Key Auth authenticator should query for users without access check

Created on 29 March 2022, over 2 years ago
Updated 21 February 2023, almost 2 years ago

Problem/Motivation

In the ::getUserByKey method of the KeyAuth authentication provider, there is an entity query to the user entity.

If the user entity implements a query access handler and doesn't allow querying for anoymous users (it shouldn't be allowed anyway), the KeyAuth authentication provider won't find a matching user.

Steps to reproduce

Add a query_access handler to the User entity and make sure the result is empty for anonymous users.

Proposed resolution

Disable access checking on the entity query.

🐛 Bug report
Status

Fixed

Version

2.0

Component

Code

Created by

🇪🇸Spain nuez Madrid, Spain

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024