Skip to content

OAuth produces error when Authorization header does not begin with "OAuth..."  #8149

@careys7

Description

@careys7

Preconditions

  1. Magento 2.0.0 - 2.1.3

Steps to reproduce

  1. Create OAuth integration
  2. Make API request having Authorization header beginning with non "OAuth" value:
GET /rest/default/V1/products?searchCriteria[pageSize]=5&searchCriteria[currentPage]=1 HTTP/1.1
Host: host.example.com
Authorization: Basic d2luZHcm0yOlxxdpTxxzb1JTbWlUSdsMTss=, OAuth oauth_consumer_key="ror07fth0ctjq16xddlrnkbg9qd5t29j",oauth_token="edkoyum5qmuokayjho7dvc5jbf9186ii",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1484543150",oauth_nonce="vO6XiU",oauth_signature="IB9F87TZM%2Btk1VK9aT%2FXnZ7VZFI%3D"
Cache-Control: no-cache

Expected result

  1. API request processed

Actual result

  1. OAuth authorization validation fails due to parsing of Authorization header value
{"message":"Consumer is not authorized to access %resources","parameters":{"resources":"Magento_Catalog::products"},"trace":"#0 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/module-webapi\/Controller\/Rest\/RequestValidator.php(70): Magento\\Webapi\\Controller\\Rest\\RequestValidator->checkPermissions()\n#1 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/module-webapi\/Controller\/Rest\/InputParamsResolver.php(80): Magento\\Webapi\\Controller\\Rest\\RequestValidator->validate()\n#2 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/module-webapi\/Controller\/Rest.php(299): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver->resolve()\n#3 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/module-webapi\/Controller\/Rest.php(216): Magento\\Webapi\\Controller\\Rest->processApiRequest()\n#4 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/framework\/Interception\/Interceptor.php(146): Magento\\Webapi\\Controller\\Rest->dispatch(Object(Magento\\Framework\\App\\Request\\Http))\n#5 \/var\/www\/releases\/20170105100948\/src\/var\/generation\/Magento\/Webapi\/Controller\/Rest\/Interceptor.php(26): Magento\\Webapi\\Controller\\Rest\\Interceptor->___callPlugins('dispatch', Array, Array)\n#6 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/framework\/App\/Http.php(135): Magento\\Webapi\\Controller\\Rest\\Interceptor->dispatch(Object(Magento\\Framework\\App\\Request\\Http))\n#7 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/framework\/App\/Bootstrap.php(258): Magento\\Framework\\App\\Http->launch()\n#8 \/var\/www\/releases\/20170105100948\/src\/pub\/index.php(37): Magento\\Framework\\App\\Bootstrap->run(Object(Magento\\Framework\\App\\Http))\n#9 {main}"}```

Metadata

Metadata

Assignees

Labels

Component: Framework/WebapiUSE ONLY for FRAMEWORK RELATED BUG! E.g If bug related to Catalog WEB API use just Catalogbug report

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions