Details
-
Type:
Story
-
Status: Done
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: 3.13.0
-
Fix Version/s: 3.14.0
-
Labels:
-
Story Points:1
Description
Background
1. Start up Nexus 3.13.0 with default configuration
2. Create a user "test" that does not have read or browse permissions to the nuget-hosted repository
3. Attempt to upload a nuget component to nuget-hosted using the REST API
4. Observe that this fails with 404 (not found)
Bizarrely, if I grant the test user read access to the nuget-hosted repository the request fails with a 403, but if they have both read and browse privileges it fails with a 400!
Acceptance
If the REST API upload fails due to permissions Nexus should always return 403 (forbidden).
$ curl -v -F "nuget.asset=@NuGet.CommandLine.4.6.2.nupkg" "http://localhost:8081/service/rest/v1/components?repository=nuget-hosted" -u test:test * Trying ::1... * TCP_NODELAY set * Connection failed * connect to ::1 port 8081 failed: Connection refused * Trying 127.0.0.1... * TCP_NODELAY set * Connected to localhost (127.0.0.1) port 8081 (#0) * Server auth using Basic with user 'test' > POST /service/rest/v1/components?repository=nuget-hosted HTTP/1.1 > Host: localhost:8081 > Authorization: Basic dGVzdDp0ZXN0 > User-Agent: curl/7.54.0 > Accept: */* > Content-Length: 1686723 > Expect: 100-continue > Content-Type: multipart/form-data; boundary=------------------------c3fab955e8f61014 > < HTTP/1.1 100 Continue < HTTP/1.1 404 Not Found < Date: Mon, 10 Sep 2018 14:28:36 GMT < Server: Nexus/3.13.0-01 (PRO) < X-Content-Type-Options: nosniff < X-Siesta-FaultId: 2df77cde-4406-4288-9658-ba7b7ab09f4b < Content-Length: 0 * HTTP error before end of send, stop sending < * Closing connection 0