Closed (fixed)
Project:
Token authentication
Version:
6.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
20 Dec 2008 at 21:15 UTC
Updated:
19 Feb 2009 at 20:58 UTC
I am trying to troubleshoot a problem I'm seeing with tokenauth'ed RSS feeds on my site.
I was using simple access + tokenauth, and this combination had worked in the past. I created nodes that were viewable only by certain roles. I verified that users with the right role could indeed see those nodes when logged in to the site.
However, the nodes were not showing up in the tokenized versions of either my RSS feed (from Views) or my Atom feed (from the Atom module).
So far, I have:
- rebuilt content access permissions
- converted from Simple Access to Content Access
- rebuilt permissions again
In each instance, the tokenized RSS feeds don't contain the access-restricted nodes, even when testing with tokens from users who should be able to see the nodes—and CAN see them when they log in.
Here's the weird thing: the tokenized comment RSS feeds (from Comment RSS) do work properly.
I recognize that there's the distinct possibility that it's not tokenauth, but I'm hoping that someone reading here might have suggestions on what tests I could do to start nailing down where the problem actually lies. I'm bewildered to say the least—especially since multiple modules are involved—but glad that the default seems to be more security, not less.
Comments
Comment #1
domesticat commentedI've done some more testing, and I'm moving this up to a bug report from a support request.
For my next round of testing, I disabled all contrib modules except content access, token, tokenauth, and views. I cleared the caches after disabling the contrib modules.
I built a new, very simple view which pulled the latest ten entries of a certain node type, and verified that when I was logged in, they contained the access-limited entries. I logged out and tested my token against this view, and the access-limited entries never showed up.
Tokenized feeds for comments still work, but not with entries. I'm at a loss at this point.
Comment #2
domesticat commentedFantastic ... I finally have an answer. User error of a weird sort. The page in question was accessible by more than one URL, and the alias not listed in the tokenauth config page would always fail, even though the alias pointed to a page that WAS in the tokenauth config page.
Explains why comments continued to work.
Gotta love getting bitten by legacy issues. Closing ticket, no action needed.