Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-20562

Artifactory returns a 404 error for NPM instead of 403 if the user does not have permission to the repository

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Steps to reproduce:

      1. Create NPM virtual, remote and local repositories.
      2. Create a user and remove the default "Readers" group for the user.
      3. Make sure there is no group or permission that gives that user read access to the NPM repositories.
      4. Make sure that the "Hide Existence of Unauthorized Resources" is NOT enabled.
      5. Perform the "npm config set registry.." and "npm login" commands as usual.
      6. Try to download a random package (in my example - byte@1.0.0) and see that you get a 404 error instead of 403.
      7. Look at the request.log and see that Artifactory returns 404 instead of 403.

      Sample request and output:

      npm install byte@1.0.0  ✔  10300  15:09:37

      npm ERR! code E404

      request.log:

      20191110125801|23|REQUEST|82.81.195.5|adiv|GET|/api/npm/npm/byte|HTTP/1.1|404|0

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              adiv Adi Vizgan
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: