Rest-Api basic authentication fails

Zwixx · October 11, 2020, 11:06pm

I use a XWiki with the build-in authentication. If I try to access some rest pages with this account this works without problems (in Firefox).

If I try the credentials in a curl command (like the example in the Rest-Documentation ) I get the following error:

{“code”:401,“contactEmail”:null,“description”:“The request requires user authentication”,“homeRef”:"/",“reasonPhrase”:“Unauthorized”,“uri”:“http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2”}

Is there a simple reason why this won’t work? Where could I get more information whats going on?

XWiki-Version 12.2, openjdk version “1.8.0_265”

surli · October 12, 2020, 7:37am

Hi @Zwixx,

Note that it might be sometimes error-prone to check accessing a protected resource in Firefox, since depending how you access it, you might actually use your current cookie session for the authentication. Typically if you have opened a session in a tab in your wiki, and you’re trying to perform a get in another tab on the REST API, you’ll actually use the same session for it. This is also true for some REST extensions.
Best if you want to really check on Firefox is by opening a private window for it.

First of all check the logs from your servlet engine (Tomcat or jetty, depending your installation, see: https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Logging#HLogLocation).

Now I can imagine two reasons why you couldn’t get to your page:

you didn’t provide right credentials, obviously, but I guess you check that already
you actually made mistakes with your credentials while testing, and you blocked your account with the security mechanism (https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Authentication/#HSecurity). Just try to login in the wiki, not using REST API but standard UI, and check if you’re asking for a CAPTCHA to solve: if that the case, then it was that. Just solve the captcha, and authenticate, and your REST call should work properly.

Zwixx · October 12, 2020, 4:21pm

Firefox works fine. No Problem. That’s because I’m confused.

Yes, the log says:

3 times:
2020-10-12 18:11:25,604 [http://ddd.tld:8080/xwiki/rest/wikis/.../spaces/.../spaces/Addons/spaces/Listener/pages/WebHome] WARN nticationFailureLoggerListener
Authentication failure with login [RestUserName]
At last:
Okt 12, 2020 6:32:37 PM org.xwiki.rest.internal.XWikiSecretVerifier verify
WARNUNG: Cannot authenticate ‘RestUserName’.

yes, many times.

No, I logged in with Firefox, test while I’m logged in logged out and in… and so on.

The right user is in the logs, but no success on login.

surli · October 12, 2020, 4:40pm

Sounds like the 3 times it’s an authentication failure problem (so wrong credentials) and the final one, is because you blocked your account: you need to logout and login back on firefox with the captcha resolution.
Now if you’re using same credentials to login on firefox, I don’t see why it doesn’t work on curl, maybe a problem with some special characters? Maybe you could reset your password to something simpler for a simple test, and try back with a more complex one to see if the problem is not there?

Zwixx · October 12, 2020, 5:12pm

No, the Account is not blocked.

I found a thing, that’s weird. The User I used is a User of a subwiki. The Admin credentials works. Is there a problem with Users of a subwiki?

surli · October 13, 2020, 7:54am

Apparently there is: I just reproduced locally. I didn’t find an existing JIRA issue for it so I’ll create a new one.
[EDIT: I opened https://jira.xwiki.org/browse/XWIKI-17936 for it]