Internal Server Error 500

[HolyMacarony]

Dear fritzmg, i do really look forward using this feature. Unfortunately the moment i configure an folder with this file access any other than public, all i get in the frontend is an 500 error, when accessing the files.

Contao log entry, when accessing a single file in the restricted folder: (URLs edited)

[2019-04-04 07:00:40] request.INFO: Matched route "files". {"route":"files","route_parameters":{"_route":"files","_controller":"InspiredMinds\\ContaoFileAccessBundle\\Controller\\FilesController::fileAction","_scope":"frontend","_token_check":true,"file":"*/*/*/*/*/_DSC*.jpg"},"request_uri":"https://serverurl/files/*/*/*/*/*/_DSC*.jpg","method":"GET"} [] [2019-04-04 07:00:40] security.INFO: Populated the TokenStorage with an anonymous Token. [] [] [2019-04-04 07:00:40] request.CRITICAL: Uncaught PHP Exception InvalidArgumentException: "Controller "InspiredMinds\ContaoFileAccessBundle\Controller\FilesController" cannot be fetched from the container because it is private. Did you forget to tag the service with "controller.service_arguments"?" at /var/www/contao4/vendor/symfony/http-kernel/Controller/ContainerControllerResolver.php line 71 {"exception":"[object] (InvalidArgumentException(code: 0): Controller \"InspiredMinds\\ContaoFileAccessBundle\\Controller\\FilesController\" cannot be fetched from the container because it is private. Did you forget to tag the service with \"controller.service_arguments\"? at /var/www/contao4/vendor/symfony/http-kernel/Controller/ContainerControllerResolver.php:71, ArgumentCountError(code: 0): Too few arguments to function InspiredMinds\\ContaoFileAccessBundle\\Controller\\FilesController::__construct(), 0 passed in /var/www/contao4/vendor/symfony/http-kernel/Controller/ControllerResolver.php on line 133 and exactly 3 expected at /var/www/contao4/vendor/fritzmg/contao-file-access/src/Controller/FilesController.php:30)"} []

I am using Contao Version 4.6.14. and php7.2

I hope this information helps. Can you please give me an advice on how to debug this error? Thank you very much!

[fritzmg]

Yes, I am aware of this problem. It should already be fixed in the master branch - I just haven't tested it yet. It would be helpful if you could install dev-master of this extension and then try again.

[HolyMacarony]

thank you for the fast reply! Were getting nearer :) i updated to dev-master, no more 500 Error. What works now, is the redirect to the login form but it happens every time when secured file is accessed. It is like iam not logged in as a user. i do have all the required security roles for this folder. Sadly there is no log entry associated to this, like before in contaos logs,

Apache access log just shows 301, after that the login form is called: IP - - [04/Apr/2019:08:14:50 +0000] "GET /files/*/*/*/*/*/_DSC*.jpg HTTP/1.1" 301 1247 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" i guess that would be the behaviour for not having sufficient contao roles to access the folder , right?

[fritzmg]

What works now, is the redirect to the login form

Hm - are you talking about an actual redirect? You should not use a redirect in your login form for the 401 page. Otherwise it cannot work correctly.

but it happens every time when secured file is accessed.

May be there is some other issue in Contao 4.5+. I have only tested Contao 4.4 so far. I'll try to have a look at it later today.

[HolyMacarony]

Oh interesting, yes i had an automatic redirect to my login page for every 401 in contao. Okay i just disabled every redirecting page. I now get an 403 Forbidden(not an 401) as soon as there is folder access restriction enabled :/
Still no log entries in contao, but there is one 403 log entry for every picture that i request in my apache access log. Hope it helps thank you very much!

[fritzmg]

Hm, Contao 4.5 (?) introduced the 401 page. Currently the extension only supports the 403 page though. I'll have to change that as well ;).

[fritzmg]

I could not find any more problems. I have released a new version which adds Contao 4.5+ and 401 page support.

I recommend the following:

1. Create a login module, which has no redirect enabled at all.
2. Create a 401 page in your site structure. Do not enable any redirect within the 401 page settings.
3. Insert the previously generated login module in the 401 page.

So, if you are not authenticated in the front end and you try to access a protected file, you should see the 401 page with the login form. When you log in, you should see the file. You should stay logged in and see the file whenever you try to access it.

[HolyMacarony]

Sorry for not responding that long, i did not have time until now.

So i tested again and now it does as you say. but i found something else which iam not certain is intended.

I can consistently reproduce the following:

1. i secure a folder with role permission X and put pictures in it
2. i login with a user that only has permission Y
3. The logged in User can access ANY files in ANY restricted folders that he knows the url of but does not have permissions to. This works as long as this user has at least 1 role permission set. But this can be any permission available, not just the permissions the folder was secured with in the first place.

Summary: As long as a logged in user has any one role given, he can access anything he knows the urls of independently of the folders permissions

[fritzmg]

Have you updated to version 2.1.0?

[HolyMacarony]

My bad! i still was on dev-master. I resetted all folder permissions and updated to 2.1.0. It works flawlessly now! Thank you very very much for your great work!

[fritzmg]

Great, glad to hear that :)