Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-25038

Error using REST if session is started before

    XMLWordPrintable

Details

    Description

      There is an issue with logging in to Platform UI if the session is started before the login screen is loaded.

      User cannot login and the status returned from /user/sessions POST request is "Missing or invalid CSRF token".

      The session is started in an event subscriber that subscribes to KernelEvents::REQUEST, so it happens before the platform UI shell action is executed.

      All it takes to trigger the behaviour is to start the session by using SessionInterface::get() in the subscriber.

      Steps to reproduce.

      • Add a request subscriber in a bundle (you can use the one attached to the issue and update the namespace)
      • Enable it in services.yml (also update namespace if you used to example). 
        services:
    app.exception_subscriber:
        class: EzSystems\SupportBundle\EventSubscriber\RequestSubscriber
        tags:
            - { name: kernel.event_subscriber }
      • Try to login on the platform UI
      • An error will be displayed "Invalid username or password"

      Stacktrace

      "ErrorMessage": {
    "_media-type": "application\/vnd.ez.api.ErrorMessage+json",
    "errorCode": 401,
    "errorMessage": "Unauthorized",
    "errorDescription": "User does not have access to '' 'Missing or invalid CSRF token'",
    "trace": "  #0 [internal function]: eZ\\Publish\\Core\\REST\\Server\\Controller\\User->createSession(Object(Symfony\\Component\\HttpFoundation\\Request))
                #1 \/home\/yan\/prog\/ezplatform\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php(139): call_user_func_array(Array, Array)
                #2 \/home\/yan\/prog\/ezplatform\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php(62): Symfony\\Component\\HttpKernel\\HttpKernel->handleRaw(Object(Symfony\\Component\\HttpFoundation\\Request), 1)
                #3 \/home\/yan\/prog\/ezplatform\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/DependencyInjection\/ContainerAwareHttpKernel.php(69): Symfony\\Component\\HttpKernel\\HttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)
                #4 \/home\/yan\/prog\/ezplatform\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/Kernel.php(184): Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)
                #5 \/home\/yan\/prog\/ezplatform\/web\/index.php(66): Symfony\\Component\\HttpKernel\\Kernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request))
                #6 {main}",
    "file": "\/home\/yan\/prog\/ezplatform\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Publish\/Core\/REST\/Server\/Controller\/User.php",
    "line": 1000
}

      Attachments

        1. RequestSubscriber.php
          0.6 kB

        Activity

          People

            Unassigned Unassigned
            f8f4635f-c125-4f25-94af-5c94e74ef8c1@accounts.ibexa.co Edi Modrić
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: