DELETE request for organizations does not require auth token
I've noticed when you are about to delete an organization the suggested request in docu is this one (subsection DELETE AN ORGANIZATION inside ORGANIZATION CRUD ACTIONS):
curl -iX DELETE \
'http://localhost:3005/v1/organizations/{{organization-id}}' \
-H 'Content-Type: application/json' \
Which does not include the X-Auth-token as part of the header.
Could this result in a security issue (allowing anyone to delete any organization)?
The command for delete of organization in the referenced document is incomplete.
curl -iX DELETE \
'http://localhost:3005/v1/organizations/{{organization-id}}' \
-H 'Content-Type: application/json' \
the X-Auth-Token in the above mentioned command is missing, without X-Auth-Token one will not be able to delete the oraganization or perform any other operations.
The command without X-Auth-Token will have the following response:
{
"error": {
"message": "Expecting to find X-Auth-token in requests",
"code": 400,
"title": "Bad Request"
}
}
The correct command will have X-Auth-Token in its header:
curl -iX DELETE \
'http://localhost:3005/v1/organizations/{{organization-id}}' \
-H 'Content-Type: application/json' \
-H 'X-Auth-Token: {{X-Auth-Token}}
the above command(with X-Auth-Token) will have response with Http Status HTTP/1.1 204 No Content
Screenshot:
- Displaying Irrelevant Sensor Data in FIWARE Orion When Using IoT Agent-JSON and Mosquitto
- Get all Fiware-ServicePath for a specific Fiware-Service
- FIWARE PEP Proxy Wilma server fails to start
- FIWARE Orion-LD upsert replace endpoint: only attributes or completely (including type)?
- FIWARE FIROS Publish cmd_vel from Non-ROS-World
- Orion context broker doesn't create tenant databases "on the fly"
- IoTAgent (JSON) over MQTT doesn't receive measurements from mosquitto
- Orion sending error message "connection failed, after 100 retries"
- Orion-ld fails to establish a connection with the MongoDB Community Operator due to a connection string issue
- How to get the missing table Schema while using quantumleap in cratedb using orion LD context broker though the subscriptions are working?
- yum error "Cannot retrieve metalink for repository: epel. Please verify its path and try again" updating ContextBroker
- Specifying attributes to be aggregated by STHSink
- Why Orion-ld after 0.8.0 is not supporting the formation of service/subservice in quantumleap logs?
- issues configuring a device via bidirectional attributes using IOT agent JSON and Orion LD
- Error downloading and installing Java JDK in CentOS (FIWARE)
- Context provider application: MongoDB connection unsuccessful
- How to maintain a FIWARE apikey?
- ERROR: Pool overlaps with other one on this address space
- How to get the servicePath from /v2/entities GET call
- Orion APIs authentication through Keycloak
- My dockerized service doesn't receive the notification sent by Orion Context Broker
- How to send massive data of sensors in Orion
- Notify python orion/quantumleap subscription changes
- Can I send a notification in the creation and deletion of an entity?
- HTTP POST request gets transformed to GET request
- Orion APIs authorization through Keycloak
- Fiware orion /op/query endpoint working explaination
- Subscription between Orion context broker and Quantumleap works, but table is not created in CrateDB
- Calling external APIs through fiware orion context broker to validate using keyrock
- How to deal with NGSI-LD tenants ? Create ? List ? Delete?