Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005866TestLinkAPI - RESTpublic2013-08-16 20:152013-09-08 17:53
Reporterlczub 
Assigned Tofman 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.9.7 (2013 Q2 - bug fixing) 
Fixed in Version1.9.8 (2013 Q3 - bug fixing) 
Summary0005866: REST 'GET /testprojects/:id' raise 500 Internal Server Error - due to authentication
DescriptionThe 1.9.7 TestLink REST method 'GET /testprojects/:id' returns a "500 Internal Server Error", cause tlRestApi.class.php does not set the authenticate attributes (check users rights) like it does for 'GET /testprojects'.

It seams that also all other REST calls like 'POST /testplans' or 'POST /executions' currently not checks the users right.

Steps To Reproducecurl -i -X GET -u DevApiKey:NoPWNeeded http://localhost/testlink/lib/api/rest/v1/testprojects/1 [^]

HTTP/1.0 500 Internal Server Error
Date: Fri, 16 Aug 2013 19:54:10 GMT
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.4-14+deb7u3
Set-Cookie: PHPSESSID=gr6mchvv9kithmh5muvn5jfhr6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html

tail /var/log/apache2/error.log

[Fri Aug 16 21:54:11 2013] [error] [client ::1] PHP Fatal error: Call to a member function hasRight() on a non-object in .../www/testlink-1.9.7/lib/functions/testproject.class.php on line 585

Additional InformationWorkAround:

change in /testlink-1.9.7/lib/api/rest/v1/tlRestApi.class.php
old:
   $this->app->get('/testprojects/:id', array($this,'getProjects'));
new:
   $this->app->get('/testprojects/:id', array($this,'authenticate'), array($this,'getProjects'));
TagsNo tags attached.
Database (MySQL,Postgres,etc)Postgres
Browser
PHP Version
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Files

- Relationships
child of 0005731closedfman Availables hot-fixes for 1.9.7 & How To get full fixed package from gitorious 

-  Notes
(0019442)
fman (administrator)
2013-08-17 08:04

thanks, fix was ready but no commited.
(0019521)
fman (administrator)
2013-09-08 17:53

1.9.8 released

- Issue History
Date Modified Username Field Change
2013-08-16 20:15 lczub New Issue
2013-08-17 08:04 fman Note Added: 0019442
2013-08-17 08:06 fman Summary REST 'GET /testprojects/:id' raise 500 Internal Server Error => REST 'GET /testprojects/:id' raise 500 Internal Server Error - due to authentication
2013-08-17 08:07 fman QA Team - Task Workflow Status TBD => READY FOR TESTING
2013-08-17 08:07 fman Fixed in Version => 1.9.8 (2013 Q3 - bug fixing)
2013-08-17 08:07 fman Relationship added child of 0005731
2013-08-18 08:09 fman Status new => resolved
2013-08-18 08:09 fman Resolution open => fixed
2013-08-18 08:09 fman Assigned To => fman
2013-09-08 17:53 fman Note Added: 0019521
2013-09-08 17:53 fman Status resolved => closed



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker