Skip to content

OAuth produces error when Authorization header does not begin with "OAuth..."  #8149

New issue
New issue
Closed
Closed
OAuth produces error when Authorization header does not begin with "OAuth..." #8149
Assignees
misha-kotov
Labels
Component: Framework/WebapiUSE ONLY for FRAMEWORK RELATED BUG! E.g If bug related to Catalog WEB API use just Catalogbug report
@careys7

Description

@careys7
careys7
opened on Jan 16, 2017

Preconditions

  1. Magento 2.0.0 - 2.1.3

Steps to reproduce

  1. Create OAuth integration
  2. Make API request having Authorization header beginning with non "OAuth" value:
GET /rest/default/V1/products?searchCriteria[pageSize]=5&searchCriteria[currentPage]=1 HTTP/1.1
Host: host.example.com
Authorization: Basic d2luZHcm0yOlxxdpTxxzb1JTbWlUSdsMTss=, OAuth oauth_consumer_key="ror07fth0ctjq16xddlrnkbg9qd5t29j",oauth_token="edkoyum5qmuokayjho7dvc5jbf9186ii",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1484543150",oauth_nonce="vO6XiU",oauth_signature="IB9F87TZM%2Btk1VK9aT%2FXnZ7VZFI%3D"
Cache-Control: no-cache

Expected result

  1. API request processed

Actual result

  1. OAuth authorization validation fails due to parsing of Authorization header value
{"message":"Consumer is not authorized to access %resources","parameters":{"resources":"Magento_Catalog::products"},"trace":"#0 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/module-webapi\/Controller\/Rest\/RequestValidator.php(70): Magento\\Webapi\\Controller\\Rest\\RequestValidator->checkPermissions()\n#1 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/module-webapi\/Controller\/Rest\/InputParamsResolver.php(80): Magento\\Webapi\\Controller\\Rest\\RequestValidator->validate()\n#2 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/module-webapi\/Controller\/Rest.php(299): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver->resolve()\n#3 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/module-webapi\/Controller\/Rest.php(216): Magento\\Webapi\\Controller\\Rest->processApiRequest()\n#4 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/framework\/Interception\/Interceptor.php(146): Magento\\Webapi\\Controller\\Rest->dispatch(Object(Magento\\Framework\\App\\Request\\Http))\n#5 \/var\/www\/releases\/20170105100948\/src\/var\/generation\/Magento\/Webapi\/Controller\/Rest\/Interceptor.php(26): Magento\\Webapi\\Controller\\Rest\\Interceptor->___callPlugins('dispatch', Array, Array)\n#6 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/framework\/App\/Http.php(135): Magento\\Webapi\\Controller\\Rest\\Interceptor->dispatch(Object(Magento\\Framework\\App\\Request\\Http))\n#7 \/var\/www\/releases\/20170105100948\/src\/vendor\/magento\/framework\/App\/Bootstrap.php(258): Magento\\Framework\\App\\Http->launch()\n#8 \/var\/www\/releases\/20170105100948\/src\/pub\/index.php(37): Magento\\Framework\\App\\Bootstrap->run(Object(Magento\\Framework\\App\\Http))\n#9 {main}"}```

Metadata

Metadata

Assignees

Labels

Component: Framework/WebapiUSE ONLY for FRAMEWORK RELATED BUG! E.g If bug related to Catalog WEB API use just Catalogbug report

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions