Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication Error when using Hive API (Patch) #951

Closed
RtKelleher opened this issue Apr 9, 2019 · 7 comments
Closed

Authentication Error when using Hive API (Patch) #951

RtKelleher opened this issue Apr 9, 2019 · 7 comments
Labels
bug need:feedback

Comments

@RtKelleher
Copy link

RtKelleher commented Apr 9, 2019
edited
Loading

Authentication error while attempting to PATCH a case via Hive API

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu
TheHive version / git hash Latest
Package Type DEB

Problem Description

Receiving a 401 non-auth when attempting to update the case via API. API key works for POST but not PATCH

Steps to Reproduce

  1. curl -XGET -H 'Authorization: Bearer correct key' hxxp://redacted:9000/api/case/AWmmIanujG3xWCFBpAsG

  2. curl -v -XPATCH -H 'Authorization: Bearer: correct key' -H "Content-type: application/json" -d '{"resolutionStatus": "Other","summary": "auto - closed by user request(Hive API)"}' 'hxxp://redacted.com:9000/api/case/AWmmIanujG3xWCFBpAsG'

  3. curl -v --request PATCH -H 'Authorization: Bearer: correct key' -H "Content-type: application/json" -d '{"resolutionStatus": "Other","summary": "auto - closed by user request(Hive API)"}' 'hxxp://redacted>:9000/api/case/AWmmIanujG3xWCFBpAsG'

Possible Solutions

Unknown

Complementary information

  • User is Read, Write, API
  • 1 works where 2/3 don't
  • (/edit)PATCH works if you utilize basic authorization, including log the bottom.

Application Log
`2019-04-09 13:44:09,478 [ERROR] from org.elastic4play.controllers.Authenticated in application-akka.actor.default-dispatcher-17 - Authentication failure:
session: AuthenticationError User session not found
pki: AuthenticationError Certificate authentication is not configured
key: AuthenticationError Only bearer authentication is supported
init: AuthenticationError Use of initial user is forbidden because users exist in database'

'2019-04-09 13:44:09,479 [INFO] from org.elastic4play.ErrorHandler in application-akka.actor.default-dispatcher-17 - PATCH /api/case/:AWmmIanujG3xWCFBpAsG returned 401
org.elastic4play.AuthenticationError: Authentication failure
at org.elastic4play.controllers.Authenticated.$anonfun$getContext$4(Authenticated.scala:261)
at scala.concurrent.Future.$anonfun$flatMap$1(Future.scala:303)
at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:37)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:44)
at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)`

Curl output -Verbose

Trying Remote Ip...
TCP_NODELAY set
Connected to redacted.com (Remote IP) port 9000 (#0)
PATCH /api/case/AWmmIanujG3xWCFBpAsG HTTP/1.1
Host: redacted.com:9000
User-Agent: curl/7.54.0
Accept: /
Authorization: Bearer: correct key
Content-type: application/json
Content-Length: 82
upload completely sent off: 82 out of 82 bytes
< HTTP/1.1 401 Unauthorized
< Date: Tue, 09 Apr 2019 17:53:52 GMT
< Content-Type: application/json
< Content-Length: 65
Connection #0 to host redacted.com left intact

Relevant Application.conf
/etc/thehive# cat application.conf
search {
index = the_hive
cluster = hive
host = ["127.0.0.1:9300"]
}
auth {
provider = [local, ad]
ad {
domainFQDN = "MYDOMAIN.local"
serverNames = [ADSERVER1, ADSERVER2]
domainName = "MYDOMAIN"
useSSL = true
}
}
{
warning = 5m
inactivity = 1h
}
play.http.parser.maxMemoryBuffer= 1M
play.http.parser.maxDiskBuffer = 1G
play.modules.enabled += connectors.cortex.CortexConnector
cortex {
"CORTEX-SERVER-ID" {
url = "http://127.0.0.1:9001"
key = "somekey"
}
}
play.http.secret.key="somekey"

Works with Basic Auth
curl -v --request PATCH -u user:pw -H "Content-type: application/json" -d '{"resolutionStatus": "Other","summary": "auto - closed by user request(Hive API)"}' http://server9000/api/case/AWmmIanujG3xWCFBpAsG

Trying server...
TCP_NODELAY set
Connected to server (server) port 9000 (#0)
Server auth using Basic with user 'user'
PATCH /api/case/AWmmIanujG3xWCFBpAsG HTTP/1.1
Host: server:9000
Authorization: Basic redacted
User-Agent: curl/7.54.0
Accept: /
Content-type: application/json
Content-Length: 82
upload completely sent off: 82 out of 82 bytes
< HTTP/1.1 200 OK
< Set-Cookie: THE_HIVE_SESSION=session cookie; SameSite=Lax; Path=/; HTTPOnly
< Date: Tue, 09 Apr 2019 19:39:30 GMT
< Content-Type: application/json
< Content-Length: 695
< Connection #0 to host server left intact
< {"flag":false,"customFields":{"serviceNowTicketNumber":
< {"string":null,"order":1}},"description":"","title":"=ETC......"}
@crackytsi
Copy link

In 2 and 3 there is a ":" before the caseid. Thats wrong.
Seems to be your problem...

@RtKelleher
Copy link
Author

RtKelleher commented Apr 9, 2019
edited
Loading

In 2 and 3 there is a ":" before the caseid. Thats wrong.
Seems to be your problem...

The above : was a typo from an earlier attempt. I get the same error without :. Updated the original question to prevent further confusion.

curl -v --request PATCH -H 'Authorization: Bearer: ' -H "Content-type: application/json" -d '{"resolutionStatus": "Other","summary": "auto - closed by user request(Hive API)"}' 'http://.com:9000/api/case/AWmmIanujG3xWCFBpAsG'

TCP_NODELAY set
Connected to .com () port 9000 (#0)
PATCH /api/case/AWmmIanujG3xWCFBpAsG HTTP/1.1
Host: .com:9000
User-Agent: curl/7.54.0
Accept: /
Authorization: Bearer:
Content-type: application/json
Content-Length: 82
upload completely sent off: 82 out of 82 bytes
< HTTP/1.1 401 Unauthorized
< Date: Tue, 09 Apr 2019 18:19:30 GMT
< Content-Type: application/json
< Content-Length: 65

Same with -XPATCH

@crackytsi
Copy link

I guess you correctly added the API key (because it is missing and not marked as repalced here)...?

Did you try authentication using Basic-auth with user/Password?
curl -XPATCH -u user:password ....

@RtKelleher
Copy link
Author

I guess you correctly added the API key (because it is missing and not marked as repalced here)...?

Did you try authentication using Basic-auth with user/Password?
curl -XPATCH -u user:password ....

Yes to both of your questions, I also tried other APIs/making a new API key as part of the above steps.

@nadouani
Copy link
Contributor

PATCH and POST use the same authentication check. I don't get why it could work for POST and not for PATCH

@nadouani
Copy link
Contributor

Are you using

-H "Authorization: Bearer XXXX"

or

-H "Authorization: Bearer:XXXX"

@RtKelleher
Copy link
Author

Are you using

-H "Authorization: Bearer:XXXX"

without the extra : it worked, thank you for your assistance

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug need:feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nadouani @RtKelleher @crackytsi