Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29959

Token not found exception in ContentViewBuilder when used to build own exception page

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Medium Medium
    • Resolution: Fixed
    • Affects Version/s: 1.7.8, 1.13.4, 2.2.3, 2.3.2
    • Fix Version/s: 1.7.9, 1.13.5, 2.3.3, 2.4.1
    • Component/s: Permissions
    • Labels:
      None

      Description

      The issue happens in all cases when Symfony's Security Component has not been initialised yet, for instance, when any router throws exception.

      Steps to reproduce

      1. Create own ExceptionController
      2. Configure Twig to use custom ExceptionController

        config.yml

        twig:
            exception_controller: App\Controller\ExceptionController::showException
        

      3. In the custom controller try to render template. In template try to do:

         {{ render(controller('ez_content:viewLocation', {
        	'locationId': locationId,
        	'viewType': 'embed'
        })) }}
        

        where locationId is some existing location.

      4. You should see 500 error and exception like Token not found in token storage....

      Solution
      As discussed with Bertrand Dunogier and André Rømcke, ContentViewBuilder should use our PermissionResolver instead of Symfony's AuthorizationChecker.

        Activity

        Kamil Madejski created issue -
        Kamil Madejski made changes -
        Field Original Value New Value
        Assignee Kamil Madejski [ kamil.madejski@ez.no ]
        Kamil Madejski made changes -
        Status Open [ 1 ] Confirmed [ 10037 ]
        Kamil Madejski made changes -
        Link This issue relates to CS-7106 [ CS-7106 ]
        Kamil Madejski made changes -
        Status Confirmed [ 10037 ] InputQ [ 10001 ]
        Kamil Madejski made changes -
        Status InputQ [ 10001 ] Development [ 3 ]
        Kamil Madejski made changes -
        Status Development [ 3 ] Development Review [ 10006 ]
        André Rømcke made changes -
        Status Development Review [ 10006 ] Documentation Review done [ 10011 ]
        Assignee Kamil Madejski [ kamil.madejski@ez.no ]
        Marek Nocoń made changes -
        Status Documentation Review done [ 10011 ] QA [ 10008 ]
        Kamil Madejski made changes -
        Description The issue happens in all cases when Symfony's Security Component has not been initialised yet, for instance, when any router throws exception.

        *Steps to reproduce*
        # Create own ExceptionController
        # Configure Twig to use custom ExceptionController
        {code:title=config.yml}
        twig:
            exception_controller: App\Controller\ExceptionController::showException
        {code}
        # In the custom controller try to render template. In template try to do:
        {code}
         {{ render(controller('ez_content:viewLocation', {
        'locationId': locationId,
        'viewType': 'full'
        })) }}
        {code}
        where {{locationId}} is some existing location.
        # You should see 500 error and exception like {{Token not found in token storage...}}.

        *Solution*
        As discussed with [~bertrand.dunogier@ez.no] and [~andre.romcke@ez.no], {{ContentViewBuilder}} should use our {{PermissionResolver}} instead of Symfony's {{AuthorizationChecker}}.
        The issue happens in all cases when Symfony's Security Component has not been initialised yet, for instance, when any router throws exception.

        *Steps to reproduce*
        # Create own ExceptionController
        # Configure Twig to use custom ExceptionController
        {code:title=config.yml}
        twig:
            exception_controller: App\Controller\ExceptionController::showException
        {code}
        # In the custom controller try to render template. In template try to do:
        {code}
         {{ render(controller('ez_content:viewLocation', {
        'locationId': locationId,
        'viewType': 'embed'
        })) }}
        {code}
        where {{locationId}} is some existing location.
        # You should see 500 error and exception like {{Token not found in token storage...}}.

        *Solution*
        As discussed with [~bertrand.dunogier@ez.no] and [~andre.romcke@ez.no], {{ContentViewBuilder}} should use our {{PermissionResolver}} instead of Symfony's {{AuthorizationChecker}}.
        Marek Nocoń made changes -
        Status QA [ 10008 ] QA Done [ 10007 ]
        Fix Version/s 1.7.9 [ 15015 ]
        Fix Version/s 1.13.5 [ 15016 ]
        Fix Version/s 2.3.3 [ 15096 ]
        Fix Version/s 2.4.1 [ 15101 ]
        Assignee Marek Nocoń [ marek.nocon@ez.no ]
        Marek Nocoń made changes -
        Status QA Done [ 10007 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Kamil Madejski
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: