API basic auth not working
-
Auth via keys is working but not via user & password
christian@SuperDuper$ curl -H 'Content-Type: application/json' 'http://fog.home/fog/task/active' -u api:password -vvv * Trying 192.168.166.109... * Connected to fog.home (192.168.166.109) port 80 (#0) * Server auth using Basic with user 'api' > GET /fog/task/active HTTP/1.1 > Host: fog.home > Authorization: Basic YXBpOnBhc3N3b3Jk > User-Agent: curl/7.47.0 > Accept: */* > Content-Type: application/json > < HTTP/1.1 403 Forbidden < Date: Thu, 24 May 2018 04:38:01 GMT < Server: Apache/2.4.33 (Ubuntu) < X-Frame-Options: sameorigin < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Strict-Transport-Security: max-age=31536000 < Content-Security-Policy: default-src 'none';script-src 'self' 'unsafe-eval';connect-src 'self';img-src 'self' data:;style-src 'self' 'unsafe-inline';font-src 'self'; < Access-Control-Allow-Origin: * < Content-Length: 0 < Connection: close < Content-Type: application/json < * Closing connection 0By contrast this works fine:
curl -H 'fog-api-token: MzkyNmQ3MWNkMjNjOTk1MzNiZDU0MzM2MTg3OTQ3MjZiZmI1NjhiNDlhMjM2NDkxMmU5ZjE0YWNkNGUyNGM4MmJhYmZjMDkzMjkyZjFiODIzY2Y0ODQ3M2ZmZjAxYjNmYmZmMDc2NzY1ZmY0ZsomemissingForSecurityreasons' -H 'fog-user-token: OTc3YjkzNDY2NzY5YjQ1OGEzOWE1MTE2Yjc2ZGVlYzI3YzE3ZmQ4MGMyMDZiNjUyYTk3YjRlMjIyYTllYjM0ZGJhYWY3Nuserinfomissingforsecurityreasons' -H 'Content-Type: application/json' -X GET 'http://fog.home/fog/task/active'Any ideas?
Has this feature been depreciated or something?For background I want to use basic auth because I will be performing a mass deployment to many isolated networks. The network is providing the security and I want not to worry about API credentials in my scripts.
Thanks!
MOD NOTE: Edited to remove portion of API Token as this is a security hazard.
-
@fishfox I’d recommend using api tokens as they don’t change and if your scripts get out you don’t have a compromised user account, simple update the user token and viola you’re done.
Basic auth should still work though I’ll admit it’s been a bit since I last tested it. Just remember if the password has special characters like
$ ! \and likely others the user and pass string would likely need to be escaped either by double quotes or \I’ll test with basic auth and see if the command you’re using is just not quite correct too.
-
It also appears you’re missing the actual FOG-API-TOKEN header.
E.G. Try:curl -H 'fog-api-token: YourFOGAPITokenHere' -H 'Content-type: application/json' -u api:password 'http://fog.home/fog/task/active' -vvv