Commit Graph

3530 Commits

Author SHA1 Message Date
Franz Liedke
0a2bdbaa09
Debug mode: Include stacktrace in JSON-API errors
Refs #1843, #1865.
2019-09-04 23:35:32 +02:00
Franz Liedke
26229db1fd
Refactor JSON-API error formatter 2019-09-04 23:30:22 +02:00
Franz Liedke
1aef3162be
Apply fixes from StyleCI (#1867)
[ci skip] [skip ci]
2019-09-04 01:44:59 +02:00
Franz Liedke
dcf88df0c7
Restore error details in JSON-API error formatter
Fixes #1865. Refs #1843.
2019-09-04 01:44:22 +02:00
Franz Liedke
3eb28dfb16
Convert controller test to request test
This further decouples these tests from the implementation (i.e. which
controller are we calling?).
2019-09-04 01:27:24 +02:00
Matteo Contrini
1d43371fa9 Allow formatting post content without a request (#1848) 2019-09-04 00:12:28 +02:00
Matthew Kilgore
4df455cf04 Add Edit User permission to permissions grid (#1859) 2019-09-03 23:54:38 +02:00
Franz Liedke
2c43ccf66c
Merge pull request #1854 from flarum/fl/1641-fix-status-codes
Error handling: Fix status codes
2019-09-02 16:33:48 +02:00
dependabot[bot]
1d010efbca Bump lodash from 4.17.11 to 4.17.15 in /js (#1863)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.15.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.15)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:11:25 +02:00
dependabot[bot]
2135d5908e Bump mixin-deep from 1.3.1 to 1.3.2 in /js (#1862)
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases)
- [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:06:38 +02:00
Franz Liedke
9640dd6419
Remove unnecessary dependency
Refs #1773.
2019-08-22 10:04:38 +02:00
Franz Liedke
98464a8a33
Remove superfluous ForbiddenException
It has the same effect as the PermissionDeniedException, so let's
just use that.

Refs #1641.
2019-08-22 00:06:26 +02:00
Franz Liedke
2b6535525b
When signups are prohibited, respond with HTTP 403 2019-08-21 23:48:24 +02:00
Franz Liedke
b60617b849
Move authentication check into assertCan() method
This will cause the right error (HTTP 401) to be thrown whenever
we're checking for a specific permission, but the user is not even
logged in. Authenticated users will still get HTTP 403.
2019-08-21 23:48:03 +02:00
Franz Liedke
0836d99e83
Remove unnecessary indirection 2019-08-21 00:06:32 +02:00
Franz Liedke
279c7df9b9
Document permission check methods 2019-08-21 00:06:31 +02:00
Franz Liedke
04bcf1eef6
Fix inconsistent status codes
HTTP 401 should be used when logging in (i.e. authenticating) would make
a difference; HTTP 403 is reserved for requests that fail because the
already authenticated user is not authorized (i.e. lacking permissions)
to do something.
2019-08-21 00:06:31 +02:00
Franz Liedke
70e98f810c
Travis: Remove deploy key 2019-08-21 00:06:16 +02:00
David Sevilla Martín
3851d805f7 Move to GitHub Actions (#1853) 2019-08-21 00:05:04 +02:00
Franz Liedke
085468382a
Error handling: Document another interface 2019-08-20 22:20:11 +02:00
Franz Liedke
7dbdd8c024
Rename method 2019-08-20 20:08:01 +02:00
Franz Liedke
ad25307e68
Error handling: Tweak Reporter interface
Because reporters are used for exceptions we were not able to handle, it
makes sense to simply pass the exception, not the "handled error".
2019-08-20 20:07:56 +02:00
Franz Liedke
6c454b8279
Error handling: Document classes and interfaces 2019-08-20 20:07:52 +02:00
Franz Liedke
9f15e9ba86
Error handling: Rename renderers to formatters
Refs #1641.
2019-08-20 20:07:47 +02:00
Franz Liedke
41009dba74
Remove obsolete queue config 2019-08-19 22:33:32 +02:00
Daniël Klabbers
a045f8bef9
Queue support (#1773)
Implementation of clean queue handling, by default sync is used
2019-08-19 21:44:06 +02:00
Franz Liedke
689d767f82
Don't fail when extend.php doesn't return an array
Refs #1607.
2019-08-16 12:29:31 +02:00
Franz Liedke
77fff9fde8
#1607: Show more details when catching boot errors 2019-08-16 12:13:47 +02:00
Franz Liedke
c6c1ae32e6
Bubble up exception for invalid confirmation token
This way, the error handler can simply be amended to deal with this
exception type with a dedicated error message or page.

Refs #1337.
Closes #1528.
2019-08-14 19:47:56 +02:00
Franz Liedke
bdac88b573
Determine error view and message based on type
...not based on status code.

To simplify this logic, we now use the same error "type" both when
routes are not found and specific models are not found. One exception is
ours, one is from Laravel, but for the purposes of error handling they
should be treated the same.

Fixes flarum/core#1641.
2019-08-14 19:47:56 +02:00
flarum-bot
31ee65be93 Bundled output for commit 29df6b60be [skip ci] 2019-08-14 06:41:45 +00:00
Franz Liedke
29df6b60be
Tweak translation keys, always use full keys
Makes them easier to grep when editing / removing.

Refs #1750, #1788.
2019-08-14 08:34:36 +02:00
Franz Liedke
1e6f175379
Extract real method
Refs #1750, #1788.
2019-08-14 08:34:14 +02:00
flarum-bot
065ff3456f Bundled output for commit 37e0a5579b [skip ci] 2019-08-13 21:02:10 +00:00
Tobias Karlsson
37e0a5579b Improve feedback on user deletion
Fixes #1750, #1777
2019-08-13 22:56:24 +02:00
Franz Liedke
cd9aa0096e
Merge pull request #1843 from flarum/fl/1641-exception-handling
Implement new error handling stack
2019-08-13 22:45:46 +02:00
Franz Liedke
d06493c61e
Support multiple error reporters
The error handling middleware now expects an array of reporters.
Extensions can register new reporters in the container like this:

    use Flarum\Foundation\ErrorHandling\Reporter;

    $container->tag(NewReporter::class, Reporter::class);

Note that this is just an implementation detail and will be hidden
behind an extender.
2019-08-10 11:04:12 +02:00
Franz Liedke
9f71e2c3cb
Remove old error handler, middleware and tests 2019-08-10 00:26:24 +02:00
Franz Liedke
81a8736ba9
API Client: Use new error handling mechanism 2019-08-10 00:26:24 +02:00
Franz Liedke
57ce25301d
Use new error handler middleware 2019-08-10 00:26:24 +02:00
Franz Liedke
cfbaa84fbc
Wire up new error handling stack 2019-08-10 00:26:23 +02:00
Franz Liedke
3417f5a77e
Make existing extensions compatible with new stack 2019-08-10 00:26:22 +02:00
Franz Liedke
1035636d0f
Implement new error handling stack
This separates the error registry (mapping exception types to status
codes) from actual handling (the middleware) as well as error formatting
(Whoops, pretty error pages or JSON-API?) and reporting (log? Sentry?).

The components can be reused in different places (e.g. the API client
and the error handler middleware both need the registry to understand
all the exceptions Flarum knows how to handle), while still allowing to
change only the parts that need to change (the API stack always uses the
JSON-API formatter, and the forum stack switches between Whoops and
pretty error pages based on debug mode).

Finally, this paves the way for some planned features and extensibility:
- A console error handler can build on top of the registry.
- Extensions can register new exceptions and how to handle them.
- Extensions can change how we report exceptions (e.g. Sentry).
- We can build more pretty error pages, even different ones for
  exceptions having the same status code.
2019-08-10 00:26:22 +02:00
Franz Liedke
d00fc2c49d
Remove obsolete constructor parameter
This was removed in commit 484c6d2e.
2019-08-10 00:16:21 +02:00
flarum-bot
f3b889a665 Bundled output for commit c5122bf5d5 [skip ci] 2019-08-08 23:12:56 +00:00
Franz Liedke
c5122bf5d5
a11y: Try to make screenreaders read tooltips
Refs #1835.
2019-08-08 22:40:30 +02:00
David Sevilla Martín
5ed55195e1 Add canonical URL to discussion list (#1814) 2019-08-08 00:01:25 +02:00
Franz Liedke
8604ea3020
Bypass CSRF token check when using access tokens
Fixes #1828.
2019-08-01 22:53:31 +02:00
Franz Liedke
2648e960a7
Make exception message dynamic as well 2019-08-01 22:25:28 +02:00
Daniël Klabbers
f0dff95d62 Merge branch 'master' of github.com:flarum/core 2019-07-31 17:10:47 +02:00