Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access to 'GET /auth/currentCredential' route #20

Open
bhubr opened this issue Jul 11, 2017 · 5 comments · May be fixed by #28
Open

Access to 'GET /auth/currentCredential' route #20

bhubr opened this issue Jul 11, 2017 · 5 comments · May be fixed by #28

Comments

@bhubr
Copy link

bhubr commented Jul 11, 2017
edited
Loading

Hi there from Toulouse ;).

I just started playing around with the Node API wrapper. I got my consumer key and validated it online.
Then I wanted to access GET /auth/currentCredential route and got the following response:

{ error: 401, message: 'You must login first' }

Now I noticed that path check for setting the X-Ovh-Consumer header which obviously returns false for a request to any /auth/* route. I think that it is the culprit, as commenting out the check, for test purposes, seemed to work, and I got my expected response:

{ ovhSupport: false,
  status: 'validated',
  applicationId: 38683,
  credentialId: 116223292,
  rules: 
   [ { method: 'GET', path: '/domain/zone/*' },
     { method: 'POST', path: '/domain/zone/*' },
     { method: 'PUT', path: '/domain/zone/*' },
     { method: 'DELETE', path: '/domain/zone/*' } ],
  expiration: '2017-07-12T08:08:44+02:00',
  lastUse: null,
  creation: '2017-07-11T08:07:49+02:00' }

Checking out the code for the PHP, there doesn't seem to be such a condition for setting the Consumer and Signature headers. Shouldn't the check on path be more specific? Or am I getting something wrong?
@bhubr bhubr changed the title Access to /auth/currentCredential seems protected. Access to /auth/currentCredential seems impossible. Jul 11, 2017
@bhubr bhubr changed the title Access to /auth/currentCredential seems impossible. Access to 'GET /auth/currentCredential' route Jul 11, 2017
@rbeuque74
Copy link
Member

Yes it should indeed.
If we want to be more accurate, SDKs could check the JSON specifications (https://api.ovh.com/1.0/auth.json) in order to test if route havev "noAuthentification" or not, that would be the best way to determine if the API need customer_key or not ;)

@legraphista
Copy link

+1

Nox-404 pushed a commit to Nox-404/node-ovh that referenced this issue Sep 13, 2018
Fix authentication for some auth paths
2ff0280 
fixes ovh#20
Nox-404 pushed a commit to Nox-404/node-ovh that referenced this issue Sep 13, 2018
Fix authentication for some auth paths
e42d140 
fixes ovh#20
Nox-404 pushed a commit to Nox-404/node-ovh that referenced this issue Sep 13, 2018
Fix authentication for some auth paths
9432a89 
fixes ovh#20
@Nox-404 Nox-404 linked a pull request Sep 13, 2018 that will close this issue
Open
Nox-404 pushed a commit to Nox-404/node-ovh that referenced this issue Sep 13, 2018
Fix authentication for some auth paths
c09f7b4 
fixes ovh#20
@Nox-404
Copy link
Contributor

Nox-404 commented Sep 13, 2018

I made a PR for this #28

@Silbad
Copy link

Silbad commented Dec 19, 2020

Hello, same pb...

@sinux-l5d
Copy link

This i still an issue, #28 don't seems to be merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix auth paths Nox-404/node-ovh
6 participants
@rbeuque74 @legraphista @Nox-404 @bhubr @sinux-l5d @Silbad