View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0035233 | mantisbt | api rest | public | 2025-01-13 10:45 | 2025-02-07 11:18 |
Reporter | raspopov | Assigned To | community | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | resolved | Resolution | fixed | ||
Product Version | 2.27.0 | ||||
Target Version | 2.27.1 | Fixed in Version | 2.27.1 | ||
Summary | 0035233: REST API fail external authentication | ||||
Description | MantisBT has difficulty authenticating a REST API user if web server authentication is used. MantisBT believes that the HTTP ‘Authorisation’ header is used solely for its authorization token, and does not attempt to apply any other method (cookie or anonymous) of authentication when it is present. | ||||
Tags | No tags attached. | ||||
Thanks for your contribution. You are using $g_login_method = HTTP_AUTH ? |
|
I'm using my plugin MantisExtAuth and it works perfectly with HTTP_LDAP or HTTP_AUTH, it doesn't matter if PR 1308 is also applied. |
|
MantisBT: master-2.27 3af60d47 2025-02-01 04:58 Committer: community Details Diff |
REST API authentication fall back to default checks If the initial authentication token check fails, we fall back to default checks. This will help in situations where the request contains an "Authorization:" header that does not contain a token because another authentication method is being used, such as cookies or anonymous. Fixes 0035233, PR https://github.com/mantisbt/mantisbt/pull/2071 |
Affected Issues 0035233 |
|
mod - api/rest/restcore/AuthMiddleware.php | Diff File |