Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: BUGFIX: prevent workspace creation during route resolving #5455

Draft
wants to merge 1 commit into
base: 8.3
Choose a base branch
from
Draft

WIP: BUGFIX: prevent workspace creation during route resolving #5455

wants to merge 1 commit into from

Conversation

mhsdesign
Copy link
Member

In slack it was noticed that all root paths starting with @ are interpreted by the frontend node path handler as legacy node path. As far as i know the syntax localhost/sites/neosdemo@test;language=en_US was before #2654 used as preview endpoint for the neos ui. Now if both path and dimensions are empty the uri like localhost/@test still gets matched. Or any path starting with @blabla.

The problem now is now that there is some weird behaviour in the code, which attempts to create the entered workspace when resolving but then persistAll is not called either way but there is a trace in the log telling that the auto creation of workspaces is deprecated:

25-01-31 14:41:12 48         NOTICE    Neos.ContentRepository Notice: Neos\ContentRepository\Domain\Service\Context_Original::getWorkspace() implicitly created the new workspace "test". This behaviour is discouraged and will be removed in future versions. Make sure to create workspaces explicitly by adding a new workspace to the Workspace Repository.

With this pr i attempt to circumvent the odd workspace creation. But that in turn now bubbles up a new exception NoWorkspaceException that was previously never thrown because workspaces were auto created.

Now changing this behaviour might seem correct but we will leak information to the unauthorised user in the following way:
Existing workspaces like /@user-admin will be redirected to the login while non existing workspaces like /@test will now cause a 404.

Until we have discussed this the pr must not be merged.

Upgrade instructions

Review instructions

Checklist

  • Code follows the PSR-2 coding style
  • Tests have been created, run and adjusted as needed
  • The PR is created against the lowest maintained branch
  • Reviewer - PR Title is brief but complete and starts with FEATURE|TASK|BUGFIX
  • Reviewer - The first section explains the change briefly for change-logs
  • Reviewer - Breaking Changes are marked with !!! and have upgrade-instructions

@github-actions github-actions bot added the 8.3 label Feb 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
8.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mhsdesign