AuthX breaks Contribution Batch functionality (and more)
A number of core CiviCRM pages call the civicrm/ajax/rest
endpoint. When AuthX is enabled, these functions fail with an "Invalid Credential" error.
Steps to replicate
- enable AuthX.
- Create a new Contribution Batch (you don't need to add anything to it).
- Go to Contributions » Accounting Batches » Open Batches.
- Select more » Delete.
Expected Result
Batch is deleted (which is what happens when AuthX is disabled)
Actual Result
"An error occurred while processing your request.". Dev tools show FATAL: Invalid credential
.
A search of the codebase shows several references to civicrm/ajax/rest
- mostly in out-of-the-way areas like Premiums or Accounting Batches.
I'm not sure what the correct approach is - my sense from my reading was that @totten had accounted for this, so I'd appreciate his eyes on this. I assume creating a second endpoint that replicates the original behavior defeats the purpose here. I also see that CRM_Utils_REST::ajax()
has self::isWebServiceRequest()
which does its own AuthX checking, but the request never reaches CRM_Utils_REST::ajax()
because the request is denied when CRM_Core_Invoke::_invoke()
calls civi.invoke.auth
.