Contrib.social

authentication providers can fail access on routes with _access: 'TRUE'

Open on Drupal.org โ†’
Created on 7 September 2021, almost 4 years ago
Updated 31 October 2022, over 2 years ago

Problem/Motivation

A route with _access: 'TRUE' should always allow access.

However, it's possible for authentication to fail.

Steps to reproduce

1. Enable basic_auth module
2. Set up an image derivative
3. Go to the URI for the derived image, with an Authorization HTTP header which looks like "Basic something-that-will-fail"
4. Get a 403

This is because the Authorization causes the BasicAuth authentication provider to report that it applies to the request. It will then fail authentication.

Furthermore, the log message is unclear: it says 'The used authentication method is not allowed on this route' which isn't actually the problem.

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

๐Ÿ› Bug report
Status

Active

Version

10.1 โœจ

Component
Routingย  โ†’

Last updated 3 days ago

Created by

๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom joachim

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 2 years ago โ†’
    ๐Ÿ‡ช๐Ÿ‡ธSpain kundu Barcelona

    Any news about this issue?

  • Comment about 2 years ago โ†’
    ๐Ÿ‡ฉ๐Ÿ‡ชGermany pebosi

    Ist would be nice to get rid of this โ€žmisleadingโ€œ 403.

  • Comment about 2 years ago โ†’
    ๐Ÿ‡บ๐Ÿ‡ธUnited States bradjones1 Digital Nomad Life

    @kundu it's waiting for someone to work on it. Maybe you? :-) Or you could sponsor development.

  • Comment 3 days ago โ†’
    ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom lincoln-batsirayi

    Hey @bradjones1 so I'm having the same issue as described by @joachim on the subrequests module, except mine is related to not being able to get nodes by paths if I'm using a key auth in my http headers.

    Now i don't fully understand what the problem is and where a fix would need to be added BUT i do have the time and willingness to work through this, Iโ€™d just need some high level steer as to what Iโ€™d need to do. Is this something you can provide me, even if it's some suggested reading so i can get started by understanding the issue better?

  • Comment 3 days ago โ†’
    ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom joachim

    > Iโ€™d just need some high level steer as to what Iโ€™d need to do

    That unfortunately is what is missing on this issue. We can't agree on what the correct behaviour is.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024