Basic auth request (401) when _CONF_CHECK_ISSUE_UPDATE_CONFLICT is true

Question

Basic auth request (401) when _CONF_CHECK_ISSUE_UPDATE_CONFLICT is true

iprok opened this issue 2 years ago · 11 comments

Hello!

I just updated redmine 4.1 to 5.0 with latest version of your plugin.
Redmine version: 5.0.4.stable
redmine_issue_dynamic_edit 0.9.1 (just cloned from master)

When any issue page is opened I'm getting basic authentication request. The user is already authorized in redmine. I think it's because links like myredmine/issues/9219.json requires the user to be authorized with "basic" http-authorization. If I enter my redmine login and password in this basic auth window, it works as usual.

The request that leads to 401 (I cut away some private info):

curl 'https://redmine.k.com/issues/9193.json' \
  -H 'authority: redmine.k.com' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  -H 'accept-language: ru-RU,ru;q=0.9' \
  -H 'cookie: autologin=0418; _redmine_session=Znd45e' \
  -H 'dnt: 1' \
  -H 'sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Linux"' \
  -H 'sec-fetch-dest: document' \
  -H 'sec-fetch-mode: navigate' \
  -H 'sec-fetch-site: none' \
  -H 'sec-fetch-user: ?1' \
  -H 'upgrade-insecure-requests: 1' \
  -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36' \
  --compressed

The request that is answered with 200:

curl 'https://redmine.k.com/issues/9193.json' \
  -H 'authority: redmine.k.com' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  -H 'accept-language: ru-RU,ru;q=0.9' \
  -H 'authorization: Basic aXA==' \
  -H 'cache-control: max-age=0' \
  -H 'cookie: autologin=04378; _redmine_session=T1bf' \
  -H 'dnt: 1' \
  -H 'sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Linux"' \
  -H 'sec-fetch-dest: document' \
  -H 'sec-fetch-mode: navigate' \
  -H 'sec-fetch-site: cross-site' \
  -H 'sec-fetch-user: ?1' \
  -H 'upgrade-insecure-requests: 1' \
  -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36' \
  --compressed

Answer 1 · 2023-01-19T13:53:24.000Z

I have the same experience. When I open issue detail page, after few seconds http authentication window pops up.
It's related to this request:
https://my-hostname.com/issues/12345.json
Initiator:
https://my-hostname.com.com/plugin_assets/redmine_issue_dynamic_edit/javascripts/issue_dynamic_edit.js
It points to row number 307:

fetch(LOCATION_HREF + ".json", {
		method: 'GET',
		crossDomain: true,
	}).then(res => res.text()).then(data => {

Environment:
Redmine version 4.1.1.stable
Ruby version 2.3.3-p222 (2016-11-21) [x86_64-linux-gnu]
Rails version 5.2.4.2
Environment production
Database adapter Mysql2
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
SCM:
Git 2.30.2
Filesystem
Redmine plugins:
000_redmine_x_ux_upgrade 1.3.0
easy_mindmup 1.0
easy_wbs 1.5
redmine_agile 1.5.4
redmine_checklists 3.1.18
redmine_contacts 4.3.2
redmine_contacts_helpdesk 4.1.11
redmine_custom_css 0.1.7
redmine_default_assign 0.6
redmine_improved_searchbox 0.0.3
redmine_issue_dynamic_edit 0.9.1
redmine_issues_tree 0.0.14
redmine_people 1.6.0
redmine_questions 1.0.2
redmine_reporter 1.0.3
redmine_resources 1.0.4
redmine_wysiwyg_editor 0.27.1
redmine_zenedit 2.0.0
redmineup_tags 2.0.8

Answer 2 · 2023-02-03T13:46:18.000Z

Same problem here on Redmine 4.2.8 on Ruby 2.7.6 with other plugins additionals 3.0.5.2 and additional_tags 1.0.4.

Answer 3 · 2023-02-10T17:56:01.000Z

same problem here on Redmine 4.2.8 on Ruby 2.7.2

Answer 4 · 2023-02-13T09:23:51.000Z

Hi,
same issue here, redmine 4.2.5 with LDAP auth.

Hope it will be fixed soon :)

thx

Answer 5 · 2023-02-13T16:40:41.000Z

I have the same problem. It looks like the javascript has been changed to request /issues/51762.json instead of /issues/51762. The change triggers basic auth. The workaround in my case is that I use an older version. The git version that works for me is 750e602.

Answer 6 · 2023-02-16T22:18:04.000Z

Hope it will be fixed soon :)
@tiritchi

Code is here and PR are open
Let's go champ' !

Thank you @iprok and @pbolle for the complete and useful answer
Instead of loading the whole issue webpage which may be low if there are a lot of comments I wanted to use the Redmine REST API. It looks like auth is mandatory and give the mentioned issue.
Rolling back to 750e602 may fix the problem (rolling back the checkVersion function update)

Answer 7 · 2023-03-07T08:40:25.000Z

Hope it will be fixed soon :)
@tiritchi

Code is here and PR are open Let's go champ' !

Thank you @iprok and @pbolle for the complete and useful answer Instead of loading the whole issue webpage which may be low if there are a lot of comments I wanted to use the Redmine REST API. It looks like auth is mandatory and give the mentioned issue. Rolling back to 750e602 may fix the problem (rolling back the checkVersion function update)

To much credit ^^ I would gladly if I known how to.

In the mean time I disabled the conflict check, and it's working. No more auth popup.

I'll patiently wait for you or the community to fix then :)
thanks for your work

Answer 8 · 2023-04-12T05:57:14.000Z

Has the issue been resolved? When can we expect the fixed version to be released?

Answer 9 · 2023-04-13T14:20:53.000Z

Ok, fix deployed on my redmine and looks functional to me.

Well done @k41n , thanks a lot :)

Answer 10 · 2023-09-27T16:10:54.000Z

Can we get a fixed version for this issue? My org will not allow the use of patches/unofficial versions, and this is causing issues since we are also under pressure to disable basic auth.