Check and fix HAL-preprod `forbidden` error

When testing with hal-preprod, I get the following error on the interface page:

SWORD SWH response: Forbidden 

---

Migrated from T2057 (view on Phabricator)

mentioned in issue #2051 (closed)

assigned to @ardumont

added SWORD deposit label

added priority:Normal label

I have tested today at 11.20 with the same error on HAL's platform. @ardumont : can you check what the logs say about that? I think it's about the client credentials, they use the HAL prod credentials and they are listed as HAL preprod client.

logs confirm 403 responses (forbidden access) [1]. They are using the wrong credentials.

I did not remember exactly the detail so here is a quote [2]

HTTP 403 provides a distinct error case from HTTP 401; while HTTP 401 is returned when the client has not authenticated, and implies that a successful response may be returned following valid authentication, HTTP 403 is returned when the client is not permitted access to the resource despite providing authentication such as insufficient permissions of the authenticated account.

• [1] Logs excerpt coming from kibana:

	Time	message
	2020-09-17T11:24:21.563	2020-09-17 09:24:21 [1015935] gunicorn.access:INFO 127.0.0.1 - hal-preprod [17/Sep/2020:09:24:21 +0000] "POST /1/hal/ HTTP/1.1" 403 285 "-" "-"
	2020-09-17T11:24:21.562	[17/Sep/2020 09:24:21] WARNING [django.request:228] Forbidden: /1/hal/
	2020-09-17T11:24:21.562	2020-09-17 09:24:21 [1015935] django.request:WARNING Forbidden: /1/hal/
	2020-09-17T11:24:21.239	2020-09-17 09:24:21 [1015935] swh.core.config:INFO Loading config file /etc/softwareheritage/deposit/server.yml
	2020-09-17T11:24:21.227	2020-09-17 09:24:21 [1015935] swh.core.config:INFO Loading config file /etc/softwareheritage/global.ini
	2020-09-17T11:20:17.808	2020-09-17 09:20:17 [1015933] gunicorn.access:INFO 127.0.0.1 - hal-preprod [17/Sep/2020:09:20:17 +0000] "POST /1/hal/ HTTP/1.1" 403 285 "-" "-"
	2020-09-17T11:20:17.806	2020-09-17 09:20:17 [1015933] django.request:WARNING Forbidden: /1/hal/
	2020-09-17T11:20:17.805	[17/Sep/2020 09:20:17] WARNING [django.request:228] Forbidden: /1/hal/
	2020-09-17T11:20:17.318	2020-09-17 09:20:17 [1015933] swh.core.config:INFO Loading config file /etc/softwareheritage/deposit/server.yml
	2020-09-17T11:20:17.302	2020-09-17 09:20:17 [1015933] swh.core.config:INFO Loading config file /etc/softwareheritage/global.ini

source: http://kibana0.internal.softwareheritage.org:5601/goto/ba9cdc6e272f0183549ddede406b4ac8

• [2] https://en.wikipedia.org/wiki/HTTP_403#Specification

marked this issue as related to #2611 (closed)

I've sent an email (@ardumont in CC) to Bruno and Yannick about this error and about #2611 (closed).

The hal-preprod credentials are correct, we double checked with @moranegg.

It hit me during the second pass... (but we can see it in the logs already /1/hal/)

They are using the hal-preprod user but they try to access the hal collection... That's forbidden.

hal-preprod user can access the hal-preprod collection, not another client collection.

The logs need to be improved so the error and the cause of the error are displayed because i'm pretty sure this behavior is coded in the deposit...

added state:wip label

The logs need to be improved so the error and the cause of the error are displayed because i'm pretty sure this behavior is coded in the deposit...

#2626 (closed)

added priority:High label and removed priority:Normal label

heads up on this, we have nothing more to do on swh side.

And a priori, discussing with @moranegg yesterday about it, work has been done on the hal side.

unassigned @ardumont

removed state:wip label

closed