Project

General

Profile

action #53891

[openqa] Posting comments results in getting comments unless the URI scheme is specified

Added by rpalethorpe almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Concrete Bugs
Target version:
-
Start date:
2019-07-05
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Take the following:

rich@rpws ~> openqa-client --host openqa.opensuse.org --apikey CB3705D3354546E0 --apisecret XXX jobs/975114/comments POST text=test123
[
{
bugrefs => [],
created => "2019-07-05 08:15:47 +0000",
id => 43271,
renderedMarkdown => "update comment test\n",
text => "update comment test",
updated => "2019-07-05 08:45:11 +0000",
userName => "rpalethorpe",
},
]
rich@rpws ~> openqa-client --host https://openqa.opensuse.org --apikey CB3705D3354546E0 --apisecret XXX jobs/975114/comments POST text=test123
{ id => 43287 }

okurz thinks this may be due to https://github.com/os-autoinst/openQA/pull/2110.

Note that this only happens on O3 and not OSD. I also tried using two different versions of the openqa-client. Also the following works:

openqa-client --host openqa.opensuse.org --apikey CB3705D3354546E0 --apisecret XXX jobs/975114/comments/43271 PUT text="update comment test"
{ id => 43271 }

So the problem maybe only effects POST requests.

History

#1 Updated by okurz almost 3 years ago

  • Description updated (diff)
  • Assignee set to kraih

As O3 and OSD have been mentioned: OSD has an older version of openQA than O3. The diff is 4.6.1558532409.ab91f319..4.6.1561959871.3b6d67be

kraih could that be related to https://github.com/os-autoinst/openQA/pull/2110 ?

#3 Updated by kraih almost 3 years ago

  • Status changed from New to In Progress

So, what's happening here doesn't look like a bug at all. When you use --host openqa.opensuse.org the client turns
it into --host http://openqa.opensuse.org. Now http://openqa.opensuse.org redirects to
https://openqa.opensuse.org.

That means our original HTTP request was POST /api/v1/jobs/975114/comments?text=test123, it receives a
301 Moved Permanently to Location: https://openqa.opensuse.org/api/v1/jobs/975114/comments?text=test123.
And because OpenQA::Client follows redirects it requests GET /api/v1/jobs/975114/comments?text=test123,
since redirects change the method to GET.

The same does not happen for --host openqa.suse.de because it does not redirect from HTTP to HTTPS.

Now we have multiple options:

  1. We decide this is ok and close the ticket
  2. We default to using HTTPS instead of HTTP when schema is missing (probably best)
  3. We make OpenQA::Client not follow redirects (does it have to? Only for some methods? Worst option, many side effects...)
  4. We throw an error when a redirect changes the schema
  5. Something else?

#4 Updated by kraih almost 3 years ago

On second thought, i believe this should be considered a minor security flaw. And i've therefore proposed to change
the default from HTTP to HTTPS. https://github.com/os-autoinst/openQA/pull/2194

#5 Updated by okurz almost 3 years ago

merged.

#6 Updated by kraih almost 3 years ago

  • Status changed from In Progress to Resolved

#7 Updated by okurz almost 3 years ago

  • Status changed from Resolved to Feedback

there was feedback on the github PR after merge that the applied change is not really obvious, especially because we fall back to "localhost" which in most cases does not offer https, see https://github.com/os-autoinst/openQA/pull/2194#issuecomment-514510164 . Today a report by "lruzicka" on [#opensuse-factory](irc://chat.freenode.net/opensuse-factory) stated the same problem. Can we fall back to http://localhost by default?

#8 Updated by okurz over 2 years ago

  • Status changed from Feedback to Resolved
  • Assignee changed from kraih to okurz

34ba6ed90

Also available in: Atom PDF