- 🇳🇿New Zealand quietone New Zealand
There has been no discussion on this issue, perhaps this is no longer a problem?
is this still relevant to Drupal 10 or later?
Since we need more information to move forward with this issue, I am keeping the status at Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.
Thanks!
- Status changed to Active
17 days ago 10:05pm 27 August 2024 - 🇦🇺Australia mstrelan
As per this slack thread it seems the basic_auth module intercepts requests that do not have the basic_auth option set on the route as described in the docs → . If (invalid) auth is provided it will return a 403 even though the route should not be protected.
- 🇦🇺Australia sime Canberra
I put in a steps to reproduce to try to capture what might be going wrong in the real world. Note that removing these cached credentials wassn't altogether easy for me in Firefox without having to apply a broad brush and remove a lot of history and credentials
manibharathi ezhimalai ravi → made their first commit to this issue’s fork.
- Merge request !9389Issue #2839210 : Basic auth returns 403 when username & password supplied but not needed. → (Open) created by manibharathi ezhimalai ravi
- Status changed to Needs review
11 days ago 7:59am 2 September 2024 - Status changed to Needs work
11 days ago 8:13am 2 September 2024 - 🇦🇺Australia mstrelan
We need to consider if basic auth should apply to the route.
- Status changed to Needs review
11 days ago 12:08pm 2 September 2024 Hi,
By default Drupal will check the all the route values. Since we checking credentials from the request header all the URL's should be verified.mstrelan, Let me know Incase of missing any functionality check for this implementation.
- Status changed to Needs work
10 days ago 11:11pm 2 September 2024 - 🇦🇺Australia mstrelan
By default Drupal will check the all the route values. Since we checking credentials from the request header all the URL's should be verified.
That's the bug we are trying to fix though. According to the docs for basic_auth → the access should only be applied to routes with the basic_auth option:
options: _auth: [ 'basic_auth' ]
Hi,
Trying to add the condition whether the current request is coming with the options _auth and value should basic_auth. But getting the test failure after implementing the changes.- 🇮🇳India Prashant.c Dharamshala
You may want to post the snippet here or push the changes so that someone can help or guide you through this.
Updated the code changes for the _auth check for the current page route exist with the basic_auth or not.
but testcase failing in the basicauthtest. Attaching the screenshot of the unit testcase fails.