-
Notifications
You must be signed in to change notification settings - Fork 9.4k
Closed
Labels
Component: Framework/WebapiUSE ONLY for FRAMEWORK RELATED BUG! E.g If bug related to Catalog WEB API use just CatalogUSE ONLY for FRAMEWORK RELATED BUG! E.g If bug related to Catalog WEB API use just Catalogbug report
Description
Preconditions
- Magento 2.0.0 - 2.1.3
Steps to reproduce
- Create OAuth integration
- Make API request having
Authorization
header beginning with non "OAuth" value:
GET /rest/default/V1/products?searchCriteria[pageSize]=5&searchCriteria[currentPage]=1 HTTP/1.1
Host: host.example.com
Authorization: Basic d2luZHcm0yOlxxdpTxxzb1JTbWlUSdsMTss=, OAuth oauth_consumer_key="ror07fth0ctjq16xddlrnkbg9qd5t29j",oauth_token="edkoyum5qmuokayjho7dvc5jbf9186ii",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1484543150",oauth_nonce="vO6XiU",oauth_signature="IB9F87TZM%2Btk1VK9aT%2FXnZ7VZFI%3D"
Cache-Control: no-cache
Expected result
- API request processed
Actual result
- OAuth authorization validation fails due to parsing of
Authorization
header value
{"message":"Consumer is not authorized to access %resources","parameters":{"resources":"Magento_Catalog::products"},"trace":"#0 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/module-webapi\/Controller\/Rest\/RequestValidator.php(70): Magento\\Webapi\\Controller\\Rest\\RequestValidator->checkPermissions()\n#1 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/module-webapi\/Controller\/Rest\/InputParamsResolver.php(80): Magento\\Webapi\\Controller\\Rest\\RequestValidator->validate()\n#2 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/module-webapi\/Controller\/Rest.php(299): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver->resolve()\n#3 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/module-webapi\/Controller\/Rest.php(216): Magento\\Webapi\\Controller\\Rest->processApiRequest()\n#4 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/framework\/Interception\/Interceptor.php(146): Magento\\Webapi\\Controller\\Rest->dispatch(Object(Magento\\Framework\\App\\Request\\Http))\n#5 \/var\/www\/releases\/20170105100948\/src\/var\/generation\/Magento\/Webapi\/Controller\/Rest\/Interceptor.php(26): Magento\\Webapi\\Controller\\Rest\\Interceptor->___callPlugins('dispatch', Array, Array)\n#6 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/framework\/App\/Http.php(135): Magento\\Webapi\\Controller\\Rest\\Interceptor->dispatch(Object(Magento\\Framework\\App\\Request\\Http))\n#7 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/framework\/App\/Bootstrap.php(258): Magento\\Framework\\App\\Http->launch()\n#8 \/var\/www\/releases\/20170105100948\/src\/pub\/index.php(37): Magento\\Framework\\App\\Bootstrap->run(Object(Magento\\Framework\\App\\Http))\n#9 {main}"}```
Metadata
Metadata
Assignees
Labels
Component: Framework/WebapiUSE ONLY for FRAMEWORK RELATED BUG! E.g If bug related to Catalog WEB API use just CatalogUSE ONLY for FRAMEWORK RELATED BUG! E.g If bug related to Catalog WEB API use just Catalogbug report