Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid credentials popup not shown for HTTP 403 errors #2326

Closed
deltatager opened this issue Jun 5, 2023 · 5 comments
Closed

Invalid credentials popup not shown for HTTP 403 errors #2326

deltatager opened this issue Jun 5, 2023 · 5 comments
Labels
bug Something isn't working

Comments

@deltatager
Copy link
Contributor

Describe the bug

On our z/OS installation, z/OSMF returns an HTTP 403 wen there is an authentication error, instead of a 401. This way, the "Invalid Credentials" popup isn't shown, leading to pretty much systematic lockouts after a password change .

To Reproduce

  1. Setup a profile with invalid credentials
  2. try to do anything requiring an API call

Expected behavior

I would expect the popup to show up on both HTTP 401s and 403s to prevent user lockout

Screenshots
image001

Desktop (please complete the following information):

  • OS: Windows 10
  • Zowe Explorer Version: 2.8.1

Additional context

Could it be as simple as changing line 60 of ProfileUtils.ts from

} else if (httpErrorCode === imperative.RestConstants.HTTP_STATUS_401) {

to

} else if (httpErrorCode === imperative.RestConstants.HTTP_STATUS_401 || httpErrorCode === 403 ) {
?
@deltatager deltatager added the bug Something isn't working label Jun 5, 2023
@github-actions
Copy link

github-actions bot commented Jun 5, 2023

Thank you for creating a bug report.
We will investigate the bug and evaluate its impact on the product.
If you haven't already, please ensure you have provided steps to reproduce the bug and as much context as possible.

@deltatager deltatager changed the title Invalid crendetials popup not shown for HTTP 403 errors Invalid credentials popup not shown for HTTP 403 errors Jun 6, 2023
@JillieBeanSim
Copy link
Contributor

Hey @deltatager thanks for raising the request but the HTTP status code 403 forbidden, meaning the client request was complete but you don't have permission to access this resource, is a bit different than HTTP(S) 401 that indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource.

Closing this issue as Not Planned.

@JillieBeanSim JillieBeanSim closed this as not planned Won't fix, can't repro, duplicate, stale Jun 6, 2023
@deltatager
Copy link
Contributor Author

Thanks for the response @JillieBeanSim, but we have observed 403 being returned when passwords are expired or invalid. The screenshot I posted was done using an account that has access to the dataset I was trying to access, but I used the wrong password.

This has caused user accounts to become locked on many occasions.

How are we supposed to handle this situation if this won't be fixed?

@deltatager
Copy link
Contributor Author

Is it possible that it's a difference between how RACF and ACF2 handle auth for z/OSMF? When I test using an invalid password on our ACF2 system, I get a 403. When I do the same invalidpassword test on ZXplore(which I assume uses RACF), I get a 401

@deltatager
Copy link
Contributor Author

For future reference,turns out it was a permissions issue in ACF2 on the unauthenticated user IZUGUEST used by z/OSMF.

In some cases we would get a 403 instead of a 401, in some other instances we even got 500.

After setting the permissions properly, the problem was resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@deltatager @JillieBeanSim