Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
Entry   wrong server HTTP status code when login failed, posted by Chris Körner on Thu Oct 21 14:57:14 2021 
    icon2.gif   Re: wrong server HTTP status code when login failed, posted by Chris Körner on Thu Oct 21 15:19:16 2021 
Message ID: 69403     Entry time: Thu Oct 21 15:19:16 2021     In reply to: 69401
Icon: Reply  Author: Chris Körner  Author Email: chris.koerner@physik.uni-halle.de 
Category: Bug report  OS: Linux  ELOG Version: 3.14 
Subject: Re: wrong server HTTP status code when login failed 

Seems like I've discovered another bug here related to umlauts in my name. :D 

I was submitting this post and forgot to put an icon. Elog seems to have saved a copy of my message, which I could not edit since my username does not match the bugged name saved for this message.

Chris Körner wrote:

Hi,

I am trying to access elog through a python client (https://github.com/paulscherrerinstitute/py_elog) and found a strage strange behavior which may be related server side problem. The python script generates get/post messages via the python requests library. This works fine so far and I can view and post messages. However, if a wrong user/password is provided, the server still returns HTTP status code "200 OK", although login failed. Instead, it should return something like "401 Unauthorized". This behavior later causes problems since the python client thinks login was successful. After experimenting around I think this could be caused by a server side misconfiguration. Any ideas?

I am not sure if this imformation is important: We use LDAP as user/password provider for elog.

 

ELOG V3.1.5-fe60aaf