Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • F firewall
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 6
    • Issues 6
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 0
    • Merge requests 0
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Extensions
  • firewall
  • Issues
  • #12
Closed
Open
Issue created Nov 09, 2020 by jamie@jamieContributor

What permissions are required to be set for Firewall extension?

I noticed a lot of these errors in the ConfigAndLog:

Nov 09 08:56:23  [error] 
$Fatal Error Details = array(3) {
  ["message"]=>
  string(20) "Authorization failed"
  ["code"]=>
  NULL
  ["exception"]=>
  object(Civi\API\Exception\UnauthorizedException)#1537 (8) {
    ["extraParams":"API_Exception":private]=>
    array(1) {
      ["error_code"]=>
      string(12) "unauthorized"
    }
    ["message":protected]=>
    string(20) "Authorization failed"
    ["string":"Exception":private]=>
    string(0) ""
    ["code":protected]=>
    int(0)
    ["file":protected]=>
    string(64) "/var/www/powerbase/sites/all/modules/civicrm/Civi/API/Kernel.php"
    ["line":protected]=>
    int(221)
    ["trace":"Exception":private]=>
    array(17) {
      [0]=>
      array(6) {
        ["file"]=>
        string(64) "/var/www/powerbase/sites/all/modules/civicrm/Civi/API/Kernel.php"
        ["line"]=>
        int(148)
        ["function"]=>
        string(9) "authorize"
        ["class"]=>
        string(15) "Civi\API\Kernel"
        ["type"]=>
        string(2) "->"
        ["args"]=>
        array(2) {
          [0]=>
          object(Civi\Api4\Provider\ActionObjectProvider)#1408 (0) {
          }
          [1]=>
          object(Civi\Api4\Generic\DAOCreateAction)#10 (14) {
            ["values":protected]=>
            array(3) {
              ["ip_address"]=>
              string(13) "50.87.253.134"
              ["source"]=>
              string(13) "invalid token"
              ["event_type"]=>
              string(16) "InvalidCSRFEvent"
            }
            ["version":protected]=>
            int(4)
            ["chain":protected]=>
            array(0) {
            }
            ["checkPermissions":protected]=>
            bool(true)
            ["debug":protected]=>
            bool(false)
            ["_entityName":protected]=>
            string(17) "FirewallIpaddress"
            ["_actionName":protected]=>
            string(6) "create"
            ["_reflection":"Civi\Api4\Generic\AbstractAction":private]=>
            object(ReflectionClass)#1543 (1) {
              ["name"]=>
              string(33) "Civi\Api4\Generic\DAOCreateAction"
            }
            ["_paramInfo":"Civi\Api4\Generic\AbstractAction":private]=>
            NULL
            ["_entityFields":"Civi\Api4\Generic\AbstractAction":private]=>
            NULL
            ["_arrayStorage":"Civi\Api4\Generic\AbstractAction":private]=>
            array(0) {
            }
            ["_id":"Civi\Api4\Generic\AbstractAction":private]=>
            int(1)
            ["_debugOutput"]=>
            array(0) {
            }
            ["language":protected]=>
            NULL
          }
        }
      }

The errors seem to be from the Api4 handler refusing to insert an IP address into the civicrm_firewall_ipaddress table due to permission problems.

I then tried to run the code manually via the cv command:

www-data@333f090f552b:~/powerbase$ cv php:eval '\Civi\Firewall\Event\FraudEvent::trigger("1.2.3.4", "my helpful description");'

                                              
  [Civi\API\Exception\UnauthorizedException]  
  Authorization failed                        
                                              

php:eval [--out OUT] [--level LEVEL] [-t|--test] [-U|--user USER] [--] [<code>]

www-data@333f090f552b:~/powerbase$

As a silly experiment I granted the anonymous use "Admin CiviCRM" permissions (on my development instance) and then it worked fine.

So, I'm clearly doing something wrong but I'm not sure what.

Assignee
Assign to
Time tracking