[ZBXNEXT-8425] HTTP basic auth username / password longer than 64 characters Created: 2021 Mar 29  Updated: 2024 Jun 27  Resolved: 2023 May 24

Status: Closed
Project: ZABBIX FEATURE REQUESTS
Component/s: API (A), Frontend (F)
Affects Version/s: None
Fix Version/s: 7.0.0alpha1, 7.0 (plan)

Type: Change Request Priority: Trivial
Reporter: Jackson W Assignee: Janis Freibergs
Resolution: Fixed Votes: 5
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: Not Specified Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Attachments: File ZBX-19181.patch     PNG File image-2023-05-16-09-13-48-896.png     PNG File image-2023-05-17-11-20-55-340.png     File input_params.php     PNG File screenshot-1.png     PNG File screenshot-2.png    
Issue Links:
Duplicate
Sub-Tasks:
Key
 Summary
 Type
 Status
 Assignee
ZBXNEXT-8426 Server changes to support HTTP basic ... Specification change (Sub-task) Closed Konstantins Prutkovs  
Epic Link: Zabbix 7.0
Team: Team D
Sprint: Sprint 99 (Apr 2023), Sprint 100 (May 2023)
Story Points: 1

 Description   

Steps to reproduce:

  1. Create a HTTP agent item
  2. Change HTTP authentication to "Basic"
  3. Attempt to input either username or password exceeding 64 characters in length.
  4. (Additionally) Set a macro to the desired string, and use said macro in the username or pasword field of the item instead.

Result:

Field length is limited to 64 characters. Additional input is discarded. For anything that uses HTTP Basic usernames / passwords that exceed 64 characters, it's impossible to enter the entire string.

(Addittionally) When a macro is used for the HTTP username / password, the resulting Basic authorization header omits a username / password that exceeds 64 characters in length. As an example, having an 80 character user and 80 character password will return a header who's value is "Og==", which decodes to ":".

Expected:

Field should allow inputting of strings longer than 64 characters for cases where a username / password exceed 64 characters in length (e.g., OPNsense's API key / API secret, which are 80 characters, hard-coded)

 

(Additionally) When using a macro that exceeds 64 characters in length, the value should be included in the HTTP authorization header as usual, instead of being completely absent.

 Comments   
Comment by Marco Hofmann [ 2021 Mar 29 ]

Our company is currently switching to Opensense, and we are interested in monitoring Opensense via its RestAPI, see here: https://docs.opnsense.org/development/api.html

The limitation of the Username / Password field to 64 chars makes this unnecessary complicated. Please consider increasing the field size.

Comment by Stefan [ 2022 Nov 08 ]

I wrote a patch, I hope it helps

Comment by Oleg Gawriloff [ 2023 Feb 12 ]

Any news on that?

Comment by Alex Kalimulin [ 2023 Apr 27 ]

Converted to ZBXNEXT.

This should be done by increasing UI and DB field lengths from varchar(64) to varchar(255) in:

  1. HTTP agent items (items.username, items.password) (all authentication types)
  2. Web scenarios (httptest.http_user, httptest.http_password) (all authentication types)
  3. Connectors (connector.username, connector.password) (all authentication types)

Other authentication types (not only Basic) should benefit from the change as these are also not limited to 64 chars.

Comment by Alexei Vladishev [ 2023 Apr 28 ]

It is coming in Zabbix 7.0 LTS, already in development.

Comment by Janis Freibergs [ 2023 May 11 ]

Implemented in development branch feature/ZBXNEXT-8425-6.5

Comment by Janis Freibergs [ 2023 May 19 ]

Implemented in 7.0.0alpha1 (master) e2d4823ce4e

Comment by Arturs Dancis [ 2023 May 24 ]

Documentation (7.0) updated:

Generated at Tue Mar 25 20:26:42 EET 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.