Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29959

Token not found exception in ContentViewBuilder when used to build own exception page

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Medium Medium
    • Resolution: Fixed
    • Affects Version/s: 1.7.8, 1.13.4, 2.2.3, 2.3.2
    • Fix Version/s: 1.7.9, 1.13.5, 2.3.3, 2.4.1
    • Component/s: Permissions
    • Labels:
      None

      Description

      The issue happens in all cases when Symfony's Security Component has not been initialised yet, for instance, when any router throws exception.

      Steps to reproduce

      1. Create own ExceptionController
      2. Configure Twig to use custom ExceptionController

        config.yml

        twig:
            exception_controller: App\Controller\ExceptionController::showException
        

      3. In the custom controller try to render template. In template try to do:

         {{ render(controller('ez_content:viewLocation', {
        	'locationId': locationId,
        	'viewType': 'embed'
        })) }}
        

        where locationId is some existing location.

      4. You should see 500 error and exception like Token not found in token storage....

      Solution
      As discussed with Bertrand Dunogier and André Rømcke, ContentViewBuilder should use our PermissionResolver instead of Symfony's AuthorizationChecker.

        Activity

        Kamil Madejski created issue -
        Kamil Madejski made changes -
        Field Original Value New Value
        Assignee Kamil Madejski [ kamil.madejski@ez.no ]
        Kamil Madejski made changes -
        Status Open [ 1 ] Confirmed [ 10037 ]
        Kamil Madejski made changes -
        Link This issue relates to CS-7106 [ CS-7106 ]
        Kamil Madejski made changes -
        Status Confirmed [ 10037 ] InputQ [ 10001 ]
        Kamil Madejski made changes -
        Status InputQ [ 10001 ] Development [ 3 ]
        Show
        Kamil Madejski added a comment - PR: https://github.com/ezsystems/ezpublish-kernel/pull/2510
        Kamil Madejski made changes -
        Status Development [ 3 ] Development Review [ 10006 ]
        André Rømcke made changes -
        Status Development Review [ 10006 ] Documentation Review done [ 10011 ]
        Assignee Kamil Madejski [ kamil.madejski@ez.no ]
        Marek Nocoń made changes -
        Status Documentation Review done [ 10011 ] QA [ 10008 ]
        Kamil Madejski made changes -
        Description The issue happens in all cases when Symfony's Security Component has not been initialised yet, for instance, when any router throws exception.

        *Steps to reproduce*
        # Create own ExceptionController
        # Configure Twig to use custom ExceptionController
        {code:title=config.yml}
        twig:
            exception_controller: App\Controller\ExceptionController::showException
        {code}
        # In the custom controller try to render template. In template try to do:
        {code}
         {{ render(controller('ez_content:viewLocation', {
        'locationId': locationId,
        'viewType': 'full'
        })) }}
        {code}
        where {{locationId}} is some existing location.
        # You should see 500 error and exception like {{Token not found in token storage...}}.

        *Solution*
        As discussed with [~bertrand.dunogier@ez.no] and [~andre.romcke@ez.no], {{ContentViewBuilder}} should use our {{PermissionResolver}} instead of Symfony's {{AuthorizationChecker}}.
        The issue happens in all cases when Symfony's Security Component has not been initialised yet, for instance, when any router throws exception.

        *Steps to reproduce*
        # Create own ExceptionController
        # Configure Twig to use custom ExceptionController
        {code:title=config.yml}
        twig:
            exception_controller: App\Controller\ExceptionController::showException
        {code}
        # In the custom controller try to render template. In template try to do:
        {code}
         {{ render(controller('ez_content:viewLocation', {
        'locationId': locationId,
        'viewType': 'embed'
        })) }}
        {code}
        where {{locationId}} is some existing location.
        # You should see 500 error and exception like {{Token not found in token storage...}}.

        *Solution*
        As discussed with [~bertrand.dunogier@ez.no] and [~andre.romcke@ez.no], {{ContentViewBuilder}} should use our {{PermissionResolver}} instead of Symfony's {{AuthorizationChecker}}.
        Show
        Marek Nocoń added a comment - Merged: https://github.com/ezsystems/ezpublish-kernel/commit/d6ebeca866491e1d343f496d5c415e7f50a7cc37 Additional PR: https://github.com/ezsystems/ezpublish-kernel/pull/2533 Merged: https://github.com/ezsystems/ezpublish-kernel/commit/1a013ad3681a3c5b151234310e926531368f2491
        Marek Nocoń made changes -
        Status QA [ 10008 ] QA Done [ 10007 ]
        Fix Version/s 1.7.9 [ 15015 ]
        Fix Version/s 1.13.5 [ 15016 ]
        Fix Version/s 2.3.3 [ 15096 ]
        Fix Version/s 2.4.1 [ 15101 ]
        Assignee Marek Nocoń [ marek.nocon@ez.no ]
        Marek Nocoń made changes -
        Status QA Done [ 10007 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Confirmed Confirmed
        12s 1 Kamil Madejski 20/Dec/18 3:50 PM
        Confirmed Confirmed InputQ InputQ
        21h 47m 1 Kamil Madejski 21/Dec/18 1:38 PM
        InputQ InputQ Development Development
        3s 1 Kamil Madejski 21/Dec/18 1:38 PM
        Development Development Development Review Development Review
        7m 5s 1 Kamil Madejski 21/Dec/18 1:45 PM
        Development Review Development Review Documentation Review done Documentation Review done
        20d 7h 6m 1 André Rømcke 10/Jan/19 8:51 PM
        Documentation Review done Documentation Review done QA QA
        12d 14h 15m 1 Marek Nocoń 23/Jan/19 11:07 AM
        QA QA QA Done QA Done
        1d 22m 1 Marek Nocoń 24/Jan/19 11:30 AM
        QA Done QA Done Closed Closed
        21s 1 Marek Nocoń 24/Jan/19 11:30 AM

          People

          • Assignee:
            Unassigned
            Reporter:
            Kamil Madejski
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: