8000 feature #19822 [HttpKernel] Deprecate X-Status-Code for better altern… · symfony/symfony@28a00da · GitHub
[go: up one dir, main page]
Skip to content

Commit 28a00da

Browse files
fabpotfabpot
committed
feature #19822 [HttpKernel] Deprecate X-Status-Code for better alternative (jameshalsall)
This PR was merged into the 3.3-dev branch. Discussion ---------- [HttpKernel] Deprecate X-Status-Code for better alternative | Q | A | | --- | --- | | Branch? | master | | Bug fix? | no | | New feature? | yes | | BC breaks? | no | | Deprecations? | yes | | Tests pass? | yes | | Fixed tickets | #12343 | | License | MIT | | Doc PR | symfony/symfony-docs#6948 | This marks the X-Status-Code header method of setting a custom response status code in exception listeners for a better alternative. There is now a new method on the `GetResponseForExceptionEvent` that allows successful status codes in the response sent to the client. The old method of setting the X-Status-Code header will now throw a deprecation warning. Instead, in your exception listener you simply call `GetResponseForExceptionEvent::allowCustomResponseCode()` which will tell the Kernel not to override the status code of the event's response object. Currenty the `X-Status-Code` header will still be removed, so as not to change the existing behaviour, but this is something we can remove in 4.0. TODO: - [x] Replace usage of X-Status-Code in `FormAuthenticationEntryPoint` - [x] Open Silex issue - [x] Rename method on the response - [x] Ensure correct response code is set in `AuthenticationEntryPointInterface` implementations - [x] Ensure the exception listeners are marking `GetResponseForExceptionEvent` as allowing a custom response code - [x] In the Security component we should only use the new method of setting a custom response code if it is available, and fall back to the `X-Status-Code` method Commits ------- cc0ef28 [HttpKernel] Deprecate X-Status-Code for better alternative
2 parents 4aa9508 + cc0ef28 commit 28a00da

12 files changed

+121
-20
lines changed

UPGRADE-3.3.md

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -139,15 +139,20 @@ FrameworkBundle
139139
deprecated and will be removed in 4.0. Use `Symfony\Component\Config\DependencyInjection\ConfigCachePass`
140140
class instead.
141141

142-
143142
HttpKernel
144143
-----------
145144

146-
* The `Psr6CacheClearer::addPool()` method has been deprecated. Pass an array of pools indexed
147-
by name to the constructor instead.
148-
149-
* The `LazyLoadingFragmentHandler::addRendererService()` method has been deprecated and
150-
will be removed in 4.0.
145+
* The `Psr6CacheClearer::addPool()` method has been deprecated. Pass an array
146+
of pools indexed by name to the constructor instead.
147+
148+
* The `LazyLoadingFragmentHandler::addRendererService()` method has been
149+
deprecated and will be removed in 4.0.
150+
151+
* The `X-Status-Code` header method of setting a custom status code in the
152+
response when handling exceptions has been removed. There is now a new
153+
`GetResponseForExceptionEvent::allowCustomResponseCode()` method instead,
154+
which will tell the Kernel to use the response code set on the event's
155+
response object.
151156

152157
Process
153158
-------

UPGRADE-4.0.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -243,6 +243,12 @@ HttpKernel
243243

244244
* The `LazyLoadingFragmentHandler::addRendererService()` method has been removed.
245245

246+
* The `X-Status-Code` header method of setting a custom status code in the
247+
response when handling exceptions has been removed. There is now a new
248+
`GetResponseForExceptionEvent::allowCustomResponseCode()` method instead,
249+
which will tell the Kernel to use the response code set on the event's
250+
response object.
251+
246252
Ldap
247253
----
248254

src/Symfony/Component/HttpKernel/Event/GetResponseForExceptionEvent.php

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,11 @@ class GetResponseForExceptionEvent extends GetResponseEvent
3636
*/
3737
private $exception;
3838

39+
/**
40+
* @var bool
41+
*/
42+
private $allowCustomResponseCode = false;
43+
3944
public function __construct(HttpKernelInterface $kernel, Request $request, $requestType, \Exception $e)
4045
{
4146
parent::__construct($kernel, $request, $requestType);
@@ -64,4 +69,22 @@ public function setException(\Exception $exception)
6469
{
6570
$this->exception = $exception;
6671
}
72+
73+
/**
74+
* Mark the event as allowing a custom response code.
75+
*/
76+
public function allowCustomResponseCode()
77+
{
78+
$this->allowCustomResponseCode = true;
79+
}
80+
81+
/**
82+
* Returns true if the event allows a custom response code.
83+
*
84+
* @return bool
85+
*/
86+
public function isAllowingCustomResponseCode()
87+
{
88+
return $this->allowCustomResponseCode;
89+
}
6790
}

src/Symfony/Component/HttpKernel/HttpKernel.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -242,10 +242,12 @@ private function handleException(\Exception $e, $request, $type)
242242

