View Issue Details

IDProjectCategoryView StatusLast Update
0035233mantisbtapi restpublic2025-02-07 11:18
Reporterraspopov Assigned Tocommunity  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.27.0 
Target Version2.27.1Fixed in Version2.27.1 
Summary0035233: REST API fail external authentication
Description

MantisBT has difficulty authenticating a REST API user if web server authentication is used. MantisBT believes that the HTTP ‘Authorisation’ header is used solely for its authorization token, and does not attempt to apply any other method (cookie or anonymous) of authentication when it is present.

TagsNo tags attached.

Activities

raspopov

raspopov

2025-01-13 10:56

reporter   ~0069675

PR: https://github.com/mantisbt/mantisbt/pull/2071

dregad

dregad

2025-01-13 11:26

developer   ~0069677

Thanks for your contribution.

You are using $g_login_method = HTTP_AUTH ?

raspopov

raspopov

2025-01-13 11:53

reporter   ~0069678

I'm using my plugin MantisExtAuth and it works perfectly with HTTP_LDAP or HTTP_AUTH, it doesn't matter if PR 1308 is also applied.

Related Changesets

MantisBT: master-2.27 3af60d47

2025-02-01 04:58

raspopov

Committer: community


Details Diff
REST API authentication fall back to default checks

If the initial authentication token check fails, we fall back to default
checks. This will help in situations where the request contains an
"Authorization:" header that does not contain a token because another
authentication method is being used, such as cookies or anonymous.

Fixes 0035233, PR https://github.com/mantisbt/mantisbt/pull/2071
Affected Issues
0035233
mod - api/rest/restcore/AuthMiddleware.php Diff File