Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error 401 instead of 404 when doing a POST on a non-existent resource with a custom UriTemplate #6014

Open
Dean151 opened this issue Nov 30, 2023 · 2 comments · May be fixed by #6027
Open

Error 401 instead of 404 when doing a POST on a non-existent resource with a custom UriTemplate #6014

Dean151 opened this issue Nov 30, 2023 · 2 comments · May be fixed by #6027
Labels
enhancement

Comments

@Dean151
Copy link

Dean151 commented Nov 30, 2023

API Platform version(s) affected: 3.1.11+

Description

I have an endpoint like this one:
POST /feeders/{id}/feed that triggers an action on a resource called feeder.
This endpoint have a security setting, and a custom uriTemplate on the resource.

new Post(
    uriTemplate: '/feeders/{id}/feed',
    ...
    security: 'is_granted(\'MANAGE\', object)',
),

When sending an ID that does not exist, I expect a 404 error, and one of my tests assert that.
But since version 3.1.11, I get a 401 error instead.

I can narrow down the apparition of the issue with #5583, that exclude POST method from Not Found early response in ApiPlatform/Symfony/EventListener/ReadListener.php

How to reproduce

  • Create a custom POST, with an uriTemplate, and a security condition.
  • Pass an unknown ID
  • Get a 401 instead of a 404

Possible Solution
Simply removing the line 106 of ApiPlatform/Symfony/EventListener/ReadListener.php fixes the problem; but it might have other implications…

Additional Context

I can reproduce this here, see the failing CI: Dean151/Aln-Symfony#71
My Post declaration is here: https://github.com/Dean151/Aln-Symfony/blob/470033da34e5f93bacb23b03d1bad7434f994588/src/Entity/AlnFeeder.php#L112
soyuka added a commit to soyuka/core that referenced this issue Dec 7, 2023
@soyuka
feat(metadata): throwOnNotFound option
b3cbd66 
fixes api-platform#6014
@soyuka
Copy link
Member

soyuka commented Dec 7, 2023

indeed this is a hard problem as since API Platform 2 POST is not supposed to have identifiers. Maybe that we can try to provide a flag to allow an operation to throw a not found exception when the data is null. I've added a pr with a proposal to change this behavior.

soyuka added a commit to soyuka/core that referenced this issue Dec 7, 2023
@soyuka
feat(metadata): throwOnNotFound option
741f2c5 
fixes api-platform#6014
@soyuka soyuka linked a pull request Dec 7, 2023 that will close this issue
Draft
@Dean151
Copy link
Author

Dean151 commented Dec 7, 2023

As discussed at SymfonyCon, I implemented the workaround of using a Provider that throws an NotFoundHttpException itself.
I post it here so that any other folk impacted by this can have a reference on this.
https://github.com/Dean151/Aln-Symfony/blob/be1e7b3720dc8a29521c5ad632d59ed787aa4f98/src/ApiPlatform/Provider/AlnFeederProvider.php

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(metadata): throwOnNotFound option soyuka/core
2 participants
@soyuka @Dean151