mirror of
https://github.com/flarum/framework.git
synced 2024-11-30 13:36:10 +08:00
Merge pull request #1854 from flarum/fl/1641-fix-status-codes
Error handling: Fix status codes
This commit is contained in:
commit
a61f6d4453
|
@ -15,12 +15,14 @@ use Flarum\Api\Serializer\NotificationSerializer;
|
||||||
use Flarum\Discussion\Discussion;
|
use Flarum\Discussion\Discussion;
|
||||||
use Flarum\Http\UrlGenerator;
|
use Flarum\Http\UrlGenerator;
|
||||||
use Flarum\Notification\NotificationRepository;
|
use Flarum\Notification\NotificationRepository;
|
||||||
use Flarum\User\Exception\PermissionDeniedException;
|
use Flarum\User\AssertPermissionTrait;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
use Tobscure\JsonApi\Document;
|
use Tobscure\JsonApi\Document;
|
||||||
|
|
||||||
class ListNotificationsController extends AbstractListController
|
class ListNotificationsController extends AbstractListController
|
||||||
{
|
{
|
||||||
|
use AssertPermissionTrait;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
|
@ -67,9 +69,7 @@ class ListNotificationsController extends AbstractListController
|
||||||
{
|
{
|
||||||
$actor = $request->getAttribute('actor');
|
$actor = $request->getAttribute('actor');
|
||||||
|
|
||||||
if ($actor->isGuest()) {
|
$this->assertRegistered($actor);
|
||||||
throw new PermissionDeniedException;
|
|
||||||
}
|
|
||||||
|
|
||||||
$actor->markNotificationsAsRead()->save();
|
$actor->markNotificationsAsRead()->save();
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ namespace Flarum\Api\Controller;
|
||||||
use Flarum\Api\Serializer\UserSerializer;
|
use Flarum\Api\Serializer\UserSerializer;
|
||||||
use Flarum\Http\UrlGenerator;
|
use Flarum\Http\UrlGenerator;
|
||||||
use Flarum\Search\SearchCriteria;
|
use Flarum\Search\SearchCriteria;
|
||||||
use Flarum\User\Exception\PermissionDeniedException;
|
use Flarum\User\AssertPermissionTrait;
|
||||||
use Flarum\User\Search\UserSearcher;
|
use Flarum\User\Search\UserSearcher;
|
||||||
use Illuminate\Support\Arr;
|
use Illuminate\Support\Arr;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
|
@ -22,6 +22,8 @@ use Tobscure\JsonApi\Document;
|
||||||
|
|
||||||
class ListUsersController extends AbstractListController
|
class ListUsersController extends AbstractListController
|
||||||
{
|
{
|
||||||
|
use AssertPermissionTrait;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
|
@ -70,9 +72,7 @@ class ListUsersController extends AbstractListController
|
||||||
{
|
{
|
||||||
$actor = $request->getAttribute('actor');
|
$actor = $request->getAttribute('actor');
|
||||||
|
|
||||||
if ($actor->cannot('viewUserList')) {
|
$this->assertCan($actor, 'viewUserList');
|
||||||
throw new PermissionDeniedException;
|
|
||||||
}
|
|
||||||
|
|
||||||
$query = Arr::get($this->extractFilter($request), 'q');
|
$query = Arr::get($this->extractFilter($request), 'q');
|
||||||
$sort = $this->extractSort($request);
|
$sort = $this->extractSort($request);
|
||||||
|
|
|
@ -31,6 +31,7 @@ class ErrorServiceProvider extends AbstractServiceProvider
|
||||||
|
|
||||||
// 401 Unauthorized
|
// 401 Unauthorized
|
||||||
'invalid_access_token' => 401,
|
'invalid_access_token' => 401,
|
||||||
|
'not_authenticated' => 401,
|
||||||
|
|
||||||
// 403 Forbidden
|
// 403 Forbidden
|
||||||
'invalid_confirmation_token' => 403,
|
'invalid_confirmation_token' => 403,
|
||||||
|
|
|
@ -11,12 +11,20 @@
|
||||||
|
|
||||||
namespace Flarum\User;
|
namespace Flarum\User;
|
||||||
|
|
||||||
|
use Flarum\User\Exception\NotAuthenticatedException;
|
||||||
use Flarum\User\Exception\PermissionDeniedException;
|
use Flarum\User\Exception\PermissionDeniedException;
|
||||||
|
|
||||||
trait AssertPermissionTrait
|
trait AssertPermissionTrait
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* @param $condition
|
* Ensure the current user is allowed to do something.
|
||||||
|
*
|
||||||
|
* If the condition is not met, an exception will be thrown that signals the
|
||||||
|
* lack of permissions. This is about *authorization*, i.e. retrying such a
|
||||||
|
* request / operation without a change in permissions (or using another
|
||||||
|
* user account) is pointless.
|
||||||
|
*
|
||||||
|
* @param bool $condition
|
||||||
* @throws PermissionDeniedException
|
* @throws PermissionDeniedException
|
||||||
*/
|
*/
|
||||||
protected function assertPermission($condition)
|
protected function assertPermission($condition)
|
||||||
|
@ -26,37 +34,44 @@ trait AssertPermissionTrait
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Ensure the given actor is authenticated.
|
||||||
|
*
|
||||||
|
* This will throw an exception for guest users, signaling that
|
||||||
|
* *authorization* failed. Thus, they could retry the operation after
|
||||||
|
* logging in (or using other means of authentication).
|
||||||
|
*
|
||||||
|
* @param User $actor
|
||||||
|
* @throws NotAuthenticatedException
|
||||||
|
*/
|
||||||
|
protected function assertRegistered(User $actor)
|
||||||
|
{
|
||||||
|
if ($actor->isGuest()) {
|
||||||
|
throw new NotAuthenticatedException;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param User $actor
|
* @param User $actor
|
||||||
* @param string $ability
|
* @param string $ability
|
||||||
* @param mixed $arguments
|
* @param mixed $arguments
|
||||||
|
* @throws NotAuthenticatedException
|
||||||
* @throws PermissionDeniedException
|
* @throws PermissionDeniedException
|
||||||
*/
|
*/
|
||||||
protected function assertCan(User $actor, $ability, $arguments = [])
|
protected function assertCan(User $actor, $ability, $arguments = [])
|
||||||
{
|
{
|
||||||
|
// For non-authenticated users, we throw a different exception to signal
|
||||||
|
// that logging in may help.
|
||||||
|
$this->assertRegistered($actor);
|
||||||
|
|
||||||
|
// If we're logged in, then we need to communicate that the current
|
||||||
|
// account simply does not have enough permissions.
|
||||||
$this->assertPermission($actor->can($ability, $arguments));
|
$this->assertPermission($actor->can($ability, $arguments));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param User $actor
|
* @param User $actor
|
||||||
* @throws \Flarum\User\Exception\PermissionDeniedException
|
* @throws NotAuthenticatedException
|
||||||
*/
|
|
||||||
protected function assertGuest(User $actor)
|
|
||||||
{
|
|
||||||
$this->assertPermission($actor->isGuest());
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param User $actor
|
|
||||||
* @throws PermissionDeniedException
|
|
||||||
*/
|
|
||||||
protected function assertRegistered(User $actor)
|
|
||||||
{
|
|
||||||
$this->assertPermission(! $actor->isGuest());
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param User $actor
|
|
||||||
* @throws PermissionDeniedException
|
* @throws PermissionDeniedException
|
||||||
*/
|
*/
|
||||||
protected function assertAdmin(User $actor)
|
protected function assertAdmin(User $actor)
|
||||||
|
|
|
@ -74,7 +74,7 @@ class RegisterUserHandler
|
||||||
$data = $command->data;
|
$data = $command->data;
|
||||||
|
|
||||||
if (! $this->settings->get('allow_sign_up')) {
|
if (! $this->settings->get('allow_sign_up')) {
|
||||||
$this->assertAdmin($actor);
|
$this->assertPermission($actor->can('administrate'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$password = Arr::get($data, 'attributes.password');
|
$password = Arr::get($data, 'attributes.password');
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of Flarum.
|
||||||
|
*
|
||||||
|
* (c) Toby Zerner <toby.zerner@gmail.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Flarum\User\Exception;
|
||||||
|
|
||||||
|
use Exception;
|
||||||
|
use Flarum\Foundation\KnownError;
|
||||||
|
|
||||||
|
class NotAuthenticatedException extends Exception implements KnownError
|
||||||
|
{
|
||||||
|
public function getType(): string
|
||||||
|
{
|
||||||
|
return 'not_authenticated';
|
||||||
|
}
|
||||||
|
}
|
|
@ -65,7 +65,7 @@ class AuthenticateWithApiKeyTest extends TestCase
|
||||||
|
|
||||||
$response = $api->send(CreateGroupController::class, new Guest);
|
$response = $api->send(CreateGroupController::class, new Guest);
|
||||||
|
|
||||||
$this->assertEquals(403, $response->getStatusCode());
|
$this->assertEquals(401, $response->getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -80,7 +80,7 @@ class CreateGroupControllerTest extends ApiControllerTestCase
|
||||||
/**
|
/**
|
||||||
* @test
|
* @test
|
||||||
*/
|
*/
|
||||||
public function unauthorized_user_cannot_create_group()
|
public function normal_user_cannot_create_group()
|
||||||
{
|
{
|
||||||
$this->actor = User::find(2);
|
$this->actor = User::find(2);
|
||||||
|
|
||||||
|
|
|
@ -36,7 +36,7 @@ class ListNotificationsControllerTest extends ApiControllerTestCase
|
||||||
{
|
{
|
||||||
$response = $this->callWith();
|
$response = $this->callWith();
|
||||||
|
|
||||||
$this->assertEquals(403, $response->getStatusCode());
|
$this->assertEquals(401, $response->getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -42,7 +42,7 @@ class ListUsersControllerTest extends ApiControllerTestCase
|
||||||
{
|
{
|
||||||
$response = $this->callWith();
|
$response = $this->callWith();
|
||||||
|
|
||||||
$this->assertEquals(403, $response->getStatusCode());
|
$this->assertEquals(401, $response->getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue
Block a user