Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.2.4 Created admin token has no access #15564

Closed
krukas opened this issue May 29, 2018 · 2 comments
Closed

2.2.4 Created admin token has no access #15564

krukas opened this issue May 29, 2018 · 2 comments
Labels
Fixed in 2.2.x The issue has been fixed in 2.2 release line Fixed in 2.3.x The issue has been fixed in 2.3 release line Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed

Comments

@krukas
Copy link
Contributor

krukas commented May 29, 2018

When you create a token for an admin user and have set the options (Admin Token Lifetime (hours)) to empty, you will get an access denied because the token immediately expires.

Preconditions

  1. Set the option Admin Token Lifetime (hours)) to empty.

Steps to reproduce

  1. Create admin token with /V1/integration/admin/token
  2. Do any other call with this token

Expected result

  1. get result back for given API call

Actual result

  1. Consumer is not authorized to access %resources

For keeping the empty feature that is wont expire, we need to add a check for the token TTL: https://github.com/magento/magento2/blob/2.2-develop/app/code/Magento/Webapi/Model/Authorization/TokenUserContext.php#L135

If I have some time I will create a pull request for this.
@magento-engcom-team magento-engcom-team added the Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed label May 29, 2018
krukas added a commit to krukas/magento2 that referenced this issue May 30, 2018
@krukas
[BUGFIX] magento#15564 Generated admin API token expires immediately
eab3674 
When admin token lifetime setting is empty, the token will expire
immediatly
@krukas krukas mentioned this issue May 30, 2018
Merged
@magento-engcom-team
Copy link
Contributor

Hi @krukas. Thank you for your report.
The issue has been fixed in #15598 by @krukas in 2.2-develop branch
Related commit(s):

The fix will be available with the upcoming 2.2.6 release.

@magento-engcom-team magento-engcom-team added the Fixed in 2.2.x The issue has been fixed in 2.2 release line label Jun 1, 2018
vijay-wagento pushed a commit to vijay-wagento/magento2 that referenced this issue Jun 4, 2018
@krukas @vijay-wagento
magento#15564 Generated admin API token expires immediately
7f34b22 
When admin token lifetime setting is empty, the token will expire
immediatly
@vijay-wagento vijay-wagento mentioned this issue Jun 4, 2018
Merged
vijay-wagento added a commit to vijay-wagento/magento2 that referenced this issue Jun 4, 2018
@vijay-wagento
Merge pull request #10 from vijay-wagento/2.3-develop-PR-port-15598
c18db91 
[Forwardport] [BUGFIX] magento#15564 Generated admin API token expires immediately
@vijay-wagento vijay-wagento mentioned this issue Jun 4, 2018
Merged
@magento-engcom-team
Copy link
Contributor

Hi @krukas. Thank you for your report.
The issue has been fixed in #15744 by @vijay-wagento in 2.3-develop branch
Related commit(s):

The fix will be available with the upcoming 2.3.0 release.

@magento-engcom-team magento-engcom-team added the Fixed in 2.3.x The issue has been fixed in 2.3 release line label Jun 21, 2018
magento-engcom-team added a commit that referenced this issue Jun 21, 2018
@magento-engcom-team
ENGCOM-2066: [Forwardport] [BUGFIX] #15564 Generated admin API token …
9669bd6 
…expires immediately #15744

 - Merge Pull Request #15744 from vijay-wagento/magento2:2.3-develop-PR-port-15598
 - Merged commits:
   1. 7f34b22
   2. 349d178
magento-engcom-team pushed a commit that referenced this issue Jun 21, 2018
ENGCOM-2066: [Forwardport] [BUGFIX] #15564 Generated admin API token …
382c84c 
…expires immediately #15744
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Fixed in 2.2.x The issue has been fixed in 2.2 release line Fixed in 2.3.x The issue has been fixed in 2.3 release line Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@krukas @magento-engcom-team