243243
// the developer asked for a specific status code
244244
if ($response->headers->has('X-Status-Code')) {
245+
@trigger_error(sprintf('Using the X-Status-Code header is deprecated since version 3.3 and will be removed in 4.0. Use %s::allowCustomResponseCode() instead.', GetResponseForExceptionEvent::class), E_USER_DEPRECATED);
246+
245247
$response->setStatusCode($response->headers->get('X-Status-Code'));
246248

247249
$response->headers->remove('X-Status-Code');
248-
} elseif (!$response->isClientError() && !$response->isServerError() && !$response->isRedirect()) {
250+
} elseif (!$event->isAllowingCustomResponseCode() && !$response->isClientError() && !$response->isServerError() && !$response->isRedirect()) {
249251
// ensure that we actually have an error response
250252
if ($e instanceof HttpExceptionInterface) {
251253
// keep the HTTP status code and headers

src/Symfony/Component/HttpKernel/Tests/Event/GetResponseForExceptionEventTest.php

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespace Symfony\Component\HttpKernel\Tests\Event;
13+
14+
use PHPUnit\Framework\TestCase;
15+
use Symfony\Component\HttpFoundation\Request;
16+
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
17+
use Symfony\Component\HttpKernel\Tests\TestHttpKernel;
18+
19+
class GetResponseForExceptionEventTest extends TestCase
20+
{
21+
public function testAllowSuccessfulResponseIsFalseByDefault()
22+
{
23+
$event = new GetResponseForExceptionEvent(new TestHttpKernel(), new Request(), 1, new \Exception());
24+
25+
$this->assertFalse($event->isAllowingCustomResponseCode());
26+
}
27+
}

src/Symfony/Component/HttpKernel/Tests/HttpKernelTest.php

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
use Symfony\Component\HttpKernel\Controller\ArgumentResolverInterface;
1818
use Symfony\Component\HttpKernel\Controller\ControllerResolverInterface;
1919
use Symfony\Component\HttpKernel\Event\FilterControllerArgumentsEvent;
20+
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
2021
use Symfony\Component\HttpKernel\HttpKernel;
2122
use Symfony\Component\HttpKernel\HttpKernelInterface;
2223
use Symfony\Component\HttpKernel\KernelEvents;
@@ -111,9 +112,10 @@ public function testHandleHttpException()
111112
}
112113

113114
/**
115+
* @group legacy
114116
* @dataProvider getStatusCodes
115117
*/
116-
public function testHandleWhenAnExceptionIsHandledWithASpecificStatusCode($responseStatusCode, $expectedStatusCode)
118+
public function testLegacyHandleWhenAnExceptionIsHandledWithASpecificStatusCode($responseStatusCode, $expectedStatusCode)
117119
{
118120
$dispatcher = new EventDispatcher();
119121
$dispatcher->addListener(KernelEvents::EXCEPTION, function ($event) use ($responseStatusCode, $expectedStatusCode) {
@@ -137,6 +139,32 @@ public function getStatusCodes()
137139
);
138140
}
139141

142+
/**
143+
* @dataProvider getSpecificStatusCodes
144+
*/
145+
public function testHandleWhenAnExceptionIsHandledWithASpecificStatusCode($expectedStatusCode)
146+
{
147+
$dispatcher = new EventDispatcher();
148+
$dispatcher->addListener(KernelEvents::EXCEPTION, function (GetResponseForExceptionEvent $event) use ($expectedStatusCode) {
149+
$event->allowCustomResponseCode();
150+
$event->setResponse(new Response('', $expectedStatusCode));
151+
});
152+
153+
$kernel = $this->getHttpKernel($dispatcher, function () { throw new \RuntimeException(); });
154+
$response = $kernel->handle(new Request());
155+
156+
$this->assertEquals($expectedStatusCode, $response->getStatusCode());
157+
}
158+
159+
public function getSpecificStatusCodes()
160+
{
161+
return array(
162+
array(200),
163+
array(302),
164+
array(403),
165+
);
166+
}
167+
140168
public function testHandleWhenAListenerReturnsAResponse()
141169
{
142170
$dispatcher = new EventDispatcher();

src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ public function start(Request $request, AuthenticationException $authException =
5454

5555
$response = $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
5656
if (200 === $response->getStatusCode()) {
57-
$response->headers->set('X-Status-Code', 401);
57+
$response->setStatusCode(401);
5858
}
5959

6060
return $response;

src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,7 @@ private function handleAuthenticationException(GetResponseForExceptionEvent $eve
112112

113113
try {
114114
$event->setResponse($this->startAuthentication($event->getRequest(), $exception));
115+
$event->allowCustomResponseCode();
115116
} catch (\Exception $e) {
116117
$event->setException($e);
117118
}
@@ -155,6 +156,7 @@ private function handleAccessDeniedException(GetResponseForExceptionEvent $event
155156
$subRequest->attributes->set(Security::ACCESS_DENIED_ERROR, $exception);
156157

157158
$event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true));
159+
$event->allowCustomResponseCode();
158160
}
159161
} catch (\Exception $e) {
160162
if (null !== $this->logger) {

src/Symfony/Component/Security/Http/Tests/EntryPoint/FormAuthenticationEntryPointTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,6 @@ public function testStartWithUseForward()
6464
$entryPointResponse = $entryPoint->start($request);
6565

6666
$this->assertEquals($response, $entryPointResponse);
67-
$this->assertEquals(401, $entryPointResponse->headers->get('X-Status-Code'));
67+
$this->assertEquals(401, $entryPointResponse->getStatusCode());
6868
}
6969
}

src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -44,14 +44,19 @@ public function testAuthenticationExceptionWithoutEntryPoint(\Exception $excepti
4444
/**
4545
* @dataProvider getAuthenticationExceptionProvider
4646
*/
47-
public function testAuthenticationExceptionWithEntryPoint(\Exception $exception, \Exception $eventException = null)
47+
public function testAuthenticationExceptionWithEntryPoint(\Exception $exception)
4848
{
49-
$event = $this->createEvent($exception = new AuthenticationException());
49+
$event = $this->createEvent($exception);
50+
51+
$response = new Response('Forbidden', 403);
5052

51-
$listener = $this->createExceptionListener(null, null, null, $this->createEntryPoint());
53+
$listener = $this->createExceptionListener(null, null, null, $this->createEntryPoint($response));
5254
$listener->onKernelException($event);
5355

54-
$this->assertEquals('OK', $event->getResponse()->getContent());
56+
$this->assertTrue($event->isAllowingCustomResponseCode());
57+
58+
$this->assertEquals('Forbidden', $event->getResponse()->getContent());
59+
$this->assertEquals(403, $event->getResponse()->getStatusCode());
5560
$this->assertSame($exception, $event->getException());
5661
}
5762

@@ -100,7 +105,7 @@ public function testAccessDeniedExceptionFullFledgedAndWithoutAccessDeniedHandle
100105
public function testAccessDeniedExceptionFullFledgedAndWithoutAccessDeniedHandlerAndWithErrorPage(\Exception $exception, \Exception $eventException = null)
101106
{
102107
$kernel = $this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock();
103-
$kernel->expects($this->once())->method('handle')->will($this->returnValue(new Response('error')));
108+
$kernel->expects($this->once())->method('handle')->will($this->returnValue(new Response('Unauthorized', 401)));
104109

105110
$event = $this->createEvent($exception, $kernel);
106111

@@ -110,7 +115,10 @@ public function testAccessDeniedExceptionFullFledgedAndWithoutAccessDeniedHandle
110115
$listener = $this->createExceptionListener(null, $this->createTrustResolver(true), $httpUtils, null, '/error');
111116
$listener->onKernelException($event);
112117

113-
$this->assertEquals('error', $event->getResponse()->getContent());
118+
$this->assertTrue($event->isAllowingCustomResponseCode());
119+
120+
$this->assertEquals('Unauthorized', $event->getResponse()->getContent());
121+
$this->assertEquals(401, $event->getResponse()->getStatusCode());
114122
$this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious());
115123
}
116124

@@ -159,10 +167,10 @@ public function getAccessDeniedExceptionProvider()
159167
);
160168
}
161169

162-
private function createEntryPoint()
170+
private function createEntryPoint(Response $response = null)
163171
{
164172
$entryPoint = $this->getMockBuilder('Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface')->getMock();
165-
$entryPoint->expects($this->once())->method('start')->will($this->returnValue(new Response('OK')));
173+
$entryPoint->expects($this->once())->method('start')->will($this->returnValue($response ?: new Response('OK')));
166174

167175
return $entryPoint;
168176
}

src/Symfony/Component/Security/Http/composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
"symfony/security-core": "~3.2",
2121
"symfony/event-dispatcher": "~2.8|~3.0",
2222
"symfony/http-foundation": "~2.8|~3.0",
23-
"symfony/http-kernel": "~2.8|~3.0",
23+
"symfony/http-kernel": "~3.3",
2424
"symfony/polyfill-php56": "~1.0",
2525
"symfony/polyfill-php70": "~1.0",
2626
"symfony/property-access": "~2.8|~3.0"

src/Symfony/Component/Security/composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
"php": ">=5.5.9",
2020
"symfony/event-dispatcher": "~2.8|~3.0",
2121
"symfony/http-foundation": "~2.8|~3.0",
22-
"symfony/http-kernel": "~2.8|~3.0",
22+
"symfony/http-kernel": "~3.3",
2323
"symfony/polyfill-php56": "~1.0",
2424
"symfony/polyfill-php70": "~1.0",
2525
"symfony/polyfill-util": "~1.0",

0 commit comments

Comments
 (0)
0