Error: There is no data to update

[bribar]

I get this error when requests to my API are close together.

CRITICAL - 2022-08-10 16:38:07 --> There is no data to update.
in SYSTEMPATH/BaseModel.php on line 1595.
 1 SYSTEMPATH/BaseModel.php(1595): CodeIgniter\Database\Exceptions\DataException::forEmptyDataset('update')
 2 SYSTEMPATH/BaseModel.php(832): CodeIgniter\BaseModel->transformDataToArray([], 'update')
 3 SYSTEMPATH/Model.php(692): CodeIgniter\BaseModel->update([...], Object(CodeIgniter\Shield\Entities\AccessToken))
 4 SYSTEMPATH/BaseModel.php(656): CodeIgniter\Model->update('2', Object(CodeIgniter\Shield\Entities\AccessToken))
 5 VENDORPATH/codeigniter4/shield/src/Authentication/Authenticators/AccessTokens.php(128): CodeIgniter\BaseModel->save(Object(CodeIgniter\Shield\Entities\AccessToken))
 6 VENDORPATH/codeigniter4/shield/src/Auth.php(157): CodeIgniter\Shield\Authentication\Authenticators\AccessTokens->check([...])
 7 APPPATH/Filters/TokenAuth.php(36): CodeIgniter\Shield\Auth->__call('check', [...])
 8 SYSTEMPATH/Filters/Filters.php(173): App\Filters\TokenAuth->before(Object(CodeIgniter\HTTP\IncomingRequest), null)
 9 SYSTEMPATH/CodeIgniter.php(440): CodeIgniter\Filters\Filters->run('api/client', 'before')
10 SYSTEMPATH/CodeIgniter.php(349): CodeIgniter\CodeIgniter->handleRequest(null, Object(Config\Cache), false)
11 FCPATH/index.php(55): CodeIgniter\CodeIgniter->run()

Through a Codeigniter Filter (before) I run this to verify the api token is valid

public function before(RequestInterface $request, $arguments = null)
    {
        helper('auth');
        $uri = $request->getUri();
        $segments = $uri->getSegments();
        $method = $request->getMethod();
        
        if( in_array('api', $segments) ){
            
            $validCreds = auth('tokens')->check(['token' => $request->getHeaderLine('X-API-KEY')]);

            if(!$validCreds->isOK()){
                  throw new \Exception('Whoa buddy');
            }
       }
   }

I'm thinking if the requests are really close together the timestamps are similar, so BaseModel says there's nothing to update? If I separate the requests with time in between things work fine.

Is this a bug? Or am I not using Filters as intended?

[kenjis]

if the requests are really close together the timestamps are similar, so BaseModel says there's nothing to update?

Yes. This is a bug.

shield/src/Authentication/Authenticators/AccessTokens.php

Line 107 in ae5ffb9

$token = $identityModel->getAccessTokenByRawToken($credentials['token']);

shield/src/Authentication/Authenticators/AccessTokens.php

Lines 127 to 128 in ae5ffb9

	$token->last_used_at = Time::now()->format('Y-m-d H:i:s');
	$identityModel->save($token);

last_used_at is based on seconds. If two requests come in the same second, these values are the same.

[kenjis]

Try:

--- a/src/Authentication/Authenticators/AccessTokens.php
+++ b/src/Authentication/Authenticators/AccessTokens.php
@@ -125,7 +125,10 @@ public function check(array $credentials): Result
         }
 
         $token->last_used_at = Time::now()->format('Y-m-d H:i:s');
-        $identityModel->save($token);
+
+        if ($token->hasChanged()) {
+            $identityModel->save($token);
+        }
 
         // Ensure the token is set as the current token
         $user = $token->user();

[jozefrebjak]

@bribar @kenjis I would like to know what is the best way to check if user has provided correct API KEY, I can't find a docs about this topic. @bribar solutions looks nice, but is this a way how to handle it ?

Here is my ApiFilter with @bribar code:

<?php

declare(strict_types=1);

namespace Modules\Api\Rest\V1\Filters;

use CodeIgniter\Exceptions\PageNotFoundException;
use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;

class ApiFilter implements FilterInterface
{
    public function before(RequestInterface $request, $arguments = null): void
    {
        if (!config('RestApi')->enabled) {
            throw PageNotFoundException::forPageNotFound();
        }

        helper('auth');

        $uri      = $request->getUri();
        $segments = $uri->getSegments();

        if (in_array('api', $segments)) {

            $validCreds = auth('tokens')->check(['token' => $request->getHeaderLine('X-API-KEY')]);

            if (!$validCreds->isOK()) {
                if (ENVIRONMENT === 'development') {
                    throw new \Exception('Whoa buddy');
                }
            }
        }
    }

    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
    {
        // Do something here
    }
}

I would like to return to user unauthorised response.

https://www.codeigniter.com/user_guide/outgoing/api_responses.html?highlight=failunauthorize

[bribar]

Hey @jozefrebjak

You can return an HTTP response within if (!$validCreds->isOK()) {}

$response = service('response');
$response->setStatusCode(200, 'Failure');
$response->setJSON([
    'status' => false,
    'message' => 'Invalid token.'
]);
return $response;

For me this worked

[jozefrebjak]

@kenjis we have TokenAuth filter, but the is redirect to login page. I thnik we need a filter to handle classic api calls from outside world. Just check if user provided API key, and return unauthorised response if not. Or am I missing something? Do we need to implement it ourselves ?

[kenjis]

Now you need to implement it by yourself.