Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
Entry   wrong server HTTP status code when login failed, posted by Chris Körner on Thu Oct 21 14:57:14 2021 
    icon2.gif   Re: wrong server HTTP status code when login failed, posted by Chris Körner on Thu Oct 21 15:19:16 2021 
This is a draft message, edit and submit it to make it permanent  
Message ID: 69401     Entry time: Thu Oct 21 14:57:14 2021     Reply to this: 69403
Icon:   Author: Chris Körner  Author Email: chris.koerner@physik.uni-halle.de 
Category: Bug report  OS: Linux  ELOG Version: 3.14 
Subject: wrong server HTTP status code when login failed 

Hi,

I am trying to access elog through a python client (https://github.com/paulscherrerinstitute/py_elog) and found a strage strange behavior which may be related server side problem. The python script generates get/post messages via the python requests library. This works fine so far and I can view and post messages. However, if a wrong user/password is provided, the server still returns HTTP status code "200 OK", although login failed. Instead, it should return something like "401 Unauthorized". This behavior later causes problems since the python client thinks login was successful. After experimenting around I think this could be caused by a server side misconfiguration. Any ideas?

I am not sure if this imformation is important: We use LDAP as user/password provider for elog.

ELOG V3.1.5-fe60aaf