View Issue Details

IDProjectCategoryView StatusLast Update
0028173mantisbtapi restpublic2021-04-11 06:02
ReporterKaosSpectrum Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status feedbackResolutionopen 
Summary0028173: Auth key always returns "me" as anonymous user.
Description

When i access the rest api, it always returns Anonymous for "me", even tho I am supplying the correct Auth key.

[test@vmi354440 restcore]# curl --location -g --request GET 'http://XXXX.dev/api/rest/users/me' --header 'Authorization: XXXXXXXX'
{"id":27,"name":"anonymous","email":"anonymous@localhost","language":"english","timezone":"UTC","access_level":{"id":25,"name":"reporter","label":"reporter"},"projects":[{"id":3,"name":"XXXX - Public"}]}

[test@vmi354440 restcore]#

Not sure what else to do, but it really seems odd.

TagsNo tags attached.

Activities

atrol

atrol

2021-04-06 15:25

developer   ~0065336

I am not able to reproduce on https://www.mantisbt.org/bugs
Are you able to reproduce on our instance?

KaosSpectrum

KaosSpectrum

2021-04-06 15:43

reporter   ~0065337

No your version returns me just fine, so what could be causing this?

atrol

atrol

2021-04-06 16:04

developer   ~0065338

Are you using latest released version (2.25.0 at the moment)?

KaosSpectrum

KaosSpectrum

2021-04-06 16:49

reporter   ~0065339

I am yes

atrol

atrol

2021-04-06 17:10

developer   ~0065340

Did you create any API Token for user anonymous?
If yes, remove it to be complete sure that you don't use the wrong token.

What do you see on the My Accoount > API Tokens page of the "me" user?
Is "Last Used" set to a date, or is ist set to "Never Used"?

KaosSpectrum

KaosSpectrum

2021-04-06 17:17

reporter   ~0065341

Says it is never used, And i don't know if anonymous has any API tokens, nor do I know how to give it one.

atrol

atrol

2021-04-06 17:44

developer   ~0065342

And i don't know if anonymous has any API tokens, nor do I know how to give it one.

Maybe someone created the token when the user was created before the user has been set as the $g_anonymous_account.
BTW, the access level of your anonymous user is set to REPORTER.
According Admin Guide it is suggested that the access level for this account be set to VIEWER or some other read only level.

As I am not able to reproduce, a complete and detailed description is required for the support team to get a clear understanding of the problem.

You should provide detailed, step-by-step instructions to reproduce the issue starting from a fresh install; the additional information listed below may also be useful:

  • Exact version of PHP, Database, Web server and Operating System
  • Relevant customizations (e.g. changes in config_inc.php, etc)
  • Installed plugins or custom functions ?
  • Was the MantisBT source code modified in any way ?
KaosSpectrum

KaosSpectrum

2021-04-06 17:52

reporter   ~0065343

General
CPU Intel(R) Xeon(R) CPU E5-2630 v4 @ 2.20GHz (6 core(s))
Version Plesk Obsidian v18.0.33_build1800210225.14 os_CentOS 7
OS CentOS Linux 7.9.2009 (Core)
Key number PLSK.
System Uptime: 54 day(s) 22:07

php73 7.3.27-1centos.7.210304.1553
php74 7.4.16-1centos.7.210305.1515
mysql 10.2.37-1.el7.centos
nginx 1.18.0.2-2.centos.7+p18.0.33.1+t210225.1402
httpd 2.4.6-97.el7.centos

The anonymous account was created and set straight as the anonymous account

No changes to source code for mantis.

$g_hostname = 'localhost';
$g_db_type = 'mysqli';
$g_database_name = 'admin_XXmantis';
$g_db_username = 'admin_XXmantis';
$g_db_password = 'XXX';

$g_db_table_prefix = 'iwman';
$g_db_table_plugin_prefix = 'iwplug';

$g_default_timezone = 'UTC';

$g_crypto_master_salt = 'XXXXXXX';
$g_webmaster_email = XX@interkaos.com';
$g_from_email = 'XXX@thegames.dev'; # the "From: " field in emails
$g_return_path_email = 'XXX@thegames.dev'; # the return address for bounced mail
$g_from_name = 'Ironward Bug Tracker';

$g_window_title = 'Ironward Bug Tracker';

$g_logo_image = 'images/mantis_logo.png';
$g_favicon_image = 'images/favicon.ico';

$g_show_realname = ON;
$g_show_user_realname_threshold = DEVELOPER; # Set to access level (e.g. VIEWER, REPORTER, DEVELOPER, MANAGER, etc)
$g_antispam_max_event_count = 10;
$g_antispam_time_window_in_seconds=600;

$g_allow_anonymous_login = ON;
$g_anonymous_account = 'anonymous';

$g_max_file_size = 33554432;

KaosSpectrum

KaosSpectrum

2021-04-06 17:53

reporter   ~0065344

Last edited: 2021-04-06 18:00

Pretty much a fresh mantis install.

Maybe its linked to PHP-FPM? I don't know.

WIll try with a fresh mantis install.

KaosSpectrum

KaosSpectrum

2021-04-06 18:35

reporter   ~0065345

Fresh install still does not allow me to use the API, now I am curious if its some setup that plesk does.

atrol

atrol

2021-04-11 06:02

developer   ~0065361

Fresh install still does not allow me to use the API

You mean that the API does not work at all?
If so, you might have to enable URL rewriting.

Run also admin/check/index.php and fix any errors / warnings you might get.