Issue when masking authorization headers

Created on 13 September 2024, 3 months ago

Problem/Motivation

This problem manifests itself the same as https://www.drupal.org/project/rest_log/issues/3421926 🐛 Malformed auth header breaks logging and service Fixed - although now the REST log module just logs an error, and doesn't log the REST API request.

The error is:
Rest log could not be added. (Drupal\Core\Logger\LoggerChannel::info(): Argument #1 ($message) must be of type Stringable|string, null given, called in ..../rest_log/src/EventSubscriber/RestLogSubscriber.php on line 274)

I think the problem is in this line:
if ($pass_code && $headerKey == 'authorization' && [$auth_scheme, $credentials] = preg_match('/\s+/', $pass_code)) {

added in this commit: https://git.drupalcode.org/project/rest_log/-/commit/eca7c579ea2e9ffa6a6...

preg_match returns 0 or 1, not the array of matches. So the $credentials is NULL.

We need a different way to access it.

Steps to reproduce

Make a REST call using basic auth - the log is not saved.

Proposed resolution

Fix the splitting of the auth header

🐛 Bug report
Status

Needs review

Version

2.3

Component

Code

Created by

🇬🇧United Kingdom jkingsnorth

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024