basic auth get data when user blocked

Created on 8 December 2023, 7 months ago

Updated 12 December 2023, 7 months ago

Using this module for json api authentication I've found that when I block the user, I can still retrieve data using the credentials of such user.

Turn on jsonapi, turn on this module, turn on basic authentication.

Create a node. Use postman to retrieve the data.

🐛 Bug report

Status

Active

Version

2.0

Component

Code

Created by

🇵🇱Poland arysom

Live updates comments and jobs are added and updated live.

Security
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Merge Requests

!2basic auth get data when user blocked
Open
🇵🇱Poland arysom
updated 7 months ago

Issue created by @arysom
Comment 7 months ago →
🇵🇱Poland arysom
Merge request !2check if user is blocked → (Open) created by arysom
Comment 7 months ago →
🇵🇱Poland arysom
adding patch if someone likes to use it this way
Comment 7 months ago →
🇮🇳India arsh244
Hi @arysom, thank you for providing a patch. Our team is already working on the issue and the same will be fixed in the next release itself.

I will update here once the module is published. Thanks
Comment 7 months ago →
solideogloria

Production build 0.69.0 2024