We want to give our supporters access to inspect event-streams via the UI.
We created a user for this (“ajoursupport”), and added the following ‘update-default-acl’ event to the $settings-stream:
{
"$userStreamAcl": {
"$r": [
"$admin",
"$ops",
"ajoursupport"
],
"$w": [
"$admin",
"$ops"
],
"$d": [
"$admin",
"$ops"
],
"$mr": [
"$admin",
"$ops",
"ajoursupport"
],
"$mw": [
"$admin",
"$ops"
]
},
"$systemStreamAcl": {
"$r": [
"$admins",
"ajoursupport"
],
"$w": "$admins",
"$d": "$admins",
"$mr": [
"$admins",
"ajoursupport"
],
"$mw": "$admins"
}
}
Using the http-api directly without a browser, we observe that this “works”, with ajoursupport’s credentials we can GET streams but not POST new events to them. So far so good.
The problem is that ajoursupport cannot login via the UI. it’s GET /users/ajoursupport
returns 401, without any visual feedback that anything has happened. Something works though, as we CAN access streams in the UI after this request by typing {baseUrl}/web/index.html#/streams/{streamId}
into the address-bar of the browser.
This is not a feasible workaround alas, as our supporters needs to navigate via the UI.
It works like charm in v. 4.1.0.0
Issue observed in v. 5.0.9.0, 5.0.10.0 and 5.0.11.0
The UI request/response when clicking “Sign in” looks like this (no content):
Request URL: http://localhost:2113/users/ajoursupport
Request Method: GET
Status Code: 401 Unauthorized
Remote Address: [::1]:2113
Referrer Policy: strict-origin-when-cross-origin
Request headers:
Access-Control-Allow-Headers: Content-Type, X-Requested-With, X-Forwarded-Host, X-Forwarded-Prefix, X-PINGOTHER, Authorization, ES-LongPoll, ES-ExpectedVersion, ES-EventId, ES-EventType, ES-RequiresMaster, ES-HardDelete, ES-ResolveLinkTos
Access-Control-Allow-Methods: GET, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ES-Position, ES-CurrentVersion
Content-Encoding: gzip
Content-Length: 0
Date: Thu, 02 Sep 2021 08:16:16 GMT
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: BasicCustom realm="ES",Basic realm="ES"
Response headers:
Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: da-DK,da;q=0.9,en-US;q=0.8,en;q=0.7
Authorization: Basic YWpvdXJzdXBwb3J0OlExMjN3MjM0
Cache-Control: no-cache
Connection: keep-alive
DNT: 1
ES-LongPoll: 5
Host: localhost:2113
Pragma: no-cache
Referer: http://localhost:2113/web/index.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
sec-gpc: 1
Same behavior in different browsers (tested with Chrome and Edge)
It’s a single node cluster running locally, with just the --run-projections=all
parameter
There’s nothing interesting in the log as far as I can see.
Hope anyone can help, thanks in advance