Uploaded image for project: 'Ibexa IBX'
  1. Ibexa IBX
  2. IBX-6222

[REST] Request Parser treats only core ibexa/rest routes as REST endpoints

    XMLWordPrintable

Details

    • Ibexa Open Source

    Description

      \Ibexa\Bundle\Rest\RequestParser\Router::matchesRestRequest states that a route is a REST route when it starts with ibexa.rest prefix:

      strpos($match['_route'], 'ibexa.rest.') === 0;

      while at the same time \Ibexa\Bundle\Rest\EventListener\RequestListener treats anything matching /api/[a-zA-Z0-9-_]+/v\d(.\d)? as a REST route and sets properly is_rest_request attribute on a Request object.

      The issue is difficult to encounter because we're not using RequestParser that often. It's used to extract a route parameter from REST user input payload for modification (create/update) operation and in most cases it applies to core routes (e.g. Owner object pointing to /api/ibexa/v2/users/user/14).

      Steps to reproduce

      In 4.5, there's at least one endpoint which tries to parse a URI outside of ibexa/rest routes and thus not having ibexa.rest prefix:

      1. Find or create an Order and get its order identifier (e.g. e854177e-46b2-4fa0-be7b-ef570c68c031).
      2. Find or create a Payment Method and get its identifier (e.g. bank_transfer)

      Try creating a Payment for an Order:

      POST /api/ibexa/v2/payment
Accept: application/vnd.ibexa.api.Payment+json
Content-Type: application/vnd.ibexa.api.PaymentCreateStruct+json
X-Csrf-Token: <your token>

      {
  "PaymentCreate": {
    "Order": {
      "_media-type": "application\/vnd.ibexa.api.Order+json",
      "_href": "/api/ibexa/v2/orders/order/e854177e-46b2-4fa0-be7b-ef570c68c031"      
    },
    "PaymentMethod": {
      "_media-type": "application/vnd.ibexa.api.PaymentMethod+json",
      "_href": "/api/ibexa/v2/payment-method/bank_transfer"
    }
  }
}

      Actual result

      Observe an error 406 Not Accepted

      {
  "ErrorMessage": {
    "_media-type": "application\/vnd.ibexa.api.ErrorMessage+json",
    "errorCode": 406,
    "errorMessage": "Not Acceptable",
    "errorDescription": "No route matched '\/api\/ibexa\/v2\/orders\/order\/e854177e-46b2-4fa0-be7b-ef570c68c031'"
}

      Expected result

      Payment is created properly.

      The issue affects also 4.6 IBX-5752. See ibexa/shipping#40 - there's a temporary ibexa/rest merge up branch for that.

      Designs

        Attachments

          Activity

            People

              Unassigned Unassigned
              andrew.longosz@ibexa.co Andrew Longosz
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: