The rest endpoint I'm using is set up to use HTTP basic authentication under services. When I make the rest api call using advanced rest client, I repeatedly get the username, password window and it fails to authenticate the user with the error access denied for anonymous user. In my custom module(update anonymize_user) permissions, I'm only allowing authenticated and admininstrator user to use the update call of this api. For some reason, even the valid user credentials(username, password) supplied as the encoded format in the Authorization header, it fails to validate against Drupal. I was able to successfully call the api with session based authentication that comes with services module. Any pointer on this?

Modules used:
=============

  1. Services,
  2. services_basic_auth
  3. custom module as explained below.

Rest client params:
=============
My API url : internal/api/private/v1/anonymize/update/58988e75c918f5bd5804afd7
Content-Type: application/json
X-CSRF-Token: _5WgQmZxVs8oSUVcDjsRVesuqF4wiVTHcfs2D_E2ZRc
Authorization: Basic MTIzNDoxMjM0

Custom module code:

function anonymize_user_permission() {
  return array(
    'update anonymize_user' => array(
      'title' => t('Update inactive user and anonymize'),
      'description' => t('Perform rest call to update and anonymize inactive user'),
    ),
  );
}
function anonymize_user_services_resources() {
  return array(
    'update' => array(
      'update' => array(
        'help' => 'When user is deleted  users info should be anonymized',
        'callback' => 'anonymize_user_info',
      //  'access callback' => 'anonymize_callback',
        'access arguments' => array('update anonymize_user'),
        'access arguments append' => FALSE,
        'args' => array(
            array(
               'name' => 'id',
               'type' => 'int',
               'description' => 'The id of the user to update',
               'source' => array('path' => '0'),
               'optional' => FALSE,
            ),
          ),
        ),
      ),
    );
}

Comments

nsshrinivasan created an issue. See original summary.

nsshrinivasan’s picture

nsshrinivasan commented
Title: Unable to make a PUT request with HTTP auth » Unable to make a PUT request with services basic http auth
nsshrinivasan’s picture

nsshrinivasan commented

Figured out that the issue is due to the fastcgi_header variable was empty due to rewrite rule which needs tweaking depending on your apache set up.

Added this rule to .htaccess file: SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$ 1
In settings.php, set $conf['services_basic_auth_fastcgi_header'] = REDIRECT_HTTP_AUTHORIZATION