Open samtuke opened 6 years ago
I'll test this and find out what is missing in the integration tests.
Using the development server for the rest-api
package (bin/console server:run -d web/
), I get a ´401 not authorized´ response (which is correct). These are the parameters I've used in Postman:
POST http://127.0.0.1:8000/api/v2/sessions Header: Content-Type application/json Body:
{
"code": 401,
"message": "Not authorized"
}
Does the problem also occur when you're using the development server?
(I'll also retest using the PhpStorm REST tools and the base-distribution
package in a minute.
I get the same results with the base-distribution
package.
The same with the REST client in PhpStorm.
@samtuke Are you using PHP's built-in web server (in development context) or Apache (in production context)? And if you're using Apache, does the problem also occur if you're using the built-in web server instead?
I believe I tried it with both and experienced the same outcome
Could you please re-try? Maybe there was an error in the JSON request data? I currently cannot reproduce the problem.
Following a composer update
and copy & paste of login credentials from the docs, I get the same error when running a local development server:
{
"loginName": "admin",
"password": "eetIc/Gropvoc1"
}
I've used the standalone version of Postman for this (as the Chrome app has been discontinued). Could you please retest with the stand-alone Postman or the PhpStorm REST tools to exclude any problems with the Chrome app?
Oh, and in your screenshot, the content type (the drop-down right next to the type radio buttons (raw, binary etc.) is not set to "JSON (application/JSON)" (as it is in my Postman). Could you please set that as well?
@oliverklee Changing the content type fixed it -- well spotted! It seems that if a request is provided, but not with JSON headers, then it returns an 'Incomplete credentials' error, as opposed to 'empty JSON data', which is returned if either empty JSON or text is submitted. Two potential improvements would be:
Yes, we should definitely return an "invalid request" status with a helpful error message in that case. What exact Content-type header did you use?
@oliverklee it looks like no content-type was set at all:
POST /api/v2/sessions HTTP/1.1
Host: 127.0.0.1:8000
Cache-Control: no-cache
Postman-Token: 83ca8f5e-6771-c158-0f6a-9fae28441756
{
"loginName": "admin",
"password": "phplist"
}
Short problem description
The following JSON request is sent but 'incomplete credentials' are reported:
Using a local PHP development server (http://127.0.0.1:8000/api/v2/sessions), with .htaccess in root dir removed (to avoid permission issues).
Steps to reproduce
Expected behaviour
Session is created, success status returned
Actual behaviour
Error reported
System configuration
Package version
Installed base-distribution via composer
PHP and Composer version
PHP 7.1.11 Composer version 1.5.2 2017-09-11 16:59:25