-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.1.10 DXP FP16, 7.1.X, 7.2.10 DXP FP4, 7.2.X, Master
-
Fix Version/s: 7.1.10 DXP FP18, 7.1.10.5 SP5, 7.1.X, 7.2.10 DXP FP5, 7.2.10.2 DXP SP2, 7.2.X, 7.3.10 DXP GA1, Master
-
Component/s: Application Security > Auto Login, Documents & Media
-
Branch Version/s:7.2.x, 7.1.x
-
Backported to Branch:Committed
-
Fix Priority:3
-
Git Pull Request:
Reproduction steps:
1) Start Liferay
2) Upload a file with no Guest permission
3) Go to Control Panel -> System Settings -> Security -> API Authentication -> Auto Login Basic Authentication Header
Check Enabled then Save
4) Get the document's uuid and the site's groupId and replace them in the following curl command:
curl --location --request GET 'http://localhost:8080/c/document_library/get_file?uuid=3f42f6d3-8bb1-2a13-1b18-728c3f5c575c&groupId=20127' \ --header 'Accept: application/pdf ' \ --header 'Authorization: Basic dGVzdEBsaWZlcmF5LmNvbTp0ZXN0'
You emailaddress and password should be: test@liferay.com test
5) Execute the above command
Result: The file cannot be accessed.