Hi all,
on setup of a simple API the credentials are missing. The package Neos.ApiTest was setup by flow command package:create.
What I do:
- Log into NEOS as Administrator utilizing chrome browser (https://mydomain/neos)
- Same browser, other tab, open: https://mydomain/neos/apitest
- Error message from NEOS:
The security context contained no tokens which could be authenticated.
Evaluated following 1 privilege target(s):
"Neos.Neos:AllControllerActions": ABSTAIN
(0 granted, 0 denied, 1 abstained)
Exception Code 1258721059
Exception Type Neos\Flow\Security\Exception\NoTokensAuthenticatedException
Log Reference 20230601145725fd7f46
Thrown in File Data/Temporary/Development/Cache/Code/Flow_Object_Classes/Neos_Flow_Security_Authorization_Interceptor_PolicyEnforcement.php
Line 104
Original File Packages/Framework/Neos.Flow/Classes/Security/Authorization/Interceptor/PolicyEnforcement.php
In file Security_Development.log (full file content below) first there’s noted Session oIxWMKyiKtNvFw2Dx5tkFv04JldpsfJ4 contains auth token... authentication successful
but next there are two entries Session oIxWMKyiKtNvFw2Dx5tkFv04JldpsfJ4 contains auth token Neos\Flow\Security\Authentication\Token\PasswordToken for provider Neos.Setup:Login. Status: no credentials given
What’s missing?
Files
ApiTestServiceController.php
<?php
namespace Neos\ApiTest\Controller;
use Neos\Flow\Mvc\Controller\ActionController;
/**
* Controller for Api Test Services
*
* @package "Neos.ApiTest"
*/
class ApiTestServiceController extends ActionController
{
/**
* index action
*/
public function indexAction(): void
{
}
}
Settings.yaml
Neos:
Flow:
mvc:
routes:
'Neos.ApiTest': true
Routes.yaml
-
name: 'Index'
uriPattern: 'neos/apitest'
defaults:
'@package': 'Neos.ApiTest'
'@controller': 'ApiTestService'
'@action': 'index'
Policy.yaml
privilegeTargets:
'Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege':
'Neos.ApiTest:AnyAction':
matcher: 'method(Neos\Folder\Controller\ApiTestServiceController->.*Action())'
roles:
'Neos.Neos:Administrator':
privileges:
-
privilegeTarget: 'Neos.ApiTest:AnyAction'
permission: GRANT
System_Development.log
23-06-01 14:49:11 16 DEBUG Session: Resumed session with id oIxWMKyiKtNvFw2Dx5tkFv04JldpsfJ4 which was inactive for 11 seconds. (11s)
23-06-01 14:49:11 16 DEBUG Router route(): A cached Route with the cache identifier "c7a2b453ab1d772a508d55da6389cd59" matched the request "https://neos-dev.tds/neos/apitest (GET)".
23-06-01 14:49:11 16 DEBUG CSRF: No token required, safe request
23-06-01 14:49:11 16 CRITICAL Exception #1258721059 in line 62 of /www/neos-dev.tds/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/Neos_Flow_Security_Aspect_PolicyEnforcementAspect.php: The security context contained no tokens which could be authenticated.
Evaluated following 1 privilege target(s):
"Neos.Neos:AllControllerActions": ABSTAIN
(0 granted, 0 denied, 1 abstained) - See also: 20230601144911c39925.txt
Security_Development.log
23-06-01 14:49:11 16 172.18.0.1 DEBUG Neos.Flow Session oIxWMKyiKtNvFw2Dx5tkFv04JldpsfJ4 contains auth token Neos\Flow\Security\Authentication\Token\UsernamePassword for provider Neos.Neos:Backend. Status: authentication successful
23-06-01 14:49:11 16 172.18.0.1 DEBUG Neos.Flow Session oIxWMKyiKtNvFw2Dx5tkFv04JldpsfJ4 contains auth token Neos\Flow\Security\Authentication\Token\PasswordToken for provider Neos.Setup:Login. Status: no credentials given
23-06-01 14:49:11 16 172.18.0.1 DEBUG Neos.Flow Session oIxWMKyiKtNvFw2Dx5tkFv04JldpsfJ4 contains auth token Neos\Flow\Security\Authentication\Token\UsernamePassword for provider Flowpack.Neos.FrontendLogin:Frontend. Status: no credentials given
23-06-01 14:49:11 16 172.18.0.1 NOTICE No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.
20230601144911c39925.txt
Exception #1258721059 in line 62 of /www/neos-dev.tds/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/Neos_Flow_Security
_Aspect_PolicyEnforcementAspect.php: The security context contained no tokens which could be authenticated.
