Skip to content

Basic auth credentials get re-passed too often #135

New issue
New issue
Open
Open
Basic auth credentials get re-passed too often#135
Labels
Status: UntriagedAn issue that has yet to be triaged.
@kedean

Description

@kedean
kedean
opened on Oct 27, 2020

Version:

3.0.15

Environment:

JFrog Cloud, access is from a CentOS 7 using Ruby 2.4.3p205, also replicated with 2.6.3p62 on MacOS 10.14.6

Scenario:

In the newest version of JFrog Cloud, artifact downloads often result in a 302 redirect. The redirect is handled by recursing to the redirect location, but the username/password are passed as basic auth credentials every time. When the redirect to AWS S3 is made, amazon interprets those basic auth credentials as s3 authentication and rejects the request with HTTP 400.

This does not happen when using api keys, since S3 does not intercept the custom header. This also doesn't happen with api requests, since those don't seem to trigger redirects.

Steps to Reproduce:

Request an artifact from the newest version of hosted Artifactory with username/password authentication

Expected Result:

An HTTP 200 and successful download

Actual Result:

An HTTP 400 and no payload

Metadata

Metadata

Assignees

No one assigned

    Labels

    Status: UntriagedAn issue that has yet to be triaged.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions