DRUP-735 apigee_auth key does not validate credentials about apigee-edge-drupal HOT 8 CLOSED

@arshad This works are expected, only Apigee prefixed key providers can do validation on the Key form because they are defined by the Apigee Edge module. Others can only validate on the Authentication form, which is the main configuration page for Apigee Edge authentication set up.

So you can change the Key provider on the Key configuration form to anything but then you have to go back the Authentication form to Send a request if the Key provider is not an Apigee prefixed one.

from apigee-edge-drupal.

@mxr576 Sorry I don't follow.

apigee_auth is shipped with the Apigee Edge module. Can't we check if the values provided are valid credentials in \Drupal\apigee_edge\Plugin\KeyType\ApigeeAuthKeyType::validateKeyValue?

We are already doing some missing and empty field validations in there.

from apigee-edge-drupal.

Yeah, I did some digging as well since my comment and I'll look into this whether it is possible to do that there. My gut says Peter must have had a reason for not doing this validation there but we'll see.

from apigee-edge-drupal.

Okay, so probably the reason why Peter did not use this validateKeyValue() because it does not get called on the Authentication form. The reason for that is how the Key module's entity edit form got "included" in the Authentication form. Basically, it is a copy-paste from the Key module and it tries to replicate what Key module does when it processes a form and saves the submitted values. Calling validateKeyValue() is missing from the replicated behavior.

The way how this form was implemented originally in #103 caused way too many problems for us in the past. We tried to improve that implementation without rebuilding the form (#152) but this issue and #176 are the perfect examples that it is impossible to maintain the current solution.

In my PR, I'll try to expose a customized version of the KeyEditForm form on the AuthenticationForm which is something similar that I suggested when #103 was in progress.

from apigee-edge-drupal.

Can't we just add the validation call to resolve this?

from apigee-edge-drupal.

We can and wait for the next issue to occur... it could happen that Key module will add extra steps to Key creation/update process that we won't even notice because of the current implementation.
Also, if we would just add the missing validation callback to the Authentication form then Key's own add/edit form would not validate the provided credentials still. (Which is the original issue is about.)

from apigee-edge-drupal.

Okay, it seems my idea is working, we can even expose the key provider configuration as an "Advanced settings" on the Authentication form so we can reduce the navigation hell between the Authentication form and the Key edit form.

from apigee-edge-drupal.

This is now fixed in #179

from apigee-edge-drupal.