Evaluated following 1 privilege target(s):
"Neos.Neos:AllControllerActions": ABSTAIN
(0 granted, 0 denied, 1 abstained)
35 Neos\Flow\Security\Authorization\Interceptor\PolicyEnforcement_Original::invoke()
34 Neos\Flow\Security\Aspect\PolicyEnforcementAspect_Original::enforcePolicy(Neos\Flow\Aop\JoinPoint)
33 Neos\Flow\Aop\Advice\AroundAdvice::invoke(Neos\Flow\Aop\JoinPoint)
32 Neos\Flow\Aop\Advice\AdviceChain::proceed(Neos\Flow\Aop\JoinPoint)
31 Neos\ApiTest\Controller\ApiTestServiceController::indexAction()
30 Neos\Flow\Mvc\Controller\ActionController_Original::callActionMethod()
29 Neos\Flow\Mvc\Controller\ActionController_Original::processRequest(Neos\Flow\Mvc\ActionRequest, Neos\Flow\Mvc\ActionResponse)
28 Neos\Flow\Mvc\Dispatcher_Original::initiateDispatchLoop(Neos\Flow\Mvc\ActionRequest, Neos\Flow\Mvc\ActionResponse)
27 Neos\Flow\Mvc\Dispatcher_Original::dispatch(Neos\Flow\Mvc\ActionRequest, Neos\Flow\Mvc\ActionResponse)
26 Neos\Flow\Mvc\DispatchMiddleware_Original::process(GuzzleHttp\Psr7\ServerRequest, Neos\Flow\Http\Middleware\MiddlewaresChain)
25 Neos\Flow\Http\Middleware\MiddlewaresChain_Original::handle(GuzzleHttp\Psr7\ServerRequest)
24 Neos\Flow\Http\Middleware\SecurityEntryPointMiddleware_Original::process(GuzzleHttp\Psr7\ServerRequest, Neos\Flow\Http\Middlewa
re\MiddlewaresChain)
23 Neos\Flow\Http\Middleware\MiddlewaresChain_Original::handle(GuzzleHttp\Psr7\ServerRequest)
22 Neos\Flow\Http\Middleware\RequestBodyParsingMiddleware_Original::process(GuzzleHttp\Psr7\ServerRequest, Neos\Flow\Http\Middlewa
re\MiddlewaresChain)
21 Neos\Flow\Http\Middleware\MiddlewaresChain_Original::handle(GuzzleHttp\Psr7\ServerRequest)
20 Neos\Flow\Mvc\FlashMessage\FlashMessageMiddleware_Original::process(GuzzleHttp\Psr7\ServerRequest, Neos\Flow\Http\Middleware\Mi
ddlewaresChain)
19 Neos\Flow\Http\Middleware\MiddlewaresChain_Original::handle(GuzzleHttp\Psr7\ServerRequest)
18 Neos\Flow\Http\Middleware\PoweredByMiddleware_Original::process(GuzzleHttp\Psr7\ServerRequest, Neos\Flow\Http\Middleware\Middle
waresChain)
17 Neos\Flow\Http\Middleware\MiddlewaresChain_Original::handle(GuzzleHttp\Psr7\ServerRequest)
16 Neos\Flow\Mvc\Routing\RoutingMiddleware_Original::process(GuzzleHttp\Psr7\ServerRequest, Neos\Flow\Http\Middleware\MiddlewaresC
hain)
15 Neos\Flow\Http\Middleware\MiddlewaresChain_Original::handle(GuzzleHttp\Psr7\ServerRequest)
14 Neos\Neos\Routing\RequestUriHostMiddleware_Original::process(GuzzleHttp\Psr7\ServerRequest, Neos\Flow\Http\Middleware\Middlewar
esChain)
13 Neos\Flow\Http\Middleware\MiddlewaresChain_Original::handle(GuzzleHttp\Psr7\ServerRequest)
12 Neos\FluidAdaptor\Core\Widget\AjaxWidgetMiddleware_Original::process(GuzzleHttp\Psr7\ServerRequest, Neos\Flow\Http\Middleware\M
iddlewaresChain)
11 Neos\Flow\Http\Middleware\MiddlewaresChain_Original::handle(GuzzleHttp\Psr7\ServerRequest)
10 Neos\Flow\Http\Middleware\SessionMiddleware_Original::process(GuzzleHttp\Psr7\ServerRequest, Neos\Flow\Http\Middleware\Middlewa
resChain)
9 Neos\Flow\Http\Middleware\MiddlewaresChain_Original::handle(GuzzleHttp\Psr7\ServerRequest)
8 Neos\Flow\Http\Middleware\MethodOverrideMiddleware_Original::process(GuzzleHttp\Psr7\ServerRequest, Neos\Flow\Http\Middleware\Mi
ddlewaresChain)
7 Neos\Flow\Http\Middleware\MiddlewaresChain_Original::handle(GuzzleHttp\Psr7\ServerRequest)
6 Neos\Flow\Http\Middleware\TrustedProxiesMiddleware_Original::process(GuzzleHttp\Psr7\ServerRequest, Neos\Flow\Http\Middleware\Mi
ddlewaresChain)
5 Neos\Flow\Http\Middleware\MiddlewaresChain_Original::handle(GuzzleHttp\Psr7\ServerRequest)
4 Neos\Flow\Http\Middleware\StandardsComplianceMiddleware_Original::process(GuzzleHttp\Psr7\ServerRequest, Neos\Flow\Http\Middlewa
re\MiddlewaresChain)
3 Neos\Flow\Http\Middleware\MiddlewaresChain_Original::handle(GuzzleHttp\Psr7\ServerRequest)
2 Neos\Flow\Http\RequestHandler::handleRequest()
1 Neos\Flow\Core\Bootstrap::run()
HTTP REQUEST:
target: /neos/apitest
Cookie: Neos_Session=oIxWMKyiKtNvFw2Dx5tkFv04JldpsfJ4
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: document
Sec-Fetch-User: ?1
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchan
ge;v=b3;q=0.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
Upgrade-Insecure-Requests: 1
Dnt: 1
Sec-Ch-Ua-Platform: "Windows"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua: "Google Chrome";v="113", "Chromium";v="113", "Not-A.Brand";v="24"
Cache-Control: max-age=0
Connection: keep-alive
Host: neos-dev.tds
Content-Length:
Content-Type:
PHP PROCESS:
Inode: 363875
PID: 23
UID: 33
GID: 33
User: www-data