namespace "api_key: causes access denied if a form has element also called 'api_key'

/** * {@inheritdoc} */ public function buildForm(array $form, FormStateInterface $form_state) { $config = $this->config('okta_api.settings'); $form['api_key'] = [ '#type' => 'textfield', '#title' => $this->t('API Token'), '#description' => $this->t('The API token to use.'), '#default_value' => $config->get('api_key'), ];

public function authenticate(Request $request) { // Load config entity. $api_key_entities = \Drupal::entityTypeManager() ->getStorage('api_key') ->loadMultiple(); foreach ($api_key_entities as $key_item) { if ($this->getKey($request) == $key_item->key) { $accounts = $this->entityTypeManager->getStorage('user')->loadByProperties(array('uuid' => $key_item->user_uuid)); $account = reset($accounts); ...

/** * @param $request * @return bool */ public function getKey(Request $request) { $form_api_key = $request->get('api_key'); $api_key = isset($form_api_key) ? $form_api_key : $request->query->get('api_key'); return isset($api_key) ? $api_key : FALSE; }

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 3 months ago →
🇩🇪Germany Grevil
Although the commit is also part of 3.x, this issue reappears using the latest 3.0.5 / 3.x dev version. We should check if any other issue caused a regression on this and provide a simple test module recreating this problem, so it won't reappear again.

Please reopen.
Merge request !6Fix regression on Issue #2928649: namespace "api_key: causes access denied if a form has element also called 'api_key' → (Merged) created by Grevil
Comment 3 months ago →
🇩🇪Germany Grevil
Alright, I added failing tests to reproduce the issue at Hand, now we need to reopen the issue and fix it.
Pipeline finished with Failed
3 months ago
Total: 146s
#411256
Comment 3 months ago →
🇩🇪Germany Anybody Porta Westfalica
Thanks @grevil! Great to have tests now!!

Yes, let's fix this please :)
Comment 2 months ago →
🇩🇪Germany Anybody Porta Westfalica
Comment 2 months ago →
🇩🇪Germany Grevil
Comment 2 months ago →
🇩🇪Germany Grevil
All done and tests succeed now! (I also altered them slightly).

Please review!
Comment 2 months ago →
🇩🇪Germany Grevil
Just an FYI:

Generally, this issue is NOT FIXABLE (without hacky code). The provided MR makes the api key names editable and introduces the ability to turn authentication via post, get, server on or off individually, so that the user can fix it themselves, if it collides with a request key from another module.
Comment 2 months ago →
🇩🇪Germany Anybody Porta Westfalica
Great work @grevil! Nice 4.x feature.
Comment 2 months ago →
🇩🇪Germany Anybody Porta Westfalica
Pipeline finished with Skipped
2 months ago
#413791
Comment 2 months ago →
System Message

anybody → committed bd50136c on 4.x authored by grevil →
Issue #2928649 by grevil, codeamatic, dakku, markaspot, shedow, anybody...
Comment 2 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

namespace "api_key: causes access denied if a form has element also called 'api_key'

Merge Requests

!6namespace "api_key: causes access denied if a form has element also called 'api_key'
Merged

Comments & Activities

namespace "api_key: causes access denied if a form has element also called 'api_key'

Merge Requests

!6namespace "api_key: causes access denied if a form has element also called 'api_key'Merged

Comments & Activities

!6namespace "api_key: causes access denied if a form has element also called 'api_key'
Merged