Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Zf mvc auth can not identifier request type. Collection or Entity #1

Open
weierophinney opened this issue Dec 31, 2019 · 2 comments
Open

Comments

@weierophinney
Copy link
Contributor

https://github.com/zfcampus/zf-mvc-auth/blob/25dca76fbe9017165dbe2c2dc7ac51146ea6149d/src/Authorization/DefaultResourceResolverListener.php#L126

This method can not identifier request type for authorization check.
I have REST service

/path/to/url[/:identifier_name]

Allowed methods is
COLLECTION -> GET
ENTIITY-> PUT
for authorization I have this configs

'collection' => [
	'GET' => true,
	'POST' => false,
	'PUT' => false,
	'PATCH' => false,
	'DELETE' => false,
],
'entity' => [
	'GET' => false,
	'POST' => false,
	'PUT' => true,
	'PATCH' => false,
	'DELETE' => false,
],

but when I'm sending request like this

/path/to/url?identifier_name=some_value

zf auth think that this is ENTITY-> GET.
because of on line 137 you are checking also if identifier exist in query parameters


Originally posted by @newdevonair at zfcampus/zf-mvc-auth#144

@weierophinney
Copy link
Contributor Author

@weierophinney what you think about it.
is it ok?


Originally posted by @newdevonair at zfcampus/zf-mvc-auth#144 (comment)

@weierophinney
Copy link
Contributor Author

It's not interpreting the request as a GET request; it's instead matching a query string argument (which can occur with ANY URI, not just those sent via GET).

I'm not sure why we check for the identifier in the query string arguments, to be honest; we likely shouldn't. However, to change that at this time would break backwards compatibility.

Can you answer a couple questions for me, please, so we can better evaluate your concerns?

  • Why are you sending the identifier using a query string argument in the first place?
  • What problems are you observing due to the current behavior, exactly?

Originally posted by @weierophinney at zfcampus/zf-mvc-auth#144 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant