Auth with token has reduced privilidges

[cobookman]

The usage of basic auth with API Key/user-tokens at least in my Service Sonar enterprise instance has reduced privileges even when associated to 'super admin' users. I noticed that by changing auth from Basic Auth to instead by Authorization Bearer Token headers, these auth issues went away.

Any issues if we change how user-tokens are authed from being Basic Auth to be instead bearer-token header.

python-sonarqube-api/sonarqube/rest/__init__.py

Lines 57 to 58 in 248b0d5

	if token:
	_auth = HTTPBasicAuth(token, "")

Involves slight change to the codebase to be instead, something like:

if token:
    _session.headers.update({'Authorization': f'Bearer {token}'})
elif username and password:
    _session.auth = HTTPBasicAuth(username, password)

[ryanm101]

It's not quite that simple (i tried it) the following also fail but a direct requests call works.

# This fails 403 {"errors":[{"msg":"Insufficient privileges"}]}
sonar = SonarQubeClient(sonarqube_url=sonarqube_url)
#sonar.projects.default_headers.update(headers)
#sonar.auth.default_headers.update(headers)
sonar.session.headers.update(headers)
projects = sonar.projects.search_projects()
print(projects)


#this works
res = requests.get(f"{sonarqube_url}/api/components/search_projects?p=2&branch=master&ps=500", headers=headers)
print(res.json())

editing the init.py

        _session = requests.Session()
        _auth = None

        if token:
            _session.headers.update({"Authorization": f"Bearer {token}"})
        elif username and password:
            _auth = HTTPBasicAuth(username, password)

        _session.auth = _auth

sonar = SonarQubeClient(sonarqube_url=sonarqube_url, token=tk)
projects = sonar.projects.search_projects()
print(projects)

Looks like different endpoints for my server /api/projects vs /api/components

https://next.sonarqube.com/sonarqube/web_api/api/projects/search indicates this endpoint requires Admin