Project

General

Profile

Actions
Copy link

Bug #24285

closed

Hammer/API - wrong error message

Added by Marek Hulán over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Marek Hulán
Category:
Hammer core
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
1602367
Pull request:
https://github.com/theforeman/hammer-cli-foreman/pull/377
Team Backlog:
Fixed in Releases:
hammer-cli-foreman-0.14.0
Found in Releases:
In Kanboard:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1602367

Description of problem:
When we do brute force password attack via hammer (min. 30 trying), it returns the message "Invalid username or password."
After that we put a correct credential, but hammer/API still return the same message "Invalid username or password.". It is little confusing.

Version-Release number of selected component (if applicable):
Sat6.4#11

How reproducible:
100%

Steps to Reproduce:
1. We have got Sat6.4 and client machine.
2. We register the client machine to Satellite 6.4 repo and install hammer (standalone)
> yum install -y tfm-rubygem-hammer_cli_katello
> hammer --fetch-ca-cert https://satellite.example.com/
> install /root/.hammer/certs/satellite.example.com_443.pem /etc/pki/ca-trust/source/anchors/
> update-ca-trust

3. Check hammer

hammer -u admin -p correct_password user list

...

4. Brute force password attack

for i in {1..30}; do hammer -u admin -p bad_password user list; done

Invalid username or password.
Invalid username or password.
...
Invalid username or password.
Invalid username or password.

5. Check hammer with the correct password

hammer -u admin -p correct_password user list

Actual results:
we get the message "Invalid username or password."

Expected results:
We should get the message "Too many tries, please try again in a few minutes.". The same as via WebUI.

Additional info:

hammer -d -u admin -p correct_password user list

...
[DEBUG 2018-07-18T04:58:00 API] Using authenticator: HammerCLIForeman::Api::InteractiveBasicAuth
[ERROR 2018-07-18T04:58:00 API] 401 Unauthorized
[DEBUG 2018-07-18T04:58:00 API] {
"error" => {
"message" => "Unable to authenticate user "
}
}
[DEBUG 2018-07-18T04:58:00 Exception] Using exception handler HammerCLIForeman::ExceptionHandler#handle_foreman_unauthorized
[ERROR 2018-07-18T04:58:00 Exception] Invalid username or password.
Invalid username or password.
[ERROR 2018-07-18T04:58:00 Exception]

HammerCLIForeman::Api::UnauthorizedError (Invalid username or password.):
...

Related issues 1 (0 open1 closed)

Copied from Foreman - Bug #24284: Hammer/API - wrong error messageClosedMarek Hulán07/18/2018Actions
Actions
Copy link

Also available in: Atom PDF