Details
-
Bug
-
Status: Closed
-
Resolution: Fixed
-
7.1.10 DXP FP16, 7.1.X, 7.2.10 DXP FP4, 7.2.X, Master
-
7.2.x, 7.1.x
-
Committed
-
3
Description
Reproduction steps:
1) Start Liferay
2) Upload a file with no Guest permission
3) Go to Control Panel -> System Settings -> Security -> API Authentication -> Auto Login Basic Authentication Header
Check Enabled then Save
4) Get the document's uuid and the site's groupId and replace them in the following curl command:
curl --location --request GET 'http://localhost:8080/c/document_library/get_file?uuid=3f42f6d3-8bb1-2a13-1b18-728c3f5c575c&groupId=20127' \ --header 'Accept: application/pdf ' \ --header 'Authorization: Basic dGVzdEBsaWZlcmF5LmNvbTp0ZXN0'
You emailaddress and password should be: [email protected] test
5) Execute the above command
Result: The file cannot be accessed.