Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wrong HTTP status code for authentication challenge #8

Open
weierophinney opened this issue Dec 31, 2019 · 1 comment
Open

Wrong HTTP status code for authentication challenge #8

weierophinney opened this issue Dec 31, 2019 · 1 comment

Comments

@weierophinney
Copy link
Contributor

It seems the DefaultAuthorizationPostListener is changing the status to 403 even when an authentication challenge response with a 401 status code is set.

The following piece of code probably needs to be added:

    if ($response instanceof HttpResponse && 
            $response->getStatusCode() == 401) {
        return;
    }

Originally posted by @JeSuisAlrick at zfcampus/zf-mvc-auth#109

@weierophinney
Copy link
Contributor Author

Having the same problem when using zf-mvc-auth in Apigility:
There instead of the DefaultAuthorizationPostListener the problem is within the ZF\Apigility\MvcAuth\UnauthorizedListener which doesn't check if a user is authenticated or not e.g. by doing something simple like:

        $status = 403;
        if ($mvcAuthEvent->getIdentity() instanceof \ZF\MvcAuth\Identity\GuestIdentity) {
            $status = 401;
        }
        $response = new ApiProblemResponse(new ApiProblem($status, 'Forbidden'));

The DefaultAuthorizationPostListener wasn't even called in my debugging cases as the UnauthorizedListener is called before and already returns a response which cancels the EVENT_AUTHORIZATION_POST. But in cases without Apigility the DefaultAuthorizationPostListener could probably do something similar.

I guess I'll add my own listener with higher priority or replace the UnauthorizedListener as there are multiple other issues and closed pull requests with the same unresolved problem. (#97, #106, #107, #127)


Originally posted by @j-schumann at zfcampus/zf-mvc-auth#109 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant