Basic auth credentials get re-passed too often

Question

Basic auth credentials get re-passed too often

Opened this issue 4 years ago · 0 comments

kedean commented 4 years ago

Version:

3.0.15

Environment:

JFrog Cloud, access is from a CentOS 7 using Ruby 2.4.3p205, also replicated with 2.6.3p62 on MacOS 10.14.6

Scenario:

In the newest version of JFrog Cloud, artifact downloads often result in a 302 redirect. The redirect is handled by recursing to the redirect location, but the username/password are passed as basic auth credentials every time. When the redirect to AWS S3 is made, amazon interprets those basic auth credentials as s3 authentication and rejects the request with HTTP 400.

This does not happen when using api keys, since S3 does not intercept the custom header. This also doesn't happen with api requests, since those don't seem to trigger redirects.

Steps to Reproduce:

Request an artifact from the newest version of hosted Artifactory with username/password authentication

Expected Result:

An HTTP 200 and successful download

Actual Result:

An HTTP 400 and no payload