46764147049
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp