"did not apply any authorization checks" error when setIdentity

cakephp / authorization

PSR7 Middleware for authorization

MIT License

76 stars 46 forks source link

"did not apply any authorization checks" error when setIdentity #285

Open grizzly opened 3 months ago

grizzly commented 3 months ago

I have to update the identity in my code, so I am using

    $_identity = $this->Authentication->getIdentity();
    $data = $_identity->getOriginalData();
    if ($data instanceof User) {
        $data->x = [1];
    }
    $this->Authentication->setIdentity($_identity);

I am adding a scope with:

$posts = $this->Authorization->applyScope($posts, 'moderate');

Without the prevouse setIdentity, all works fine. When setting a new Identity, it gives me the "did not apply any authorization checks" error.

markstory commented 3 months ago

Do you replace the identity before or after the applyScope call? While it shouldn't matter, knowing more about what you're trying to do helps with reproducing the issue.

grizzly commented 3 months ago

Do you replace the identity before or after the applyScope call? While it shouldn't matter, knowing more about what you're trying to do helps with reproducing the issue.

The identity is replaced before, as part of the login process.

markstory commented 3 months ago

The identity is replaced before, as part of the login process.

So wouldn't the identity be consistent between the start of the controller action and the authorization check? Are you certain that the controller action is applying the policy scope? The tracking for whether or not an authorization check has been applied is very simple https://github.com/cakephp/authorization/blob/3.x/src/AuthorizationService.php#L117 and I don't see a way for it to misbehave.