[ZBXNEXT-5154] The zabbix API for authentication should return an HTTP error code when the authentication fail Created: 2019 Mar 30 Updated: 2019 Apr 01 |
|
| Status: | Open |
| Project: | ZABBIX FEATURE REQUESTS |
| Component/s: | API (A) |
| Affects Version/s: | 3.0.26 |
| Fix Version/s: | None |
| Type: | Change Request | Priority: | Major |
| Reporter: | Andre Rodier | Assignee: | Zabbix Development Team |
| Resolution: | Unresolved | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
Steps to reproduce:
Expected:
|
| Comments |
| Comment by Andre Rodier [ 2019 Mar 30 ] |
|
Here a test using Ansible URI module ok: [homebox] => changed=false access_control_allow_headers: Content-Type access_control_allow_methods: POST access_control_allow_origin: '*' access_control_max_age: '1000' cache_control: no-cache connection: close content_type: application/json cookies: {} cookies_string: '' date: Sat, 30 Mar 2019 06:14:10 GMT expires: Thu, 01 Jan 1970 00:00:01 GMT json: error: code: -32602 data: Login name or password is incorrect. message: Invalid params. id: '1' jsonrpc: '2.0' msg: OK (unknown bytes) redirected: false server: nginx status: 200 strict_transport_security: max-age=31536000; transfer_encoding: chunked url: https://zabbix.rodier.me/api_jsonrpc.php The status should be 403, not 200. |
| Comment by Arturs Lontons [ 2019 Apr 01 ] |
|
Hi, |
| Comment by Andre Rodier [ 2019 Apr 01 ] |
|
Thank you, I understand this is by design. I am sure you'll find a way to make this compliant with REST API standards. |