Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Invalid
Priority: Critical
Fix Version/s: QA tracked issues, 2015.01
Affects Version/s: dev-master
Component/s: Platform > REST API v2, Platform UI (Admin UI & Content UI), Users and Access control
Labels:
None

Sprint:
Pollux Core S5

Description

When attempting to create a new session using POST /user/sessions , the request will fail if an old/stale/invalid session cookie already exists.

curl 'http://ezpublish-community.local/api/ezp/v2/user/sessions' \
  -H 'Content-Type: application/vnd.ez.api.SessionInput+json' \
  -H 'Accept: application/vnd.ez.api.Session+json' \
  --data-binary '{"SessionInput":{"login":"admin","password":"publish"}}' \
  --cookie "eZSESSID=_invalid_"

The result is HTTP 401: Unauthorized, with the follwing JSON response:

"ErrorMessage":{
"_media-type":"application\/vnd.ez.api.ErrorMessage+json",
"errorCode":401,
"errorMessage":"Unauthorized",
"errorDescription":"User does not have access to '' 'Missing or invalid CSRF token'",
"trace":"#0 [internal function]: eZ\\Publish\\Core\\REST\\Server\\Controller\\User->createSession()\n#1 \/var\/www\/ezpublish-community\/ezpublish\/bootstrap.php.cache(3020): call_user_func_array(Array, Array)\n#2 \/var\/www\/ezpublish-community\/ezpublish\/bootstrap.php.cache(2982): Symfony\\Component\\HttpKernel\\HttpKernel->handleRaw(Object(Symfony\\Component\\HttpFoundation\\Request), 1)\n#3 \/var\/www\/ezpublish-community\/ezpublish\/bootstrap.php.cache(3131): Symfony\\Component\\HttpKernel\\HttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#4 \/var\/www\/ezpublish-community\/ezpublish\/bootstrap.php.cache(2376): Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#5 \/var\/www\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpCache\/HttpCache.php(490): Symfony\\Component\\HttpKernel\\Kernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#6 \/var\/www\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Bundle\/FrameworkBundle\/HttpCache\/HttpCache.php(60): Symfony\\Component\\HttpKernel\\HttpCache\\HttpCache->forward(Object(Symfony\\Component\\HttpFoundation\\Request), true, NULL)\n#7 \/var\/www\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpCache\/HttpCache.php(261): Symfony\\Bundle\\FrameworkBundle\\HttpCache\\HttpCache->forward(Object(Symfony\\Component\\HttpFoundation\\Request), true)\n#8 \/var\/www\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpCache\/HttpCache.php(278): Symfony\\Component\\HttpKernel\\HttpCache\\HttpCache->pass(Object(Symfony\\Component\\HttpFoundation\\Request), true)\n#9 \/var\/www\/ezpublish-community\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Bundle\/EzPublishCoreBundle\/HttpCache.php(42): Symfony\\Component\\HttpKernel\\HttpCache\\HttpCache->invalidate(Object(Symfony\\Component\\HttpFoundation\\Request), true)\n#10 \/var\/www\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpCache\/HttpCache.php(207): eZ\\Bundle\\EzPublishCoreBundle\\HttpCache->invalidate(Object(Symfony\\Component\\HttpFoundation\\Request), true)\n#11 \/var\/www\/ezpublish-community\/vendor\/friendsofsymfony\/http-cache-bundle\/HttpCache.php(82): Symfony\\Component\\HttpKernel\\HttpCache\\HttpCache->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#12 \/var\/www\/ezpublish-community\/web\/index.php(81): FOS\\HttpCacheBundle\\HttpCache->handle(Object(Symfony\\Component\\HttpFoundation\\Request))\n#13 {main}","file":"\/var\/www\/ezpublish-community\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Publish\/Core\/REST\/Server\/Controller\/User.php","line":997}}

Attachments

Issue Links

relates to

EZP-21265 As a developer, I want to a have SessionAuthAgent that is able to work on an existing session

Closed

EZP-22163 As a REST User I need to re authenticate existing session on login

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Joao Inacio (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 12/Jan/15 3:00 PM

Updated:: 03/Feb/15 4:53 PM

Resolved:: 03/Feb/15 4:53 PM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1d 30m