jsonapi/user/user has cache problem

On drupal8.4.x+jsonapi1.x-dev

  1. Drush cr(This step must be done)
  2. Use wrong user/password request jsonapi/user/user in postman
    {
    "data": [],
    "jsonapi": {
        "version": "1.0",
        "meta": {
            "links": {
                "self": "http://jsonapi.org/format/1.0/"
            }
        }
    },
    "meta": {
        "errors": [
            {
                "title": "Forbidden",
                "status": 403,
                "detail": "The current user is not allowed to GET the selected resource.",
                "links": {
                    "info": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4"
                },
                "code": 0,
                "id": "/user--user/49f1e47c-94d8-4ff0-84a9-2fd548b96f20",
                "source": {
                    "pointer": "/data"
                }
            },
  3. Then use right admin/password request jsonapi/user/user will get the same wrong result of above.

Drupal8.5.x don't have this issue.

CommentFileSizeAuthor
#2 adminjsonapiuser.png516.06 KBlawxen

Comments

caseylau created an issue. See original summary.

lawxen’s picture

lawxen commented
Issue summary: View changes
StatusFileSize
new adminjsonapiuser.png516.06 KB

The issue summry step 3

Then use right admin/password request jsonapi/user/user will get the same wrong result of above

This is the debug result:

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Related issues: +#2933939: JSON API module must not send cacheable responses to PATCH, POST and DELETE requests

This sounds an awful lot like #2933939: JSON API module must not send cacheable responses to PATCH, POST and DELETE requests, which I opened yesterday, while working on #2930028: Comprehensive JSON API integration test coverage phase 1: for every entity type, individual resources only.

gabesullice’s picture

gabesullice
Primary language English
commented
Status: Active » Postponed (maintainer needs more info)

Hi @caseylau, thanks for the bug report!

I'm not able to replicate this myself. Would you mind answering a couple questions:

  1. What version of the module are you testing with?
  2. What authentication provider are you using?
lawxen’s picture

lawxen commented

@gabesullice

  1. drupal8.4.x + jsonapi:1.x-dev
  2. I use HTTP Basic Authentication
gabesullice’s picture

gabesullice
Primary language English
commented
Assigned: Unassigned » gabesullice
Status: Postponed (maintainer needs more info) » Active

Thanks @caseylau. Perhaps it's 8.4. I'm using 8.5. I'll look at this more soon.

lawxen’s picture

lawxen commented
Title: jsonapi/user/user has cache issue » jsonapi/user/user has cache problem on just on drupal8.4.x
Issue summary: View changes

@gabesullice
Yeah,I test on drupal8.5.x just now, no this issue's problem.
So it just happen on drupal8.4.x.

e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
commented
Status: Active » Closed (works as designed)

If upgrading to D8.5 fixes the issue and you're already running jsonapi:1.x-dev then this tells me that the problem is in Drupal core and it has been fixed in D8.5.

Please update the issue if you find the core patch that solved it.

dravenk’s picture

dravenk
He/Him
Primary language English
commented
Related issues: +#2765959: Make 4xx REST responses cacheable by (Dynamic) Page Cache + comprehensive cacheability test coverage

@e0ipso
This bug still can reproduce in 8.4 today. Because I found that commit which fixed this bug only apply in 8.5.x. See log below.

commit dd63977226f25f3ef764507caac4f65ed58747d8 (HEAD -> 8.5.x)
Author: webchick <drupal@webchick.net>
Date:   Thu Nov 30 11:06:58 2017 -0800

    Issue #2765959 by davidwbarratt, Wim Leers, dawehner, borisson_, tstoeckler, tedbow, catch: Make 4xx REST responses cacheable by (Dynamic) Page Cache + comprehensive cacheability test coverage
e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
commented

@dravenk thank you for providing more information. I understand there is a problem in 8.4 today, but that is a problem in Drupal core. That problem has already been fixed by the commit you provided, so nothing else to do but wait for a D8.5 release or apply that patch manually in your site. There is nothing the JSON API module can do for this.