Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: 6.1.0, 6.2.0
    • Fix Version/s: None
    • Component/s: Web UI
    • Labels:
      None
    • Environment:

      jfrog-artifactory-pro - 6.2.0 (official deb package)
      Ubuntu 14.04

      Description

      Steps to reproduce the issue:

      • generate API Key
      • save
      • try to open any other user page (user with a proper admin permissions)

      As a result I will get a screen:
      https://www.dropbox.com/s/j89kw9z4szor0uv/Screenshot%202018-08-10%2018.21.55.png?dl=0

      The request that fails looks like that (sniffed traffic with ngrep)

      #
      T 10.8.66.62:25886 -> 10.8.72.101:8081 [AP]
      GET /artifactory/ui/userApiKey HTTP/1.1.
      host: artifactory.domain.com.
      accept: application/json, text/plain, */*.
      x-requested-with: artUI.
      serial: 149.
      request-agent: artifactoryUI.
      user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36.
      referer: https://artifactory.domain.com/artifactory/webapp/.
      accept-language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7.
      cookie: SESSION=12345678-abcd-efgh-abcd-123456789012.
      X-Forwarded-Host: artifactory.domain.com.
      Fastly-Orig-Accept-Encoding: gzip, deflate, br.
      Accept-Encoding: gzip.
      x-url: /artifactory/ui/userApiKey.
      .
      
      #
      T 10.8.72.101:8081 -> 10.8.66.62:25886 [AP]
      HTTP/1.1 401 Unauthorized.
      Server: Artifactory/6.2.0.
      X-Artifactory-Id: 177435dbd65a1d08:38c7d8c4:1651b6f49b8:-8000.
      Access-Control-Allow-Methods: GET, POST, DELETE, PUT.
      Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-Codingpedia.
      Cache-Control: no-store.
      Artifactory-UI-messages: [].
      SessionValid: true.
      Content-Type: application/json.
      Transfer-Encoding: chunked.
      Date: Sat, 11 Aug 2018 00:25:22 GMT.
      .
      1b.
      {"error":"Bad credentials"}.
      

      Request like that for /artifactory/ui/userApiKey is executed in many places, another spotted place was when I tried to open "Set Up" in repo.

      Once API Key is revoked everything works fine again.

      The issue I can reproduce with a local users and with SSO.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lukasz Łukasz Jagiełło
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: