Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-25038

Error using REST if session is started before

    XMLWordPrintable

    Details

      Description

      There is an issue with logging in to Platform UI if the session is started before the login screen is loaded.

      User cannot login and the status returned from /user/sessions POST request is "Missing or invalid CSRF token".

      The session is started in an event subscriber that subscribes to KernelEvents::REQUEST, so it happens before the platform UI shell action is executed.

      All it takes to trigger the behaviour is to start the session by using SessionInterface::get() in the subscriber.

      Steps to reproduce.

      • Add a request subscriber in a bundle (you can use the one attached to the issue and update the namespace)
      • Enable it in services.yml (also update namespace if you used to example).
        services:
            app.exception_subscriber:
                class: EzSystems\SupportBundle\EventSubscriber\RequestSubscriber
                tags:
                    - { name: kernel.event_subscriber }
        
      • Try to login on the platform UI
      • An error will be displayed "Invalid username or password"

      Stacktrace

      "ErrorMessage": {
          "_media-type": "application\/vnd.ez.api.ErrorMessage+json",
          "errorCode": 401,
          "errorMessage": "Unauthorized",
          "errorDescription": "User does not have access to '' 'Missing or invalid CSRF token'",
          "trace": "  #0 [internal function]: eZ\\Publish\\Core\\REST\\Server\\Controller\\User->createSession(Object(Symfony\\Component\\HttpFoundation\\Request))
                      #1 \/home\/yan\/prog\/ezplatform\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php(139): call_user_func_array(Array, Array)
                      #2 \/home\/yan\/prog\/ezplatform\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php(62): Symfony\\Component\\HttpKernel\\HttpKernel->handleRaw(Object(Symfony\\Component\\HttpFoundation\\Request), 1)
                      #3 \/home\/yan\/prog\/ezplatform\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/DependencyInjection\/ContainerAwareHttpKernel.php(69): Symfony\\Component\\HttpKernel\\HttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)
                      #4 \/home\/yan\/prog\/ezplatform\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/Kernel.php(184): Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)
                      #5 \/home\/yan\/prog\/ezplatform\/web\/index.php(66): Symfony\\Component\\HttpKernel\\Kernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request))
                      #6 {main}",
          "file": "\/home\/yan\/prog\/ezplatform\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Publish\/Core\/REST\/Server\/Controller\/User.php",
          "line": 1000
      }
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              edi.modric Edi Modrić
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: