Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Status Report says the following:
Services authentication mechanism has not been enabled for the following endpoints. Requests to these endpoints will always be anonymous.
The reason for this is the db check which says:
db_query('SELECT * FROM {services_endpoint} AS se WHERE se.authentication NOT LIKE :services', array(':services' => '%services%'));
Such that it picks up any entry where the authentication does not have the word services in it.
An empty authentication string looks like:
a:0:{}
where an authenticated endpoint auth string looks like:
a:1:{s:17:"services_testauth";s:17:"services_testauth";}
(yes i know it says services_, i was testing it)
AFAIK, there is no guideline/restriction that says authentication modules must include the word services and there should be a better test for this condition.
Having said that i have no good idea what that check should be :).
Possibly LIKE 'a:0:%' but i'm not sure short of retrieving every endpoint, parsing the object and checking it.
| Comment | File | Size | Author |
|---|---|---|---|
| #12 | services-1243396-12.patch | 1.04 KB | markus_petrux |
| #9 | services-1243396-9.patch | 1.02 KB | MustangGB |
| #3 | patch_commit_60fde5bb0e90.patch | 676 bytes | kylebrowning |
Comments
Comment #1
kylebrowning CreditAttribution: kylebrowning commentedThis requirement is simply to assure that the services authentication mechanism is turned on, not anything else. The reason for this is because Services requires sesssauth to be enabled or all requests will be anonymous, it does not however require that any authentication module be enabled. Basically, if you write your own authentication method, it should check for this, in its own install.
This requirement is just for services_sessauth.
Comment #2
coderintherye CreditAttribution: coderintherye commentedThis doesn't make any sense.
You are reporting an error where there is none.
Please explain how allowing all request to a service endpoint is an error. How does it break Drupal? How does it break the functionality of the module?
Is there a valid reason why, if I have setup an endpoint which only allows users to have read access to retrieve and index the endpoint, and that my endpoint is only returning nodes, which on my site are public resources viewable to all, that I should not allow access from all anonymous users?
Please use the right reporting, this is a WARNING status at most, there is absolutely no reason to return an error in the status reporting. This leads to a site reporting that it's completely broken, as in reports back via nagios, when it is fact not broken at all.
Comment #3
kylebrowning CreditAttribution: kylebrowning commentedYou are absolutely right, I didnt pick up on this earlier.
Heres a patch that changes it to a warning and not an error.
Comment #4
kylebrowning CreditAttribution: kylebrowning commentedComment #5
coderintherye CreditAttribution: coderintherye commentedApplies cleanly and fixes the issue. Thanks!
Comment #6
kylebrowning CreditAttribution: kylebrowning commentedComment #7
kylebrowning CreditAttribution: kylebrowning commentedComment #8
MustangGB CreditAttribution: MustangGB commented@kylebrowning Could you clarify if this is still valid, I'm using oauth2_server which provides services authentication, but I still have this warning.
Comment #9
MustangGB CreditAttribution: MustangGB commentedSo here's a patch then.
Comment #10
kylebrowning CreditAttribution: kylebrowning commentedComment #11
markus_petrux CreditAttribution: markus_petrux commentedWorks here as well. Thanks!
Comment #12
markus_petrux CreditAttribution: markus_petrux commentedPatch updated!
Comment #14
tyler.frankenstein CreditAttribution: tyler.frankenstein commented