API Requests fail when using remote user guard with different header

[leona-ya]

Bug description
I am running Firefly III version 5.4.0-beta.1, and my problem is that all API requests fail when using remote user guard (maybe only when not using the default header)

Steps to reproduce

• Use remote user guard with different header (in my case HTTP_X_AUTH_USERNAME, I did not try with default header)
• Open transaction create page
• See if autocomplete and save api requests fail
  (I think all API requests do not work)

One request example:

URL: https://finances.em0lar.de/api/v1/autocomplete/accounts?types=Asset account,Revenue account,Loan,Debt,Mortgage&query=c
Response: {"message":"Unauthenticated","exception":"AuthenticationException"}

Extra info

Debug information generated at 2020-09-19 10:30:38 Europe/Berlin for Firefly III version 5.4.0-beta.1.

Scope	Version
Firefly III	5.4.0-beta.1
Firefly III API	1.4.0
PHP	7.4.10
Host	Linux

System info	Value
Installation ID	41663de1-23f8-425a-a577-a115bc2c1dd9
Using docker?	false
Telemetry	false
Layout	v1
App environment	local
App debug mode	false
App cache driver	file
App logging	notice, stack
Display errors	Off
Error reporting	ALL errors
Interface	fpm-fcgi
Default language	en_US
Default locale	equal
BCscale	12
DB drivers	pgsql, sqlite
Current driver	pgsql
Login provider	eloquent
Trusted proxies (.env)	**

User info	Value
Session start	2020-09-01 00:00:00
Session end	2020-09-30 23:59:59
Session first	2020-03-24 00:00:00
User ID	1
User language	de_DE
User locale	de_DE
Attempt at "de_DE.utf8"	false
Attempt at "de_DE.UTF-8"	false
User agent	Mozilla/5.0 (X11; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0

[2020-09-19 10:35:36] local.ERROR: The resource owner or authorization server denied the request. {"exception":"[object] (League\\OAuth2\\Server\\Exception\\OAuthServerException(code: 9): The resource owner or authorization server denied the request. at /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/league/oauth2-server/src/Exception/OAuthServerException.php:243)
[stacktrace]
#0 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/league/oauth2-server/src/AuthorizationValidators/BearerTokenValidator.php(73): League\\OAuth2\\Server\\Exception\\OAuthServerException::accessDenied('Access token co...')
#1 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/league/oauth2-server/src/ResourceServer.php(84): League\\OAuth2\\Server\\AuthorizationValidators\\BearerTokenValidator->validateAuthorization(Object(Laminas\\Diactoros\\ServerRequest))
#2 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/passport/src/Guards/TokenGuard.php(207): League\\OAuth2\\Server\\ResourceServer->validateAuthenticatedRequest(Object(Laminas\\Diactoros\\ServerRequest))
#3 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/passport/src/Guards/TokenGuard.php(150): Laravel\\Passport\\Guards\\TokenGuard->getPsrRequestViaBearerToken(Object(Illuminate\\Http\\Request))
#4 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/passport/src/Guards/TokenGuard.php(113): Laravel\\Passport\\Guards\\TokenGuard->authenticateViaBearerToken(Object(Illuminate\\Http\\Request))
#5 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/passport/src/PassportServiceProvider.php(286): Laravel\\Passport\\Guards\\TokenGuard->user(Object(Illuminate\\Http\\Request))
#6 [internal function]: Laravel\\Passport\\PassportServiceProvider->Laravel\\Passport\\{closure}(Object(Illuminate\\Http\\Request), NULL)
#7 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Auth/RequestGuard.php(58): call_user_func(Object(Closure), Object(Illuminate\\Http\\Request), NULL)
#8 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Auth/GuardHelpers.php(60): Illuminate\\Auth\\RequestGuard->user()
#9 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/app/Http/Middleware/Authenticate.php(129): Illuminate\\Auth\\RequestGuard->check()
#10 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/app/Http/Middleware/Authenticate.php(72): FireflyIII\\Http\\Middleware\\Authenticate->authenticate(Object(Illuminate\\Http\\Request), Array)
#11 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): FireflyIII\\Http\\Middleware\\Authenticate->handle(Object(Illuminate\\Http\\Request), Object(Closure), 'api')
#12 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#13 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Routing/Router.php(687): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#14 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(Illuminate\\Http\\Request))
#15 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Routing/Router.php(628): Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request), Object(Illuminate\\Routing\\Route))
#16 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Routing/Router.php(617): Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request))
#17 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(165): Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request))
#18 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}(Object(Illuminate\\Http\\Request))
#19 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/app/Http/Middleware/InstallationId.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#20 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): FireflyIII\\Http\\Middleware\\InstallationId->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#21 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#22 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fideloper\\Proxy\\TrustProxies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#23 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#24 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#25 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#26 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#27 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#28 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#29 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(63): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#30 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#31 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/app/Http/Middleware/SecureHeaders.php(51): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#32 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): FireflyIII\\Http\\Middleware\\SecureHeaders->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#33 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#34 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(140): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#35 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(109): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#36 /var/www/em0lar.de/finances.em0lar.de/firefly-iii-5.4.0-beta.1/public/index.php(76): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#37 {main}
"} 

Bonus points

• I searched and nobody reported this bug before
• I have added a stack trace from my log files
• I was not able to replicate it on the demo site https://demo.firefly-iii.org/ (does not use remote user guard)

[JC5]

Thanks for letting me know! I'll pick it up. I don't think I can fix this before the next release though.

[JC5]

This should be fixed now. At least, I don't suffer from it anymore. Let me know if this is still an issue.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.