Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
If you changed the user Status to Blocked the token is getting expired, this is working fine but the problem is - if you regenerate the token for that blocked user again, it's proving valid token and user can access to the site. Awaiting for your suggestion, thanks in advance.
Comment | File | Size | Author |
---|---|---|---|
#18 | simple_oauth-blocked-user-2976463-18.patch | 839 bytes | umed91 |
#12 | simple_oauth-blocked-user-2976463-12.patch | 715 bytes | el7cosmos |
#4 | simple_oauth-blocked-user-2976463.patch | 800 bytes | jyoti.singh |
|
Comments
Comment #2
rajandro CreditAttribution: rajandro commentedComment #3
e0ipsoI think that a failing test would help move this forward.
Comment #4
jyoti.singh CreditAttribution: jyoti.singh as a volunteer and commentedThere can be two solutions here :
Attaching a patch for the second method.
Comment #5
jyoti.singh CreditAttribution: jyoti.singh as a volunteer and commentedComment #6
msankhala CreditAttribution: msankhala as a volunteer and at Srijan | A Material+ Company commentedPatch looks good. Its good to have a test case for this to ensure that this does not break anything.
Comment #8
e0ipsoMerged! Thanks for the contribution.
Comment #9
e0ipsoSetting back to Active so someone can add tests to this.
Thanks!
Comment #10
el7cosmosThis prevent consumer with anoymous user (uid 0) to authenticate. There are some cases where a consumer didn't need an authenticated user, eg for client_credentials, and only looks for consumer roles.
Comment #11
e0ipso@el7cosmos will you be able to provide a patch to fix this?
Comment #12
el7cosmos@e0ipso I can limit the check to authenticated user only, is that enough?
Comment #14
e0ipsoThanks for the fix @el7cosmos!
Comment #16
Anonymous (not verified) CreditAttribution: Anonymous at Ashday Interactive Systems commentedCould a new release be made which includes this patch? Upgrading to the latest dev version worked for me so that anonymous web service calls didn't log incorrect warnings, but it took me some time to figure out that this was what was causing the issue, since the ticket description isn't about that specifically. It would be nice if a new release was created so that people who usually install the latest stable version, like me, don't need to spend an hour or more tracking down the source of the errors.
In any case, though, thanks for the patch!
Comment #17
rajandro CreditAttribution: rajandro as a volunteer and at Srijan | A Material+ Company for Drupal India Association commentedComment #18
umed91 CreditAttribution: umed91 as a volunteer commentedI am still getting the above mentioned error and here is a simple patch to deny blocked users getting access token.
Comment #19
FranckyLFS CreditAttribution: FranckyLFS commented@umed91, thanks for the patch, it works fine. I had to adapt it a bit to use email instead of username, but still.
I think you should reopen a new ticket referencing this one so that a follow up can be done