The user making the request and the specified owner are not the same user about business-api-ecosystem HOT 8 CLOSED

Hi,

What version of the software are you using?

from business-api-ecosystem.

Hi Francisco, the version is 5.4.1 from docker repository https://hub.docker.com/r/fiware/business-api-ecosystem/

from business-api-ecosystem.

i've try, using the Api Specification, to send a POST request to http://*******/DSProductCatalog/api/catalogManagement/v2/catalog for creating a catalog with Authorization Bearer 6bmadN3CyOoHEgNpQ06VRMhp

and the response is:
Status: 403 Forbidden
{
"error": "You are not authorized to create resources"
}

from business-api-ecosystem.

Can you try to update the software and tell me if the problem persist?

from business-api-ecosystem.

Hi Francisco.
In our production system, we make a new installation of the Business Apy Ecosystem (v.6.4) GE. This installation is under a docker container, and uses a private installation of Identity Manager GE. The problem is the same: [response in firebug] {"error":"The user making the request and the specified owner are not the same user"}
The error code is 403 Forbidden,when a user logged in with right credentials try to create his own catalogue.
Is there any other configurations in docker installation of the Business Apy Ecosystem that we haven't considered ?

from business-api-ecosystem.

Hi,

If you are using the provided docker container there is an additional setting to be included in the config.js file:

config.extPort

This setting should include the port where the software is running in the host machine. This is used in order to prevent a mismatch between the computed and the real HREF used to access user information.

If there is a mismatch, the BAE shows that error

If you have made you own deployment of the BAE within a docker container, then you have to ensure that the internal and host ports match.

from business-api-ecosystem.

Hi Francisco, we fixed the issue in file tmfUtils.js, folder /business-ecosystem-logic-proxy/lib/.
The exports.hasPartyRole function had this comment:

** // FIXME: Maybe only the pathname should be compared!!**

This is our fix:

`/**

• Checks if the user of a req has the given role in the given partyList. If
• role is null, the method will check that the user is included in the partyList.
• @param {Object} req Object with the request. It must include an object with the
• user, a secure boolean that specifies whether the request is secure and a string
• with the hostname. secure and hostname are required to check the href field
• of the involved parties.
• @param {Array.} partyList
• @param {String} roleName The role to be checked. If null, the method will check that
• the user is included in the partyList.
• @return {boolean}
• • If role included: true if the user is included in the partyList with the
• specified role. False otherwise.
• • If role not included: true if the user is included in the partyList.
• False otherwise.
  */
  exports.cutURL = function (uri)
  {
  var n = uri.indexOf("/", 8);
  var res = uri.substr(n+1);
  return res;
  }

exports.hasPartyRole = function (req, partyList, roleName) {
var self = this;
var user = (req.user) ? req.user.id : undefined;
return req.user != null && partyList.some(function (party) {
// FIXME: Maybe only the pathname should be compared!!
var expectedHref = self.cutURL(normalize(self.getIndividualURL(req, user)));
var retrievedHref = self.cutURL(normalize(normalize(party.href)));
return party.id === user && retrievedHref === expectedHref &&
(roleName ? party.role.toLowerCase() === roleName.toLowerCase() : true);
});
};
`
we hope it will be useful to someone else with the same problem.

from business-api-ecosystem.

Thank you very much. It was helpful. :) happy new year~

from business-api-ecosystem.