[NEXUS-17156] Staging REST endpoint returns 401 when a user is authenticated but lacks needed privileges - Sonatype JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.11.0
Fix Version/s: 3.13.0
Component/s: Staging
Labels:
- supportant

Story Points:
1

Description

The new staging REST API returns a 401 response when a user has been successfully authenticated, but does not have the needed privileges to perform the operation. This is incorrect, and very confusing. It should return a 403 error when a user has been authenticated, but is not permitted.

$ curl -i -u test:test -X POST http://localhost:8081/service/rest/beta/staging/move/uat?tag=stagingTestTag
HTTP/1.1 401 Unauthorized
Date: Mon, 21 May 2018 19:32:10 GMT
Server: Nexus/3.11.0-01 (PRO)
X-Content-Type-Options: nosniff
Content-Type: application/json
Content-Length: 115

{
  "status" : 401,
  "message" : "Move from repository not permitted",
  "data" : {
    "repository" : "dev"
  }
}

Attachments

Activity

People

Assignee:: Jeremy Bryan

Reporter:: Rich Seddon

Last Updated By:: Peter Lynch

Team:: Nexus - Core

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/21/18 07:37 PM

Updated:: 05/23/18 01:43 AM

Resolved:: 05/23/18 01:14 AM

Date of First Response:: 23/May/18 1:14 AM