Hey all,
There's a Gerrit app for Android that I'm trying, and it doesn't
support OAuth authentication [1]. To add RDO's Gerrit to it, I need to
generate an HTTP password (Profile picture in near the top right ->
Settings -> HTTP Password -> Generate). This worked fine on
OpenStack's Gerrit, but in RDO Gerrit it does nothing. Using Firefox's
dev tools, I was able to observe that the request [2] gets a 403 back.
I've added the full request/response exchange at the end of this
email, but I just want to know if this is intentionally disabled, or
did I just stumble upon a previously-unknown problem?
Cheers!
[1]
https://github.com/jruesga/rview/issues/62
[2]
https://review.rdoproject.org/r/Documentation/rest-api-accounts.html#set-...
My browser's request:
PUT
https://review.rdoproject.org/r/accounts/self/password.http HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
Connection: keep-alive
Content-Length: 17
Content-Type: application/json; charset=utf-8
Cookie: GerritAccount=<snip>
Host:
review.rdoproject.org
Referer:
https://review.rdoproject.org/r/
User-Agent: Mozilla/5.0 (X11; Fedora; Linu…) Gecko/20100101 Firefox/64.0
X-Gerrit-Auth: <snip>
The response it got:
Connection: Keep-Alive
Content-Length: 231
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 09 Feb 2019 17:16:51 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.6 (CentOS) OpenSSL/….10 mod_wsgi/3.4 Python/2.7.5
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /r/accounts/self/password.http
on this server.</p>
</body></html>