Community Edition Auth Tokens

jcc273 · July 6, 2020, 8:52pm

Hello,

We are using Rhodecode Community edition and have been using VCS tokens for a long while with now issues. We are now attempting to use web auth tokens to do the following:

RepoFilesView:repo_file_download /{repo_name}/download/{commit_id}/{f_path}

We have added RepoFilesView:repo_file_download to the api_access_controllers_whitelist in the ini but when we make a request with our auth token:

http://server/{repo_name}/download/{commit_id}/{f_path}?auth_token=XXXXXXXXX

it just redirects to the login page. We noticed on the Authentication settings page for Rhodecode Token the scope is set to “VCS Only” does this mean we cannot use API, web, or feed tokens in community edition? Or am i just missing a setting somewhere? I was unable to find any documentation referring to this.

Thanks,
Jarrod

rhodecode-support · July 7, 2020, 6:50am

Hi Jarrod,

Users or super-admins can create new tokens with set scope. If you want an auth-token that can be used to access certain url without log-in you have to create a token with WEB scope in your account > auth tokens page. This is a Community edition feature.

jcc273 · July 7, 2020, 9:48am

Hmmm, i must be missing something else then because i have done as you said, I am a super user and i have web token created for my account:
Token: 6889fe5c13c64a626e79ca566bb6fcdb756d4f08
Role: http/web interface
Repository Scope: Global
Expiration: never

And to the ini i have added: api_access_controllers_whitelist="RepoFilesView:*"

But when i try an http request using the auth_code:
curl http://myserver/rhodecode/TestRepo/download/234c3fb9c85b5f5ed65e4e858313bdd932129921/500-1789.HEX?auth_token=6889fe5c13c64a626e79ca566bb6fcdb756d4f08

I get a 302 redirect to the login page:
<html> <head> <title>302 Found</title> </head> <body> <h1>302 Found</h1> The resource was found at /rhodecode/_admin/login?came_from=%2Frhodecode%2FTestRepo%2Fdownload%2F234c3fb9c85b5f5ed65e4e858313bdd932129921%2F500-1789.HEX; you should be redirected automatically. </body> </html>

So i don’t know what i missed, the only thing else i noticed was on the Admin->Authentication->Rhodecode Token i see this:

VCS Only is the only option for scope, it seems like maybe this could be restricting web token access??? I am not sure though.

Any thoughts as to what i am missing?
Thanks,
Jarrod

rhodecode-support · July 7, 2020, 11:17am

The RhodeCode Token auth plugin is only for VCS protocol, we shouldn’t bother with this in this problem.

Have you verified that the proper view is listed as active here: _admin/permissions/auth_token_access

We’d suggest enabling https://docs.rhodecode.com/RhodeCode-Enterprise/admin/system_admin/enable-debug.html to see in logs why the token is rejected for this view.

jcc273 · July 7, 2020, 12:54pm

Marcin,

Thank you for the reply i was able to get it to work now! I never noticed the “Active” column on the _admin/permissions/auth_token_access page before, i looked and they were all off which was weird since i had some added to the ini, turns out the problem was i had quotes (") around the value in the ini and that causes it to not work:

Works: api_access_controllers_whitelist = RepoFilesView:repo_file_download
Doesn’t Work: api_access_controllers_whitelist = "RepoFilesView:repo_file_download"

Anyways all is well now, i can now use auth_tokens to retrieve files via curl : )

Thank you so much for the help!
Jarrod