[ckan-dev] problems with api authentication

Tue Aug 9 12:19:19 UTC 2016

Ian and Adrià,

Thanks for your help.

I've tried disabling extensions to no effect.

Here is the verbose results from curl...

> POST /api/3/action/resource_update HTTP/1.1
> Host: data.ctdata.org
> User-Agent: curl/7.43.0
> Accept: */*
> Authorization:<API-KEY>
> Content-Length: 300
> Expect: 100-continue
> Content-Type: multipart/form-data;
boundary=------------------------f8151c03db98b3cd
>
< HTTP/1.1 100 Continue
< HTTP/1.1 403 Forbidden
< Server: nginx/1.4.6 (Ubuntu)
< Date: Tue, 09 Aug 2016 12:05:08 GMT
< Content-Type: application/json;charset=utf-8
< Content-Length: 245
< Connection: keep-alive
< Pragma: no-cache
< Cache-Control: no-cache
< Access-Control-Allow-Origin: *
* HTTP error before end of send, stop sending
<
* Closing connection 0

Does anything here seem "off". It looks reasonable to me.

Using the same user account I am able to create and modify resources on the
dataset using the GUI...

On Tue, Aug 9, 2016 at 8:00 AM, Adrià Mercader <adria.mercader at okfn.org>
wrote:

> Also check for new extensions that might be messing with the
> authorization (ie try disabling extensions and see if it works)
>
>
> Adrià
>
> On 9 August 2016 at 12:52, Ian Ward <ian at excess.org> wrote:
> > Has anything changed about your web server configuration? run curl
> > with -v to see if you're getting a redirect or something. Is it
> > possible the header is being stripped out along the way?
> >
> > On Tue, Aug 9, 2016 at 7:36 AM, Sasha Cuerda <scuerda at ctdata.org> wrote:
> >> Hello Adrià,
> >>
> >> Yeah, that's what's so puzzling about this. I have certainly executed
> this
> >> call before, using the same server and the same api key. I created a new
> >> sysadmin account and tried using the same call w/ the new api key and
> >> received the same error.
> >>
> >> Is there anything about the group / org permissions that would impact
> this
> >> behavior? I would think that sysadmin's would always have permissions to
> >> edit / update any dataset / resource, but I may be misunderstanding the
> >> permissions system.
> >>
> >> Sasha
> >>
> >> On Tue, Aug 9, 2016 at 5:43 AM, Adrià Mercader <adria.mercader at okfn.org
> >
> >> wrote:
> >>>
> >>> Hi Sasha,
> >>>
> >>> On 8 August 2016 at 22:17, Sasha Cuerda <scuerda at ctdata.org> wrote:
> >>> > {
> >>> >     "message": "Access denied: <function resource_update at
> >>> > 0x7efead4c4848>
> >>> > requires an authenticated user",
> >>> >     "__type": "Authorization Error"
> >>> > }
> >>> This error occurs when there is no user logged in or an auth header
> >>> was not sent at all OR the user was not found (ie the API key is
> >>> incorrect). Can you double check your header name and value?
> >>>
> >>> Other than that your same calls work for me on master.
> >>>
> >>> Adrià
> >>> _______________________________________________
> >>> ckan-dev mailing list
> >>> ckan-dev at lists.okfn.org
> >>> https://lists.okfn.org/mailman/listinfo/ckan-dev
> >>> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
> >>
> >>
> >>
> >>
> >> --
> >> CT Data Collaborative, Director of Technology
> >> 805 Brook St Building 4
> >> Rocky Hill, CT 06067
> >> M: (860) 385-4860
> >>
> >> _______________________________________________
> >> ckan-dev mailing list
> >> ckan-dev at lists.okfn.org
> >> https://lists.okfn.org/mailman/listinfo/ckan-dev
> >> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
> >>
> > _______________________________________________
> > ckan-dev mailing list
> > ckan-dev at lists.okfn.org
> > https://lists.okfn.org/mailman/listinfo/ckan-dev
> > Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>

-- 
CT Data Collaborative, Director of Technology
805 Brook St Building 4
Rocky Hill, CT 06067
M: (860) 385-4860
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20160809/9dc0c5a7/attachment-0003.html>