Bug #24285
closedHammer/API - wrong error message
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1602367
Description of problem:
When we do brute force password attack via hammer (min. 30 trying), it returns the message "Invalid username or password."
After that we put a correct credential, but hammer/API still return the same message "Invalid username or password.". It is little confusing.
Version-Release number of selected component (if applicable):
Sat6.4#11
How reproducible:
100%
Steps to Reproduce:
1. We have got Sat6.4 and client machine.
2. We register the client machine to Satellite 6.4 repo and install hammer (standalone)
> yum install -y tfm-rubygem-hammer_cli_katello
> hammer --fetch-ca-cert https://satellite.example.com/
> install /root/.hammer/certs/satellite.example.com_443.pem /etc/pki/ca-trust/source/anchors/
> update-ca-trust
3. Check hammer
hammer -u admin -p correct_password user list
...
4. Brute force password attack
for i in {1..30}; do hammer -u admin -p bad_password user list; done
Invalid username or password.
Invalid username or password.
...
Invalid username or password.
Invalid username or password.
5. Check hammer with the correct password
hammer -u admin -p correct_password user list
Actual results:
we get the message "Invalid username or password."
Expected results:
We should get the message "Too many tries, please try again in a few minutes.". The same as via WebUI.
Additional info:
hammer -d -u admin -p correct_password user list
...
[DEBUG 2018-07-18T04:58:00 API] Using authenticator: HammerCLIForeman::Api::InteractiveBasicAuth
[ERROR 2018-07-18T04:58:00 API] 401 Unauthorized
[DEBUG 2018-07-18T04:58:00 API] {
"error" => {
"message" => "Unable to authenticate user "
}
}
[DEBUG 2018-07-18T04:58:00 Exception] Using exception handler HammerCLIForeman::ExceptionHandler#handle_foreman_unauthorized
[ERROR 2018-07-18T04:58:00 Exception] Invalid username or password.
Invalid username or password.
[ERROR 2018-07-18T04:58:00 Exception]
HammerCLIForeman::Api::UnauthorizedError (Invalid username or password.):
...
Updated by Marek Hulán about 6 years ago
- Copied from Bug #24284: Hammer/API - wrong error message added
Updated by The Foreman Bot about 6 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/hammer-cli-foreman/pull/377 added
Updated by Anonymous about 6 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset hammer-cli-foreman|1ce71d49c7116be6bd456f174b5b7679f5c37ea4.
Updated by Tomer Brisker about 6 years ago
- Fixed in Releases hammer-cli-foreman-0.14.0 added