bug #28801 Convert InsufficientAuthenticationException to HttpException with 401 status code (vincentchalamon)
This PR was merged into the 2.8 branch.
Discussion
----------
Convert InsufficientAuthenticationException to HttpException with 401 status code
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed ticket | #8467
| License | MIT
I was trying to implement the `json_login` authentication and test it with an API Platform project. When I call a secured endpoint without authentication, an InsufficientAuthenticationException is thrown with a 500 status code instead of a 401.
After some researches with @dunglas, there is no default `entrypoint` on the security firewall. As one already exists for `form_login` in the FormLoginFactory, this component might need a default one to convert this 500 exception to a correct 401 HTTP error.
This fixes https://github.com/symfony/symfony/issues/25806#issuecomment-368461952.
Commits
-------
4503ac8e9f
Convert InsufficientAuthenticationException to HttpException
This commit is contained in:
commit
8322494a47
@ -17,6 +17,7 @@ use Symfony\Component\HttpFoundation\Request;
|
|||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
|
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
|
||||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||||
|
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||||
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
||||||
use Symfony\Component\HttpKernel\KernelEvents;
|
use Symfony\Component\HttpKernel\KernelEvents;
|
||||||
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
|
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
|
||||||
@ -171,7 +172,7 @@ class ExceptionListener
|
|||||||
private function startAuthentication(Request $request, AuthenticationException $authException)
|
private function startAuthentication(Request $request, AuthenticationException $authException)
|
||||||
{
|
{
|
||||||
if (null === $this->authenticationEntryPoint) {
|
if (null === $this->authenticationEntryPoint) {
|
||||||
throw $authException;
|
throw new HttpException(Response::HTTP_UNAUTHORIZED, $authException->getMessage(), $authException, array(), $authException->getCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
|
@ -15,6 +15,7 @@ use PHPUnit\Framework\TestCase;
|
|||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
|
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
|
||||||
|
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||||
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
||||||
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
|
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
||||||
@ -30,7 +31,7 @@ class ExceptionListenerTest extends TestCase
|
|||||||
/**
|
/**
|
||||||
* @dataProvider getAuthenticationExceptionProvider
|
* @dataProvider getAuthenticationExceptionProvider
|
||||||
*/
|
*/
|
||||||
public function testAuthenticationExceptionWithoutEntryPoint(\Exception $exception, \Exception $eventException = null)
|
public function testAuthenticationExceptionWithoutEntryPoint(\Exception $exception, \Exception $eventException)
|
||||||
{
|
{
|
||||||
$event = $this->createEvent($exception);
|
$event = $this->createEvent($exception);
|
||||||
|
|
||||||
@ -38,7 +39,7 @@ class ExceptionListenerTest extends TestCase
|
|||||||
$listener->onKernelException($event);
|
$listener->onKernelException($event);
|
||||||
|
|
||||||
$this->assertNull($event->getResponse());
|
$this->assertNull($event->getResponse());
|
||||||
$this->assertSame(null === $eventException ? $exception : $eventException, $event->getException());
|
$this->assertEquals($eventException, $event->getException());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -58,11 +59,11 @@ class ExceptionListenerTest extends TestCase
|
|||||||
public function getAuthenticationExceptionProvider()
|
public function getAuthenticationExceptionProvider()
|
||||||
{
|
{
|
||||||
return array(
|
return array(
|
||||||
array(new AuthenticationException()),
|
array($e = new AuthenticationException(), new HttpException(Response::HTTP_UNAUTHORIZED, '', $e, array(), 0)),
|
||||||
array(new \LogicException('random', 0, $e = new AuthenticationException()), $e),
|
array(new \LogicException('random', 0, $e = new AuthenticationException()), new HttpException(Response::HTTP_UNAUTHORIZED, '', $e, array(), 0)),
|
||||||
array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AuthenticationException())), $e),
|
array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AuthenticationException())), new HttpException(Response::HTTP_UNAUTHORIZED, 'embed', $e, array(), 0)),
|
||||||
array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AccessDeniedException())), $e),
|
array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AccessDeniedException())), new HttpException(Response::HTTP_UNAUTHORIZED, 'embed', $e, array(), 0)),
|
||||||
array(new AuthenticationException('random', 0, new \LogicException())),
|
array($e = new AuthenticationException('random', 0, new \LogicException()), new HttpException(Response::HTTP_UNAUTHORIZED, 'random', $e, array(), 0)),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user