Forbidden access

[Alexnortung]

Bug report

Describe the bug

After updating the plugin to version 1.0.0-alpha.5, I get an error when I try to access http://localhost:1337/api/url-alias/get?path=trust-numbers, the api returns an internal server error:

{"data":null,"error":{"status":500,"name":"InternalServerError","message":"Internal Server Error"}}

And in the development console I also get an error:

[2022-08-29 15:38:47.157] error: Forbidden access
ForbiddenError: Forbidden access
    at Object.verify (/home/alexander/source/oak-site/backend/node_modules/@strapi/plugin-users-permissions/server/strategies/users-permissions.js:94:11)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async /home/alexander/source/oak-site/backend/node_modules/@strapi/strapi/lib/services/server/compose-endpoint.js:31:5
    at async serve (/home/alexander/source/oak-site/backend/node_modules/koa-static/index.js:59:5)
    at async returnBodyMiddleware (/home/alexander/source/oak-site/backend/node_modules/@strapi/strapi/lib/services/server/compose-endpoint.js:52:18)
    at async policiesMiddleware (/home/alexander/source/oak-site/backend/node_modules/@strapi/strapi/lib/services/server/policy.js:24:5)
    at async /home/alexander/source/oak-site/backend/node_modules/@strapi/strapi/lib/middlewares/body.js:51:9
    at async /home/alexander/source/oak-site/backend/node_modules/@strapi/strapi/lib/middlewares/logger.js:22:5
    at async /home/alexander/source/oak-site/backend/node_modules/@strapi/strapi/lib/middlewares/powered-by.js:16:5
    at async cors (/home/alexander/source/oak-site/backend/node_modules/@koa/cors/index.js:56:32)

Steps to reproduce the behavior

1. Use a pre-1.0.0-alpha.5 version of this plugin (Not sure if this step is needed)
2. Create a page content type with a title field
3. Make a url-alias pattern on the page content type, label it slug and make the pattern /[title]
4. Create a page and set a url with url alias
5. Access the api /api/url-alias/get?path=[path] where path is the url you just set.
6. See the same error.

Expected behavior

Not make an internal server error

System

• Node.js version: v16.16.0
• NPM version: 8.18.0
• Strapi version:4.3.2
• Plugin version: 1.0.0-alpha.5
• Database: sqlite
• Operating system: Linux - NixOS 22.05 (Quokka) x86_64

[boazpoolman]

Hi @Alexnortung

Thanks for creating the new issue.
I’ll look in to it.

[boazpoolman]

Hi @Alexnortung,

I've put up a PR to try and fix this.
I think it might be caused by the auth setting for the routes.

I've removed them completely now, can you test if that works?
That would re-open #7 though, but let's see..

yarn add strapi-community/strapi-plugin-url-alias#pull/18/head
npm install strapi-community/strapi-plugin-url-alias#pull/18/head

[Alexnortung]

Thanks @boazpoolman.

I am not experiencing the issue in the new pull request

[boazpoolman]

Cool. Thanks for testing.

[sophiebl]

Hello @boazpoolman

I also get an error when I try to access: http://localhost:1337/api/url-alias/get?path=/jobs or http://localhost:1337/api/url-alias/get?path=jobs:
{"data":null,"error":{"status":403,"name":"ForbiddenError","message":"Forbidden","details":{}}}

Not sure it's a bug because I get a 403 but here is the steps to reproduce the behavior:

1. npm install strapi-community/strapi-plugin-url-alias#pull/18/head
2. Create the pattern:

3. Create page jobs:

[Alexnortung]

@sophiebl have you allowed public to access the url-alias routes? under settings -> Users & Permissions plugin -> Roles -> public ?

[sophiebl]

Thats works thanks @Alexnortung !

[boazpoolman]

PR #18 was merged and released with v1.0.0-alpha.6.

If you still experience the issue beyond this version feel free to re-open the issue or create a new one.