1. 99grad-team Avatar 99grad-team
  2. typo3
  3. nnrestapi
  4. Issues

Frontend returns error on parseJwt method

Issue #49 closed
Stig Nørgaard Færch created an issue

TYPO3 11.5.31 - multisite installation

EXT:nnrestapi 1.4.1

PHP 8.1

On a local ddev installation

I did find that the settings for site configuration was loaded. The same regarding the typoscript configuration.

Just viewing the frontend, returns

#1476107295 TYPO3\CMS\Core\Error\Exception

PHP Runtime Deprecation Notice: explode(): Passing null to parameter #2 ($string) of type string is deprecated in /var/www/html/public/typo3conf/ext/nnhelpers/Classes/Utilities/Encrypt.php line 336

\$token here is null and is generated from getBearerToken

public function parseJwt( $token = '' ) {
  $parts = explode('.', $token);

I tried to modify the code to:

     * ```
     * @param string|null $token
     * @return array|false
     */
    public function parseJwt( $token = '' ) {
        if($token===null) return false;

Which makes the frontend work again. But then I get another error when trying to test API from the RestApi BE module:

#1476107295 TYPO3\CMS\Core\Error\Exception

PHP Warning: Undefined array key "response" in /var/www/html/public/typo3conf/ext/nnrestapi/Classes/Utilities/Header.php line 37

Comments (7)

  2. Stig Nørgaard Færch reporter

    I have reset my changes I made in the code, and I don’t know why the frontend seems to work now.

    The backend module still gives errors, but only if have logged in through a domain which has no site configured.

    Would be nice with a meaningful error in this case.

  3. Stig Nørgaard Færch reporter

    Ok. So I did not reset my changes after all. I forgot that the changes were in nnhelpers and not nnrestapi.

    So this happens, because there were found no bearer token in the headers in \Nng\Nnhelpers\Utilities\Request::getJwt from the getBearerToken() method.

    Would this be expected? If, then why?

    If not always expected, shouldn’t parseJwt() return false if null was passed to the method?

  5. Stig Nørgaard Færch reporter

    A check in parseJwt() could be:

        public function parseJwt( $token = '' ) {
        $parts = explode('.', (string)$token);
        if(count($parts) !== 3) return false;

    or

        public function parseJwt( $token = '' ) {
        if(substr_count((string)$token, '.') !== 2) return false;
        $parts = explode('.', (string)$token);

  6. Stig Nørgaard Færch reporter

    My temporary solution is to just disable the hook that runs this code from ext_localconf.php:

        unset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postUserLookUp']['nnrestapi']);

  8. Log in to comment
Assignee
Type
bug
Priority
major
Status
closed
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!