• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

API basic auth not working

Scheduled Pinned Locked Moved Unsolved
FOG Problems
2
3
507
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fishfox
    last edited by Tom Elliott May 24, 2018, 2:06 AM May 24, 2018, 4:42 AM

    Auth via keys is working but not via user & password

    christian@SuperDuper$ curl -H 'Content-Type: application/json' 'http://fog.home/fog/task/active' -u api:password -vvv
    *   Trying 192.168.166.109...
    * Connected to fog.home (192.168.166.109) port 80 (#0)
    * Server auth using Basic with user 'api'
    > GET /fog/task/active HTTP/1.1
    > Host: fog.home
    > Authorization: Basic YXBpOnBhc3N3b3Jk
    > User-Agent: curl/7.47.0
    > Accept: */*
    > Content-Type: application/json
    >
    < HTTP/1.1 403 Forbidden
    < Date: Thu, 24 May 2018 04:38:01 GMT
    < Server: Apache/2.4.33 (Ubuntu)
    < X-Frame-Options: sameorigin
    < X-XSS-Protection: 1; mode=block
    < X-Content-Type-Options: nosniff
    < Strict-Transport-Security: max-age=31536000
    < Content-Security-Policy: default-src 'none';script-src 'self' 'unsafe-eval';connect-src 'self';img-src 'self' data:;style-src 'self' 'unsafe-inline';font-src 'self';
    < Access-Control-Allow-Origin: *
    < Content-Length: 0
    < Connection: close
    < Content-Type: application/json
    <
    * Closing connection 0
    

    By contrast this works fine:

    curl -H 'fog-api-token: MzkyNmQ3MWNkMjNjOTk1MzNiZDU0MzM2MTg3OTQ3MjZiZmI1NjhiNDlhMjM2NDkxMmU5ZjE0YWNkNGUyNGM4MmJhYmZjMDkzMjkyZjFiODIzY2Y0ODQ3M2ZmZjAxYjNmYmZmMDc2NzY1ZmY0ZsomemissingForSecurityreasons' -H 'fog-user-token: OTc3YjkzNDY2NzY5YjQ1OGEzOWE1MTE2Yjc2ZGVlYzI3YzE3ZmQ4MGMyMDZiNjUyYTk3YjRlMjIyYTllYjM0ZGJhYWY3Nuserinfomissingforsecurityreasons' -H 'Content-Type: application/json' -X GET 'http://fog.home/fog/task/active'
    

    Any ideas?
    Has this feature been depreciated or something?

    For background I want to use basic auth because I will be performing a mass deployment to many isolated networks. The network is providing the security and I want not to worry about API credentials in my scripts.

    Thanks!

    MOD NOTE: Edited to remove portion of API Token as this is a security hazard.

    T 1 Reply Last reply May 24, 2018, 7:15 AM Reply Quote 0
    • T
      Tom Elliott @fishfox
      last edited by May 24, 2018, 7:15 AM

      @fishfox I’d recommend using api tokens as they don’t change and if your scripts get out you don’t have a compromised user account, simple update the user token and viola you’re done.

      Basic auth should still work though I’ll admit it’s been a bit since I last tested it. Just remember if the password has special characters like $ ! \ and likely others the user and pass string would likely need to be escaped either by double quotes or \

      I’ll test with basic auth and see if the command you’re using is just not quite correct too.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      1 Reply Last reply Reply Quote 0
      • T
        Tom Elliott
        last edited by Tom Elliott May 24, 2018, 1:26 AM May 24, 2018, 7:25 AM

        It also appears you’re missing the actual FOG-API-TOKEN header.
        E.G. Try:

        curl -H 'fog-api-token: YourFOGAPITokenHere' -H 'Content-type: application/json' -u api:password 'http://fog.home/fog/task/active' -vvv
        

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • 1 / 1
        1 / 1
        • First post
          2/3
          Last post

        145

        Online

        12.0k

        Users

        17.3k

        Topics

        155.2k

        Posts
        Copyright © 2012-2024 FOG Project