Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The /user/login endpoint works fine except if you already have an existing session for that user and then you get a 403 with an empty message returned. Tested using Postman but also occurs using an Ember app.
Same result if you send the same post request a 2nd time.
- Is this the intended behaviour?
- Should we have a more informative message?
Seen this with 8.x since 8.0 and still the same in 8.5 dev. Testing with Chrome and Postman.
Comment | File | Size | Author |
---|---|---|---|
#4 | 2901574-4.patch | 2.24 KB | Wim Leers |
Comments
Comment #2
Wim LeersFirst: thank you so much for taking the time to report this! ❤️ We need this kind of feedback to make API-First Drupal better!
Good question! We do have
/user/login_status
for checking the login status when using cookie authentication. And these are the relevant routes:+
Note how the values for
_user_is_logged_in
are each other opposite! This is why we also have/user/login_status
as I said before:So: yes.
Yes! Let's do it :) Converting this issue from a support request to a task.
Comment #3
Wim LeersFirst: expanded test coverage to check the 403 and assert a helpful error message.
This patch should fail.
Comment #4
Wim LeersAnd now with the changes to add a helpful message. Patch should pass tests now.
Comment #6
dawehnerNice improvement. I like that this could be one day maybe even used for normal 403 sites ...
Comment #7
Wim LeersYep :)
This is where our time investment in infrastructure/foundation work in 8.2 and 8.3 is paying off: both the test coverage and the logic change are trivial 😀✋️
Comment #8
Wim LeersBTW I also pinged @blainelang after posting #2+#3+#4 :) https://twitter.com/wimleers/status/903383065300533250
Comment #9
blainelang CreditAttribution: blainelang commentedThanks Wim, this is much better. I've tested the patch and successfully getting the new message. Nice improvement and thanks for all your hard effort and support for D8 REST!
Comment #10
Wim LeersYou're welcome :)
Comment #14
catchCommitted/pushed to 8.5.x and cherry-picked to 8.4.x. Thanks!