[BUG] Authorization headers is changed even if tokenManager is disabled #120
Comments
|
Hi @StenGruener, thank you for informing us about this oversight. We will have a look and will implement this fix. |
|
@aaronzi i guess it is not good enougth for us :) I would like to just passthorugh the header from the browser without touching it (browsers will do if REST endpoints are on the same domain as the aas-gui) . I do not want to store auth information within env configuration. Ideally, you colud add an additional option like "VITE_NO_AUTH_HEADER_INJECTON" where you just return from addAuthorizationHeader function or do not call it directly. So no mangling of authentication field in header required |
|
Hi @StenGruener, I'm not sure if I understand which changes would be necessary in your opinion. The current implementation checks if either RBAC or basic auth is active. If neither is activated, the provided header is just returned? Why do I need a new env variable? Reference to the Code: basyx-aas-web-ui/aas-web-ui/src/composables/RequestHandling.ts Lines 291 to 304 in 83bd4ce |
|
oh, maybe i have overlooked the else in line 301 in a hurry, yesterday. Will try out today on our system and report. |
|
yea, works as expected, big thanks and sorry for false alarm! |
|
Happy to hear that :) |
Describe the bug
In our setup we use basic auth = username/pass protected endpoints. New versions of web-ui break do not support this auth, since Authorization header is always set to Bearer even if tokenManager is disabled
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I expect that the Authorization Headers part is not changed/set by gui if tokens are disabled.
Additional context
I guess that a check for this.authStore.getAuthEnabled() needs to be added somewhere here:
basyx-aas-web-ui/aas-web-ui/src/mixins/RequestHandling.ts
Line 16 in 2cdcc2a
The text was updated successfully, but these errors were encountered: