Authentication Broken on 1.5.2?

2011-01-14 Thread dlowe 
I just upgraded to 1.5.2, and since doing so new code review creation
via the Web API appears to be broken. Specifically indicating that I
am not logged in, even though I sent a valid Authorization header.

What's interesting is the some of the APIs, specifically to get users
appears to be fine (note anonymous access is turned off).

The following is the HTTP log for creating new requests which is
failing:

2011-01-14 13:22:56,687 [DEBUG] httpclient.wire.header -  POST /
reviewboard/api/json/reviewrequests/new/ HTTP/1.1[\r][\n]
2011-01-14 13:22:56,687 [DEBUG] httpclient.wire.header - 
Authorization: Basic Y29kZV9tYW5hZ2VtZW50X3Byb3h5OnBhc3N3b3Jk[\r]
[\n]
2011-01-14 13:22:56,687 [DEBUG] httpclient.wire.header -  User-
Agent: Jakarta Commons-HttpClient/3.1[\r][\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.header -  Host:
prepdev.engba.host.com[\r][\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.header -  Content-
Length: 430[\r][\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.header -  Content-
Type: multipart/form-data;
boundary=MyZfHhgiDAxrW9W117Cx9QdPcuJYABcfNt[\r][\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.header -  [\r][\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  --
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content - 
MyZfHhgiDAxrW9W117Cx9QdPcuJYABcfNt
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  Content-
Disposition: form-data; name=
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content - 
repository_path
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  Content-
Type: 
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  text/
plain
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  ;
charset=
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  US-
ASCII
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  Content-
Transfer-Encoding: 
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  8bit
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  http://
prepdev.engba.host.com/svn/VOS
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  --
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content - 
MyZfHhgiDAxrW9W117Cx9QdPcuJYABcfNt
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  Content-
Disposition: form-data; name=
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content - 
submit_as
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  Content-
Type: 
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  text/
plain
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  ;
charset=
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  US-
ASCII
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  Content-
Transfer-Encoding: 
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  8bit
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  dlowe
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  --
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content - 
MyZfHhgiDAxrW9W117Cx9QdPcuJYABcfNt
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  --
2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
[\n]
2011-01-14 13:22:56,828 [DEBUG] httpclient.wire.header -  HTTP/1.1
200 OK[\r][\n]
2011-01-14 13:22:56,828 [DEBUG] httpclient.wire.header -  HTTP/1.1
200 OK[\r][\n]
2011-01-14 13:22:56,828 [DEBUG] httpclient.wire.header -  Date:
Fri, 14 Jan 2011 18:22:23 GMT[\r][\n]
2011-01-14 13:22:56,828 [DEBUG] httpclient.wire.header -  Server:
Apache[\r][\n]
2011-01-14 13:22:56,828 [DEBUG] httpclient.wire.header -  Content-
Length: 107[\r][\n]
2011-01-14 13:22:56,843 [DEBUG] httpclient.wire.header -  Content-
Language: en-us[\r][\n]
2011-01-14 13:22:56,843 [DEBUG] httpclient.wire.header -  Expires:
Fri, 14 Jan 2011 18:22:23 GMT[\r][\n]
2011-01-14 13:22:56,843 [DEBUG] httpclient.wire.header -  Vary:
Cookie,Accept-Language,User-Agent,Accept-Encoding[\r][\n]
2011-01-14 13:22:56,843 [DEBUG]

Re: Authentication Broken on 1.5.2?

2011-01-14 Thread Christian Hammond 
Hi David,

It looks like you're trying to use both the old API and the new API.
The old API lives in /api/json/ and the new one has the root in /api/.

The old API never officially supported Basic HTTP Auth. It was a bug
that it ever did, and we won't be re-adding it. For the old API, you
must explicitly log in using /api/json/account/login/ (I think that's
the URI, anyway).

However, you should be using only the new API. The old API is going
away in the 1.6 release. Posting a review request in the new one is
easy. HTTP POST to /api/review-requests/ with the information you
need. It's mostly the same as the old call. The API docs should cover
what's needed.

Christian

--
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com



On Fri, Jan 14, 2011 at 11:05 AM, dlowe dll...@gmail.com wrote:
 I just upgraded to 1.5.2, and since doing so new code review creation
 via the Web API appears to be broken. Specifically indicating that I
 am not logged in, even though I sent a valid Authorization header.

 What's interesting is the some of the APIs, specifically to get users
 appears to be fine (note anonymous access is turned off).

 The following is the HTTP log for creating new requests which is
 failing:

 2011-01-14 13:22:56,687 [DEBUG] httpclient.wire.header -  POST /
 reviewboard/api/json/reviewrequests/new/ HTTP/1.1[\r][\n]
 2011-01-14 13:22:56,687 [DEBUG] httpclient.wire.header - 
 Authorization: Basic Y29kZV9tYW5hZ2VtZW50X3Byb3h5OnBhc3N3b3Jk[\r]
 [\n]
 2011-01-14 13:22:56,687 [DEBUG] httpclient.wire.header -  User-
 Agent: Jakarta Commons-HttpClient/3.1[\r][\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.header -  Host:
 prepdev.engba.host.com[\r][\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.header -  Content-
 Length: 430[\r][\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.header -  Content-
 Type: multipart/form-data;
 boundary=MyZfHhgiDAxrW9W117Cx9QdPcuJYABcfNt[\r][\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.header -  [\r][\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  --
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content - 
 MyZfHhgiDAxrW9W117Cx9QdPcuJYABcfNt
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
 [\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  Content-
 Disposition: form-data; name=
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content - 
 repository_path
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
 [\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  Content-
 Type: 
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  text/
 plain
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  ;
 charset=
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  US-
 ASCII
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
 [\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  Content-
 Transfer-Encoding: 
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  8bit
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
 [\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
 [\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  http://
 prepdev.engba.host.com/svn/VOS
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
 [\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  --
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content - 
 MyZfHhgiDAxrW9W117Cx9QdPcuJYABcfNt
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
 [\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  Content-
 Disposition: form-data; name=
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content - 
 submit_as
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
 [\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  Content-
 Type: 
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  text/
 plain
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  ;
 charset=
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  US-
 ASCII
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
 [\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  Content-
 Transfer-Encoding: 
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  8bit
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
 [\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
 [\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  dlowe
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  [\r]
 [\n]
 2011-01-14 13:22:56,703 [DEBUG] httpclient.wire.content -  --
 2011-01-14 13:22:56,703 [DEBUG]