centreon/centreon-archived

21.10.13 - API user with admin privileges no longer able to authenticate

flex-pgum opened this issue · 1 comments

flex-pgum commented

BUG REPORT INFORMATION

Prerequisites

The opened issue, must be code related. GitHub is not meant for support. Feel free to check the CONTRIBUTING section for more details.

Versions

Centreon Web 21.10.13

Operating System

CentOS 7

Browser used

  • Google Chrome
  • Firefox
  • Internet Explorer IE11
  • Safari
  • Postman
  • Curl

Description

-- Describe the encountered issue --

Steps to Reproduce

Please describe precisely the steps to reproduce the encountered issue.

  1. Create new user with following permissions:
    • admin: true
    • reach api configuration: true
    • reach api realtime: true
    • reach centreon front-end: false
  2. Call the authenticate endpoint with the credentials of the newly created user using curl or postman ("{server}/centreon/api/latest/login")

Describe the received result

HTTP 401 Unauthorized

Describe the expected result

json containing a token

Additional relevant information (e.g. frequency, ...)

already found the cause for this problem:
in the 21.10.13 patch was a change to the "www/class/centreonAuth.class.php" on line 234 regarding the login requirements

it would be very helpful for not just us but i would say everyone, when a user who is only used for accessing the api is able to get a token but not able to reach the frontend because he doesn't need it

itsul commented

We can confirm this issue too. We are using a API Users for scripts which stop working on 21.10.13. We had to give the users the permissoin to reach the centreon front-end. Else we got the same error. The behavior should be changed as before.