-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v8.8.0 breaks authentication #23
Comments
@robtesch I'm trying to reproduce the issue using Elastic Cloud. I just used a test cluster with Elasticsearch use Elastic\Elasticsearch\ClientBuilder;
use Psr\Http\Message\RequestInterface;
require 'vendor/autoload.php';
$config = [
'hosts' => [
'https://xxx.es.us-central1.gcp.cloud.es.io',
],
'basicAuthentication' => [
'elastic',
'password',
]
];
$client = ClientBuilder::fromConfig($config);
$result = $client->info();
printf("%s\n", $result->asString());
$request = $client->getTransport()->getLastRequest();
printRequest($request);
function printRequest(RequestInterface $request): void
{
printf(
"%s %s %s/%s\n",
$request->getMethod(),
$request->getUri()->getPath(),
strtoupper($request->getUri()->getScheme()),
$request->getProtocolVersion()
);
foreach ($request->getHeaders() as $name => $value) {
printf("%s: %s\n", $name, implode(',', $value));
}
if ($request->getUri()->getUserInfo()) {
printf("Authorization: Basic %s\n", base64_encode($request->getUri()->getUserInfo()));
}
printf("\n");
printf("%s\n", $request->getBody()->getContents());
} This works fine and the output is as follows:
Even if I insert the username and password directly in the URL it works, like this: $config = [
'hosts' => [
'https://elastic:password@xxx.es.us-central1.gcp.cloud.es.io',
]
]; Can you try to execute the previous code with the two cases (with an without the credentials in the URL)? Thanks! |
OK I think this was user error, which this change just brought to the fore. I actually had an old password in the host string, and was supplying the correct password in the basicAuth part like this: $config = [
'hosts' => [
'https://elastic:myOldPassword@my-production-cluster.es.eu-west-2.aws.cloud.es.io:1234',
],
'basicAuthentication' => [
'elastic',
'myActualPassword',
],
]; |
I've also been experiencing issues in the 8.8.0 release.
Seems like a wrong uri is being generated. |
@robtesch you cannot have user and password in the host URL and in the |
Yeah, that's why I say I think it was user error. However, this apparently did work before with v8.7. In my case with 8.7 it was ignoring the username/password in the URL and only using the one from basicAuthentication. My suspicion is that v8.8 changed that behaviour in some way (i.e. it preferred the URL username/password instead). I have now removed the username/password from URL and it seems to be working. |
@ezimuel I also
As I previously mentioned, this works using elastic-transport-php 8.7.0 but fails on 8.8.0. |
@Offek, in |
@robtesch This is exactly what's going on. The |
@ezimuel I don’t have the
|
@Offek I think the issue is not related to the authentication but to the #21 PR. Now, we support the path in the URL host (e.g. // here the $results = $client->search($postData);
$request = $client->getTransport()->getLastRequest();
printRequest($request);
function printRequest(RequestInterface $request): void
{
printf(
"%s %s %s/%s\n",
$request->getMethod(),
$request->getUri()->getPath(),
strtoupper($request->getUri()->getScheme()),
$request->getProtocolVersion()
);
foreach ($request->getHeaders() as $name => $value) {
printf("%s: %s\n", $name, implode(',', $value));
}
if ($request->getUri()->getUserInfo()) {
printf("Authorization: Basic ...\n");
}
printf("\n");
printf("Here the body...\n");
} |
Hi @ezimuel , I tried running your supplied code, however I was not able to do that since the script crashes on this line:
However, I removed
Prior to 8.8.0 it worked fine, starting 8.8.0, I have to use the new format. |
@Offek I see, I didn't understand before. The URL to use in the Before elastic-transport-php |
I am elastic cloud customer with an active production cluster. Connecting to the cluster from my application works well when using v8.7.0. When upgrading to v8.8.0, everything still worked on my local machine, but authentication broke completely in production.
Example code of how I am creating a client:
The error thrown looks like this:
Reverting back to v8.7.0 everything works as normal again.
EDIT:
It may be worth noting that the actual "host" string is passed in a bit like this:
https://elastic:myPassword@my-production-cluster.es.eu-west-2.aws.cloud.es.io:1234
It could be that the new path or userInfo support doesn't play well with this approach.
The text was updated successfully, but these errors were encountered: