8000 bug #28801 Convert InsufficientAuthenticationException to HttpExcepti… · symfony/symfony@8322494 · GitHub
[go: up one dir, main page]
Skip to content

Commit 8322494

Browse files
fabpotfabpot
committed
bug #28801 Convert InsufficientAuthenticationException to HttpException with 401 status code (vincentchalamon)
This PR was merged into the 2.8 branch. Discussion ---------- Convert InsufficientAuthenticationException to HttpException with 401 status code | Q | A | ------------- | --- | Branch? | 2.8 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed ticket | #8467 | License | MIT I was trying to implement the `json_login` authentication and test it with an API Platform project. When I call a secured endpoint without authentication, an InsufficientAuthenticationException is thrown with a 500 status code instead of a 401. After some researches with @dunglas, there is no default `entrypoint` on the security firewall. As one already exists for `form_login` in the FormLoginFactory, this component might need a default one to convert this 500 exception to a correct 401 HTTP error. This fixes #25806 (comment). Commits ------- 4503ac8 Convert InsufficientAuthenticationException to HttpException
2 parents 5145084 + 4503ac8 commit 8322494

File tree

2 files changed

+10
-8
lines changed

2 files changed

+10
-8
lines changed

src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
use Symfony\Component\HttpFoundation\Response;
1818
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
1919
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
20+
use Symfony\Component\HttpKernel\Exception\HttpException;
2021
use Symfony\Component\HttpKernel\HttpKernelInterface;
2122
use Symfony\Component\HttpKernel\KernelEvents;
2223
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
@@ -171,7 +172,7 @@ private function handleLogoutException(LogoutException $exception)
171172
private function startAuthentication(Request $request, AuthenticationException $authException)
172173
{
173174
if (null === $this->authenticationEntryPoint) {
174-
throw $authException;
175+
throw new HttpException(Response::HTTP_UNAUTHORIZED, $authException->getMessage(), $authException, array(), $authException->getCode());
175176
}
176177

177178
if (null !== $this->logger) {

src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
use Symfony\Component\HttpFoundation\Request;
1616
use Symfony\Component\HttpFoundation\Response;
1717
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
18+
use Symfony\Component\HttpKernel\Exception\HttpException;
1819
use Symfony\Component\HttpKernel\HttpKernelInterface;
1920
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
2021
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
@@ -30,15 +31,15 @@ class ExceptionListenerTest extends TestCase
3031
/**
3132
* @dataProvider getAuthenticationExceptionProvider
3233
*/
33-
public function testAuthenticationExceptionWithoutEntryPoint(\Exception $exception, \Exception $eventException = null)
34+
public function testAuthenticationExceptionWithoutEntryPoint(\Exception $exception, \Exception $eventException)
3435
{
3536
$event = $this->createEvent($exception);
3637

3738
$listener = $this->createExceptionListener();
3839
$listener->onKernelException($event);
3940

4041
$this->assertNull($event->getResponse());
41-
$this->assertSame(null === $eventException ? $exception : $eventException, $event->getException());
42+
$this->assertEquals($eventException, $event->getException());
4243
}
4344

4445
/**
@@ -58,11 +59,11 @@ public function testAuthenticationExceptionWithEntryPoint(\Exception $exception,
5859
public function getAuthenticationExceptionProvider()
5960
{
6061
return array(
61-
array(new AuthenticationException()),
62-
array(new \LogicException('random', 0, $e = new AuthenticationException()), $e),
63-
array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AuthenticationException())), $e),
64-
array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AccessDeniedException())), $e),
65-
array(n 7576 ew AuthenticationException('random', 0, new \LogicException())),
62+
array($e = new AuthenticationException(), new HttpException(Response::HTTP_UNAUTHORIZED, '', $e, array(), 0)),
63+
array(new \LogicException('random', 0, $e = new AuthenticationException()), new HttpException(Response::HTTP_UNAUTHORIZED, '', $e, array(), 0)),
64+
array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AuthenticationException())), new HttpException(Response::HTTP_UNAUTHORIZED, 'embed', $e, array(), 0)),
65+
array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AccessDeniedException())), new HttpException(Response::HTTP_UNAUTHORIZED, 'embed', $e, array(), 0)),
66+
array($e = new AuthenticationException('random', 0, new \LogicException()), new HttpException(Response::HTTP_UNAUTHORIZED, 'random', $e, array(), 0)),
6667
);
6768
}
6869

0 commit comments

Comments
 (0)
0