Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-17921

REST API upload that fails due to lack of permissions returns 404 (not found)

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Done
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 3.13.0
    • Fix Version/s: 3.14.0
    • Component/s: REST, Upload UI
    • Labels:
    • Story Points:
      1

      Description

      Background

      1. Start up Nexus 3.13.0 with default configuration
      2. Create a user "test" that does not have read or browse permissions to the nuget-hosted repository
      3. Attempt to upload a nuget component to nuget-hosted using the REST API
      4. Observe that this fails with 404 (not found)

      Bizarrely, if I grant the test user read access to the nuget-hosted repository the request fails with a 403, but if they have both read and browse privileges it fails with a 400!

      Acceptance

      If the REST API upload fails due to permissions Nexus should always return 403 (forbidden).
       

      $ curl -v -F "nuget.asset=@NuGet.CommandLine.4.6.2.nupkg" "http://localhost:8081/service/rest/v1/components?repository=nuget-hosted" -u test:test
      *   Trying ::1...
      * TCP_NODELAY set
      * Connection failed
      * connect to ::1 port 8081 failed: Connection refused
      *   Trying 127.0.0.1...
      * TCP_NODELAY set
      * Connected to localhost (127.0.0.1) port 8081 (#0)
      * Server auth using Basic with user 'test'
      > POST /service/rest/v1/components?repository=nuget-hosted HTTP/1.1
      > Host: localhost:8081
      > Authorization: Basic dGVzdDp0ZXN0
      > User-Agent: curl/7.54.0
      > Accept: */*
      > Content-Length: 1686723
      > Expect: 100-continue
      > Content-Type: multipart/form-data; boundary=------------------------c3fab955e8f61014
      > 
      < HTTP/1.1 100 Continue
      < HTTP/1.1 404 Not Found
      < Date: Mon, 10 Sep 2018 14:28:36 GMT
      < Server: Nexus/3.13.0-01 (PRO)
      < X-Content-Type-Options: nosniff
      < X-Siesta-FaultId: 2df77cde-4406-4288-9658-ba7b7ab09f4b
      < Content-Length: 0
      * HTTP error before end of send, stop sending
      < 
      * Closing connection 0
      

        Attachments

          Activity

            People

            Assignee:
            mbucher Michael Bucher
            Reporter:
            rseddon Rich Seddon
            Last Updated By:
            Joe Tom
            Team:
            NXRM - Morpheus
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title