PHP Fatal error: Uncaught Error: Call to a member function getAuthorizedContextObject()

Hi,
Following errors showed up in the error log. I dont know exactly why and at what stage this error is appearing:

[05-Sep-2023 07:39:09 Asia/Riyadh] PHP Fatal error: Uncaught Error: Call to a member function getAuthorizedContextObject() on null in /home/seisense/journal.seisense.com/lib/pkp/classes/handler/PKPHandler.php:190
Stack trace:
#0 /home/seisense/journal.seisense.com/pages/reviewer/ReviewerHandler.php(108): PKP\handler\PKPHandler->getAuthorizedContextObject()
#1 /home/seisense/journal.seisense.com/pages/reviewer/ReviewerHandler.php(67): APP\pages\reviewer\ReviewerHandler->_validateAccessKey()
#2 /home/seisense/journal.seisense.com/lib/pkp/classes/core/PKPRouter.php(324): APP\pages\reviewer\ReviewerHandler->authorize()
#3 /home/seisense/journal.seisense.com/lib/pkp/classes/core/PKPPageRouter.php(277): PKP\core\PKPRouter->_authorizeInitializeAndCallRequest()
#4 /home/seisense/journal.seisense.com/lib/pkp/classes/core/Dispatcher.php(165): PKP\core\PKPPageRouter->route()
#5 /home/seisense/journal.seisense.com/lib/pkp/classes/core/PKPApplication.php(387): PKP\core\Dispatcher->dispatch()
#6 /home/seisense/journal.seisense.com/index.php(21): PKP\core\PKPApplication->execute()
#7 {main}
thrown in /home/seisense/journal.seisense.com/lib/pkp/classes/handler/PKPHandler.php on line 190

I am using OJS: 3.4.0.2 and PHP: 8.1.
Looking forward to your help to sort this error.
seisense

We have the same error.
After i click on email (Reviewer reminder) get this error.

OJS 3.4.0-3 and PHP 8.0

I’m getting the same error, with a similar setup (OJS-3.4.0, PHP 8.2.10), when clicking the submission link in a review invitation email, e.g. https://myjournal/index.php/journal/reviewer/submission?submissionId=251&reviewId=625&key=8BFq7c

There’s a difference:

• when logged in, the article submission is shown fine
• yet, when not logged in, a blank page is shown, and this error is logged:

  [Sun Sep 24 00:24:01.880914 2023] [php:error] [pid 22] [client 172.26.0.13:42420] PHP Fatal error:  
  Uncaught Error: Call to a member function getAuthorizedContextObject() on null in 
  /var/www/html/lib/pkp/classes/handler/PKPHandler.php:190\nStack trace:\n#0 
  /var/www/html/pages/reviewer/ReviewerHandler.php(108): PKP\\handler\\PKPHandler->getAuthorizedContextObject()\n#1 
  /var/www/html/pages/reviewer/ReviewerHandler.php(67): APP\\pages\\reviewer\\ReviewerHandler->_validateAccessKey()\n#2 
  /var/www/html/lib/pkp/classes/core/PKPRouter.php(324): APP\\pages\\reviewer\\ReviewerHandler->authorize()\n#3 
  /var/www/html/lib/pkp/classes/core/PKPPageRouter.php(277): PKP\\core\\PKPRouter->_authorizeInitializeAndCallRequest()\n#4 
  /var/www/html/lib/pkp/classes/core/Dispatcher.php(165): PKP\\core\\PKPPageRouter->route()\n#5
  /var/www/html/lib/pkp/classes/core/PKPApplication.php(387): PKP\\core\\Dispatcher->dispatch()\n#6 
  /var/www/html/index.php(21): PKP\\core\\PKPApplication->execute()\n#7 {main}\n  thrown in 
  /var/www/html/lib/pkp/classes/handler/PKPHandler.php on line 190
  

Of course, reviewers typically won’t be logged in prior to clicking that link, and they’re left without any feedback whatsoever that anything went wrong.

Could this be related to [SOLVED] OJS 3.1.1 Submission Library upload link to a black page, and need a fix in the code as well?

Best,

Ron

Update: apparently, the “key” request parameter in the generated URL seems to make a difference. Compare this behaviour for a user who is not logged in:

• with “key” request parameter: error
  https://myjournal/index.php/journal/reviewer/submission?submissionId=251&reviewId=625&key=8BFq7c
  • user sees blank page
  • error is logged: Uncaught Error: Call to a member function getAuthorizedContextObject()
• without “key” request parameter: success
  https://myjournal/index.php/journal/reviewer/submission?submissionId=251&reviewId=625
  • user sees login page, no error
  • after logging in, the user is redirected to the right review form

Questions:

• Does this help in pinpointing the issue?
• Is the “key” request parameter necessary, and can it be removed from the generated links? In this case, it’s generated from the {$reviewAssignmentUrl}variable. Can the “key=8BFq7c” part be stripped when generating its value?

This really is a blocker for upgrading our journal to OJS-3.4.0, so any pointers are much appreciated!

Best,

Ron

OK, progress: after some further digging, I’ve discovered this “key” is a secure access key, providing password-less login to anyone with that link: Not asking for credentials when accessing from mail notification - #2 by asmecher.

That post provides a hint on how to disable it; I’ve done so by deselecting the “One Click Reviewer Access” in the Workflow > Review settings.

afbeelding919×210 10.4 KB

That effectively removes the “key” parameter from the generated {$reviewAssignmentUrl}.

Yet, the question remains: if “key” is causing an error ingetAuthorizedContextObject(), what is wrong?

• a bug in the OJS/PKP code
• something in the configuration setting that might generate a wrong key value

Hi @rvdb,

Just a quick note to say – I’ve got this thread open on my browser and am waiting for a moment to dig into it; sorry for the delay. You’re correct in tracking the source of key to the one-click reviewer access feature, and disabling that feature (at least temporarily) should solve the error you’ve run into. I’ll try to do some local testing here to see if I can replicate the problem and then fix it.

Regards,
Alec Smecher
Public Knowledge Project Team

Ok, thanks for confirming, @asmecher . If this is the only case where these keys are used in the app, we can temporarily do without them and go on with more conficence.

Best,

Ron

Hi @rvdb,

If you have user account validation turned on (require_validation in config.inc.php) that relies on some of the same infrastructural tools, so it’s possible it might also be affected – but I’ll have to do some investigation either way.

Regards,
Alec Smecher
Public Knowledge Project Team

Ok, thanks for pointing that out. We do have require_validation=On. I’ve tested registering a dummy user, which triggered a validation email, containing a link with what seems like an access key: https://myjournal/index.php/journal/user/activateUser/testuser/fcAKP4.

Clicking that link did work without errors: the account got validated. Also checked resetting the password, works as expected.

Best,

Ron

HI Ron,

I’ve filed and fixed this here:

If you can, please confirm whether the attached commit (pkp/pkp-lib#9335 Fix one-click reviewer access · pkp/ojs@537d5d8 · GitHub) fixes the issue for you. I’ll make sure this gets released in OJS 3.4.0-4.

Thanks,
Alec Smecher
Public Knowledge Project Team

Hi @asmecher ,

Thanks a ton for this quick fix, I can confirm it’s working like a charm!

Best,

Ron

Hi @rvdb,

Thanks for confirming, and good luck with the upgrade! (Note that we’ll be releasing another 3.4.0-x build in a few weeks – nothing major, but it’ll include this fix along with a number of others.)

Regards,
Alec Smecher
Public Knowledge Project Team