Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-19282

Unable to refresh token via POST method after upgrading to 2012.2

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • None
    • 2012.2
    • Legacy > REST interface
    • None

    • Operating System: Ubuntu 10.04.3
      PHP Version: 5.3.2
      Database and version: MySQL 5.1
      Browser (and version): ALL

    Description

      After upgrading from Community 2012.1 to 2012.2 the refresh token interface is broken.

      This interface must be called using POST method, as documentation says:
      http://doc.ez.no/var/doc/storage/images/media/images/oauth-flow-2/123635-1-eng-GB/Oauth-flow-2.png
      and we can check that in the file "kernel/private/rest/classes/controllers/oauth_token.php".

      However, the interface is returning the following error when called int the same way as I did when 2012.1:

      *"This method is not supported, allowed methods are: GET, OPTIONS"*

      The route is defined in "kernel/private/rest/classes/auth/auth_provider.php":

          public function getRoutes()
    {
        $routes = array(
            'basicAuth'    => new ezpMvcRailsRoute( '/http-basic-auth', 'ezpRestAuthController', 'basicAuth' ),
            'oauthLogin'   => new ezpMvcRailsRoute( '/oauth/login', 'ezpRestAuthController', 'oauthRequired' ),
            'oauthToken'   => new ezpMvcRailsRoute( '/oauth/token', 'ezpRestOauthTokenController', 'handleRequest')
        );
        return $routes;
    }

      But in "kernel/private/rest/classes/router/rails.php" we have:

          public function __construct( $pattern, $controllerClassName, $protocolActionMap, array $defaultValues = array(), $protocol = null )
    {
        if ( is_string( $protocolActionMap ) )
        {
            if ( $protocol === null )
            {
                $protocolActionMap = array( 'http-get' => $protocolActionMap );
            }
            else
            {
                // compatibility with 4.6 route definition
                $protocolActionMap = array( $protocol => $protocolActionMap );
            }
        }
        if ( !isset( $protocolActionMap['http-options'] ) )
        {
            $protocolActionMap['http-options'] = 'httpOptions';
        }
        $this->protocolActionMap = $protocolActionMap;
        parent::__construct( $pattern, $controllerClassName, '', $defaultValues );
    }

      that when is not specified the $protocolActionMap as array (old API calls, like auth_provider.php does) it takes http-get as the only method allowed, avoiding refresh the token using POST method.

      Steps to reproduce

      Use the POST form I attached to reproduce it easily. You just have to modify the html to specify your domain. The other fields except "grant_type=refresh_token" are no relevant to this test.

      Attachments

        1. refresh_token_form.html
          0.4 kB

        Activity

          People

            andre1 andre1
            tantajos tantajos
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: