I'm running into an access denied page when downloading files and I could really use some help figuring out why.
I have commerce file installed to sell videos and audio clips that are stored on s3. Upon checkout of product that contains a commerce file, the commerce license is created and set to active for the user. The files show up under the user's account but the link /file/48015/download?token=7MsF-JksFFwCMwFrUnimyo35Are6eWVptJbrf8Bp8Kw does not work and an access denied page is show, even for user 1. The link file/48015 brings up a blank white page.
I've tried adding this patch but with no luck. https://www.drupal.org/node/2273973
I'm running Drupal - 7.28 and these are some of the modules I'm using.
Commerce 7.x-1.9
Commerce Backoffice 7.x-1.4
Commerce File 7.x-2.0-beta3
Commerce License 7.x-1.3
Amazon S3 7.x-1.0 with patch https://www.drupal.org/node/1277152#comment-8771475
AWS SDK for PHP 7.x-5.4
File Field Sources 7.x-1.9
Remote File Source 7.x-1.0
File Entity 7.x-2.0-alpha3+30-dev
Media 7.x-2.0-alpha3
Media Internet Sources 7.x-2.0-alpha3
IMCE 7.x-1.9
Secure Pages 7.x-1.0-beta2
LoginToboggan 7.x-1.4
Thanks!
Comment | File | Size | Author |
---|---|---|---|
#12 | access_token_generation-2302897-12.patch | 693 bytes | sanduhrs |
Comments
Comment #1
justafishComment #2
bluewallmedia CreditAttribution: bluewallmedia commented@justafish Hello :) I noticed you switched this from Amazons3 to Commerce File. Are you experiencing a similar issue or do you have an idea why this might be happening. I plan to spend some more time debugging this issue later this afternoon. I'll update the thread with new insight. Has anyone else experienced this lately?
Thanks!
Comment #3
bluewallmedia CreditAttribution: bluewallmedia commentedComment #4
brodiebrodie CreditAttribution: brodiebrodie commentedI have the same Issue with commerce license and commerce file . I have applied the patch from this issue https://www.drupal.org/node/2075693 and still no joy. any help would be most appreciated !
Comment #5
bojanz CreditAttribution: bojanz commentedThe only known cause of "access denied" is file entity 1.x (this module only works with file_entity 2.x), which is documented in #2183975: Commerce File links to a non-existent file/%file/download when used with File Entity.
bluewallmedia says they're using file_entity 2.x, but brodiebrodie didn't confirm that.
Comment #6
brodiebrodie CreditAttribution: brodiebrodie commentedApologies for the lack of info.
I am using file entity 7.x-2.0-alpha3+32-dev
Comment #7
bluewallmedia CreditAttribution: bluewallmedia commentedWe have been all over this issue. Here is some more information. We have two sites running the same code as mentioned at the start of this ticket. One works, One doesn't.
Server 1 began with Media 1.x , File Entity 1.x , Commerce File 1.x . We updated these with some fuss, but we ultimately got it to work. Somehow somewhere, this stopped working.
Server 2 began with Media 2.x , File Entity 2.x , Commerce File 2.x . This seems to be working. We even took a file from Server 1's S3 bucket, pointed it to Server 2's store, purchased the file and downloaded the file.
Both Servers are running Ubuntu 10.04 but Server 1 is running PHP5-curl version 5.3.2-1ubuntu4.26 and Server 2 is running PHP5-curl version 5.3.2-1ubuntu4.24. Could this be an issue ? I'm asking myself if this broke when I updated Curl a few weeks ago on Server 1. I postulate this because I recently ran into an issue in another software application (not drupal) where updating CURL broke an otherwise stable connection through AWS PHAR and custom PHP.
Happy to be as verbose as possible as we are having a heck of a time solving this issue on our end. What other info could I supply to help pin this issue down?
Thanks much for the help :) ~ peter
EDIT *** I should clarify we are using Amazon s3 sdk-1.6.2 in libraries for our Drupal sites.
Comment #8
bluewallmedia CreditAttribution: bluewallmedia commentedHoly Cow :) Our issue was just fixed on Server 1... When we updated to the latest file_entity ... file_entity 7.x-2.0-alpha3.
This is curious and a little confusing because Drupal notified us about an upgrade to file_entity 7.x-2.0-alpha3 which Drupal also told us we had installed. The module's info file says it was updated in 2013. Not sure why we got the notification to update this again.
Anyway updating our current file_entity 7.x-2.0-alpha3 to file_entity 7.x-2.0-alpha3 seemed to do the trick for our issue. I'll update this thread as soon as I figure out exactly what fixed for us as the upgrade from file_entity 7.x-2.0-alpha3 to file_entity 7.x-2.0-alpha3 makes no sense to me at all. Still it started to work. Perhaps it was just solar flares :-)
Comment #9
brodiebrodie CreditAttribution: brodiebrodie commentedI have reverted from file_entity 7.x-2.0-alpha3+32-dev to file_entity 7.x-2.0-alpha3 as in comment #8 and all appears to be working !
Comment #10
deggertsen CreditAttribution: deggertsen commentedThis appears to still be broken on File entity 7.x-2.0-beta1. Here are a few issues that appear to be related in the File Entity queue though I'm not sure what exactly is causing the problem:
#2351691: Access denied when downloading private files - decide if file_entity_file_download() should deny access by default or not
#2351469: Inherit node access permission for attached files
#2215247: Access denied for anonymous users clicking on download link
#2268335: File permissions ignored for private files
#2028089: Too much restriction for temporary files
Comment #11
dancastellon CreditAttribution: dancastellon commentedI removed the if statement within commerce_file_menu_alter() on line 52. That seemed to fix the issue for me.
Comment #12
sanduhrsSeems to be working with file_entity-7.x-2.0-alpha3 while file_entity-7.x-2.0-beta1 gives access denied.
Digging a bit deeper it appears the download token generation has changed:
alpha3:
beta1:
commerce_file uses:
Which per comment is a "Copy of file_entity_get_download_token".
So I think we should keep up to date with the changes in file_entity module?
Patch is attached.
Comment #13
sanduhrsComment #14
deggertsen CreditAttribution: deggertsen commented@sanduhrs, good work. I'll try to test as soon as I can, but it looks like you've found the problem and determined the correct solution.
Comment #15
deggertsen CreditAttribution: deggertsen commentedGot this error on my site after applying the patch:
CommerceLicenseException: Attempted to instantiate a broken license type plugin in CommerceLicenseBroken->__construct() (line 574 of /sites/all/modules/commerce_license/includes/plugins/license_type/base.inc).
Comment #16
deggertsen CreditAttribution: deggertsen commentedOk, seeing as you found the problem being the file_entity_get_download_token function. I noticed that in the new function there is no identifier and thus no need to change the identifier in the function. So I simply changed out all the commerce_file_get_download_token function references with file_entity_get_download_token function references and now the module is working as expected. I'm not sure if there are any down sides to what I have done here so this certainly needs review, but until then it is working and I will be using this patch.
Comment #17
dxx CreditAttribution: dxx commentedHi,
this patch (#16) working good and fix this issue, but all links are a short token "/file/101/download?token=wplMlMpq" before: "/file/101/download?token=8uzKiylmPkoohCMDGRrFKfWUIzI_5x-aPoy7fSoafVI". This is the desired result?
file_entity: 7.x-2.0-beta1 ( 2014-10-04)
commerce_file: 7.x-2.0-beta3 (2014-06-04)
Comment #18
sanduhrsYes it is.
Comment #19
sanduhrsAnoyone up for a review?
Comment #20
sanduhrsIn reply to # 16 :
As far as I understood the code, the commerce_file_get_download_token() function exists to prevent a hard dependency on the file_entity module. If we remove the function we introduce the dependency on file_entity module, while duplicating it allows commerce_file to be used without it.
@deggertsen
I didn't experience any exceptions and I don't see why your patch should make any difference in that regard.
Could you trace down why the exception appears?
At the moment, I'd rather stick with the patch in #12 so commerce_file can be used standalone without file_entity module.
Review anyone?
Comment #21
dxx CreditAttribution: dxx commentedOup's! I have patched with the #16! I'm trying now with your patch (#12).
Comment #22
dxx CreditAttribution: dxx commentedOk, I confirm that working with your patch (#12). I able to download files in my account and after checkout process (if order paid). Tested into anonymous user, registered and administrator.
Comment #23
sanduhrsThanks for the feedback.
But this won't go any further until you execute step 4. in the review process.
See https://www.drupal.org/patch/review#review
Thanks.
Comment #24
dxx CreditAttribution: dxx commentedOk ;) but this is not the author of the message to change the status?
Comment #25
dxx CreditAttribution: dxx commentedComment #26
sanduhrsThanks for the review!
Bumping this to critical as currently the latest version of commerce_file and file_entity are incompatible.
Comment #27
dxx CreditAttribution: dxx commentedYes, you are right!
Comment #28
BeWhy CreditAttribution: BeWhy commentedI have:
and now things are working ....
so I've got that going for me which is nice.
Comment #29
bojanz CreditAttribution: bojanz commentedUpdated the docblock of the function to match the new file_entity version, and committed #12. Thanks!
Comment #32
svn7svn CreditAttribution: svn7svn commentedThis seems to be an issue again after recent updates. Is anyone else getting access denied to purchased files?
Comment #33
svn7svn CreditAttribution: svn7svn commentedComment #34
deggertsen CreditAttribution: deggertsen commented@svn7svn we are on the 1.x version, but not 2.x.
Comment #35
sanduhrsThe code dint'd change since then.
Just checked with latest 7.x-2.x branches.
And you can do so yourself:
http://cgit.drupalcode.org/file_entity/tree/file_entity.module#n2591
http://cgit.drupalcode.org/commerce_file/tree/commerce_file.module?h=7.x...
So as long as you can't provide more detail, this issue is still fixed.
Please open a new issue if you can, though.
Comment #36
svn7svn CreditAttribution: svn7svn commentedI would love to provide more detail if i knew what to provide.
This issue persists for us. We've actually moved all of our purchased files to Vimeo because of it.
Comment #37
AllanDummer CreditAttribution: AllanDummer commentedAlso ran into the same issue.
Commerce : 7.x-1.13
Commerce file : 7.x.2.0-beta3
Filer Entity (Viewable files): 7.x-2.0-beta2
Installed patch #12 and it now works. Sorry I just don't have the time now to go digging but thought I'll mention it here.
Comment #38
nrosquist CreditAttribution: nrosquist commentedRan into same issue as well.
Commerce: 7.x-1.13
Commerce file: 7.x.2.0-beta3
File Entity: 7.x-2.0-beta3
Patch 12 worked for me too.
Comment #39
shubhraprakash CreditAttribution: shubhraprakash as a volunteer commentedI think the below patch will save us future worries of changes in file_entity module and can fall back to commerce_file implementation when file_entity is not installed.
Comment #40
nelslynn CreditAttribution: nelslynn commentedRan into this issue to and had to spend several hour tracking this down. PLEASE, can we commit #39 or #12? Either patch makes "Access Denied" go away!!
Commerce: 7.x-1.13
Commerce file: 7.x.2.0-beta3
File Entity: 7.x-2.0-beta3
Comment #41
nelslynn CreditAttribution: nelslynn commentedWhy is this issue closed? #12 patch is NOT applied to 7.x-2.0-beta3 or the dev version: 7.x-2.x-dev
I still get access denied without using #12 or #39.
Comment #42
sanduhrsThis has been committed three years ago: http://cgit.drupalcode.org/commerce_file/tree/commerce_file.module?h=7.x...
You find it in the dev branch 7.x-2.x:
Comment #43
Chris Matthews CreditAttribution: Chris Matthews commentedWould it be possible to roll commit ba7104f, plus the two others listed below into a 7.x-2.0-beta4 release?
https://cgit.drupalcode.org/commerce_file/commit/?id=1c88f46
https://cgit.drupalcode.org/commerce_file/commit/?id=b0c0836