diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #28801 Convert InsufficientAuthenticationException to HttpException with 401 status code (vincentchalamon)

Browse Source 
This PR was merged into the 2.8 branch.

Discussion
----------

Convert InsufficientAuthenticationException to HttpException with 401 status code

| Q             | A
| ------------- | ---
| Branch?       | 2.8
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed ticket | #8467
| License       | MIT

I was trying to implement the `json_login` authentication and test it with an API Platform project. When I call a secured endpoint without authentication, an InsufficientAuthenticationException is thrown with a 500 status code instead of a 401.

After some researches with @dunglas, there is no default `entrypoint` on the security firewall. As one already exists for `form_login` in the FormLoginFactory, this component might need a default one to convert this 500 exception to a correct 401 HTTP error.

This fixes https://github.com/symfony/symfony/issues/25806#issuecomment-368461952.

Commits
-------

4503ac8e9f Convert InsufficientAuthenticationException to HttpException
This commit is contained in:
Fabien Potencier 2018-10-17 18:35:42 +02:00
commit 8322494a47
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
View File

@ -17,6 +17,7 @@ use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent; use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
@ -171,7 +172,7 @@ class ExceptionListener
private function startAuthentication(Request $request, AuthenticationException $authException) private function startAuthentication(Request $request, AuthenticationException $authException)
{ {
if (null === $this->authenticationEntryPoint) { if (null === $this->authenticationEntryPoint) {
throw $authException; throw new HttpException(Response::HTTP_UNAUTHORIZED, $authException->getMessage(), $authException, array(), $authException->getCode());
} }
if (null !== $this->logger) { if (null !== $this->logger) {

15
src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php
View File

@ -15,6 +15,7 @@ use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent; use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
@ -30,7 +31,7 @@ class ExceptionListenerTest extends TestCase
/** /**
* @dataProvider getAuthenticationExceptionProvider * @dataProvider getAuthenticationExceptionProvider
*/ */
public function testAuthenticationExceptionWithoutEntryPoint(\Exception $exception, \Exception $eventException = null) public function testAuthenticationExceptionWithoutEntryPoint(\Exception $exception, \Exception $eventException)
{ {
$event = $this->createEvent($exception); $event = $this->createEvent($exception);
@ -38,7 +39,7 @@ class ExceptionListenerTest extends TestCase
$listener->onKernelException($event); $listener->onKernelException($event);
$this->assertNull($event->getResponse()); $this->assertNull($event->getResponse());
$this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()); $this->assertEquals($eventException, $event->getException());
} }
/** /**
@ -58,11 +59,11 @@ class ExceptionListenerTest extends TestCase
public function getAuthenticationExceptionProvider() public function getAuthenticationExceptionProvider()
{ {
return array( return array(
array(new AuthenticationException()), array($e = new AuthenticationException(), new HttpException(Response::HTTP_UNAUTHORIZED, '', $e, array(), 0)),
array(new \LogicException('random', 0, $e = new AuthenticationException()), $e), array(new \LogicException('random', 0, $e = new AuthenticationException()), new HttpException(Response::HTTP_UNAUTHORIZED, '', $e, array(), 0)),
array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AuthenticationException())), $e), array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AuthenticationException())), new HttpException(Response::HTTP_UNAUTHORIZED, 'embed', $e, array(), 0)),
array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AccessDeniedException())), $e), array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AccessDeniedException())), new HttpException(Response::HTTP_UNAUTHORIZED, 'embed', $e, array(), 0)),
array(new AuthenticationException('random', 0, new \LogicException())), array($e = new AuthenticationException('random', 0, new \LogicException()), new HttpException(Response::HTTP_UNAUTHORIZED, 'random', $e, array(), 0)),
); );
} }