openlp-core team mailing list archive
-
openlp-core team
-
Mailing list archive
-
Message #28750
Re: [Bug 1548014] Re: Remotes API calls using authentication return strange response body
Tested on trunk
http://localhost:4316/api/songs/live?data={%22request%22:%20{%22id%22:%20%225%22}}
with authentication sets to live. This is the same as your string just a
different song!
Switch on security
Repost in the browser triggers basic auth and when uid and password i
entered it get
HTTP/1.0 200 OK Server: BaseHTTP/0.6 Python/3.4.3 Date: Mon, 22 Feb 2016
17:52:56 GMT Content-type: text/html Cache-Control: no-cache, no-store,
must-revalidate Pragma: no-cache Expires: 0
in the browser but the song goes live as well.
When I look at the trace on the console It see:
127.0.0.1 - - [22/Feb/2016 17:50:37] "GET
/api/songs/live?data={%22request%22:%20{%22id%22:%20%223%22}} HTTP/1.1" 200
-
127.0.0.1 - - [22/Feb/2016 17:52:15] "GET
/api/songs/live?data={%22request%22:%20{%22id%22:%20%225%22}} HTTP/1.1" 200
-
127.0.0.1 - - [22/Feb/2016 17:52:39] "GET
/api/songs/live?data={%22request%22:%20{%22id%22:%20%225%22}} HTTP/1.1" 401
-
127.0.0.1 - - [22/Feb/2016 17:52:56] "GET
/api/songs/live?data={%22request%22:%20{%22id%22:%20%225%22}} HTTP/1.1" 200
-
127.0.0.1 - - [22/Feb/2016 17:52:56] "GET
/api/songs/live?data={%22request%22:%20{%22id%22:%20%225%22}} HTTP/1.1" 200
-
The 401 is the request to trigger basic auth.
This is the correct behaviour.
How is your code working? In the Android I add the user id and password to
all calls and then forget about security unless I get a 404 error.
for example
http://bazaar.launchpad.net/~openlp-core/openlp/android2/view/head:/app/src/main/java/org/openlp/android2/common/OpenLPDialog.java
line 59.
On 22 February 2016 at 16:44, Daniel Borges <1548014@xxxxxxxxxxxxxxxxxx>
wrote:
> Yes, the box is checked and the two fields (user id and password) are
> filled.
>
> Try reproduce this:
> 1. Run OpenLP with Remotes enabled;
> 2. Call the method: http://localhost:4316/api/songs/live?data={"request":
> {"id": "3"}} for example
> 3. Note that the program show the song 3 in live and the response body is
> empty;
> 4. Configure OpenLP to require an authentication user and password;
> 5. Call http://localhost:4316/api/songs/live?data={"request": {"id":
> "3"}} again;
> 6. Note that the header content's response is in body response, but it was
> to be empty.
>
> I'm not a Python programmer, but analyzing the code, I noted that the
> function do_htttp_success() is being called two times (here
> http://bazaar.launchpad.net/~openlp-core/openlp/trunk/view/head:/openlp/plugins/remotes/lib/httprouter.py#L193
> and here
> http://bazaar.launchpad.net/~openlp-core/openlp/trunk/view/head:/openlp/plugins/remotes/lib/httprouter.py#L679
> ).
> I'm supposing that this is the problem.
>
> --
> You received this bug notification because you are a member of OpenLP
> Core, which is subscribed to OpenLP.
> https://bugs.launchpad.net/bugs/1548014
>
> Title:
> Remotes API calls using authentication return strange response body
>
> Status in OpenLP:
> New
>
> Bug description:
> Any calls to API using HTTP authentication returns a strange response
> body. Its looks like that the HTTP header returns as body.
>
> Example of BODY RESPONSE using authentication:
>
> HTTP/1.0 200 OK
> Server: BaseHTTP/0.6 Python/3.4.3
> Date: Sun, 21 Feb 2016 06:31:43 GMT
> Content-type: text/html
> Cache-Control: no-cache, no-store, must-revalidate
> Pragma: no-cache
> Expires: 0
>
> Without authentication none body is returned, as expected.
>
> OpenLP 2.2.1
> Mac OS 10.11.3
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/openlp/+bug/1548014/+subscriptions
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openlp-core
> Post to : openlp-core@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openlp-core
> More help : https://help.launchpad.net/ListHelp
>
--
Tim and Alison Bentley
Home@xxxxxxxxxxxxxxx
--
You received this bug notification because you are a member of OpenLP
Core, which is subscribed to OpenLP.
https://bugs.launchpad.net/bugs/1548014
Title:
Remotes API calls using authentication return strange response body
Status in OpenLP:
New
Bug description:
Any calls to API using HTTP authentication returns a strange response
body. Its looks like that the HTTP header returns as body.
Example of BODY RESPONSE using authentication:
HTTP/1.0 200 OK
Server: BaseHTTP/0.6 Python/3.4.3
Date: Sun, 21 Feb 2016 06:31:43 GMT
Content-type: text/html
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Without authentication none body is returned, as expected.
OpenLP 2.2.1
Mac OS 10.11.3
To manage notifications about this bug go to:
https://bugs.launchpad.net/openlp/+bug/1548014/+subscriptions
References
