Commit Graph

3293 Commits

Author SHA1 Message Date
Franz Liedke
47a528305b Restore error details in JSON-API error formatter
Fixes #1865. Refs #1843.
2020-02-04 22:58:48 +01:00
Franz Liedke
6121229c6f Convert controller test to request test
This further decouples these tests from the implementation (i.e. which
controller are we calling?).
2020-02-04 22:58:48 +01:00
Matteo Contrini
df7f1291a7 Allow formatting post content without a request (#1848) 2020-02-04 22:58:28 +01:00
Matthew Kilgore
52e73b2481 Add Edit User permission to permissions grid (#1859) 2020-02-04 22:58:28 +01:00
Franz Liedke
d08f851c0b When signups are prohibited, respond with HTTP 403 2020-02-04 22:58:28 +01:00
Franz Liedke
22b32bd601 Move authentication check into assertCan() method
This will cause the right error (HTTP 401) to be thrown whenever
we're checking for a specific permission, but the user is not even
logged in. Authenticated users will still get HTTP 403.
2020-02-04 22:58:28 +01:00
Franz Liedke
6797770c75 Remove unnecessary indirection 2020-02-04 22:58:28 +01:00
Franz Liedke
4cab48c0fd Document permission check methods 2020-02-04 22:58:28 +01:00
Franz Liedke
f7222d7e20 Fix inconsistent status codes
HTTP 401 should be used when logging in (i.e. authenticating) would make
a difference; HTTP 403 is reserved for requests that fail because the
already authenticated user is not authorized (i.e. lacking permissions)
to do something.
2020-02-04 22:58:28 +01:00
dependabot[bot]
53c728b184 Bump lodash from 4.17.11 to 4.17.15 in /js (#1863)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.15.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.15)

Signed-off-by: dependabot[bot] <support@github.com>
2020-02-04 22:58:28 +01:00
dependabot[bot]
1d525d0a78 Bump mixin-deep from 1.3.1 to 1.3.2 in /js (#1862)
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases)
- [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2)

Signed-off-by: dependabot[bot] <support@github.com>
2020-02-04 22:58:28 +01:00
Franz Liedke
301e571772 Remove unnecessary dependency
Refs #1773.
2020-02-04 22:58:28 +01:00
Franz Liedke
e7c12ce928 Remove superfluous ForbiddenException
It has the same effect as the PermissionDeniedException, so let's
just use that.

Refs #1641.
2020-02-04 22:58:28 +01:00
Franz Liedke
5d5ebc088e Travis: Remove deploy key 2020-02-04 22:55:25 +01:00
David Sevilla Martín
6e62240153 Move to GitHub Actions (#1853) 2020-02-04 22:55:25 +01:00
Franz Liedke
17d1942c5c Error handling: Document another interface 2020-02-04 22:55:25 +01:00
Franz Liedke
e786e297ef Rename method 2020-02-04 22:55:25 +01:00
Franz Liedke
2829618814 Error handling: Tweak Reporter interface
Because reporters are used for exceptions we were not able to handle, it
makes sense to simply pass the exception, not the "handled error".
2020-02-04 22:55:25 +01:00
Franz Liedke
5875b31fd5 Error handling: Document classes and interfaces 2020-02-04 22:55:25 +01:00
Franz Liedke
ae59bf549f Error handling: Rename renderers to formatters
Refs #1641.
2020-02-04 22:55:25 +01:00
Franz Liedke
d45bf04341 Remove obsolete queue config 2020-02-04 22:55:25 +01:00
Daniël Klabbers
7f9588af62 Queue support (#1773)
Implementation of clean queue handling, by default sync is used
2020-02-04 22:55:25 +01:00
Franz Liedke
17dfb58590 Don't fail when extend.php doesn't return an array
Refs #1607.
2020-02-04 22:55:25 +01:00
Franz Liedke
c5e3e26d07 #1607: Show more details when catching boot errors 2020-02-04 22:55:25 +01:00
Franz Liedke
5d768db6d2 Bubble up exception for invalid confirmation token
This way, the error handler can simply be amended to deal with this
exception type with a dedicated error message or page.

Refs #1337.
Closes #1528.
2020-02-04 22:55:25 +01:00
Franz Liedke
6e089c12d4 Determine error view and message based on type
...not based on status code.

To simplify this logic, we now use the same error "type" both when
routes are not found and specific models are not found. One exception is
ours, one is from Laravel, but for the purposes of error handling they
should be treated the same.

Fixes flarum/core#1641.
2020-02-04 22:55:25 +01:00
flarum-bot
5ddb843eb2 Bundled output for commit 29df6b60be [skip ci] 2020-02-04 22:55:25 +01:00
Franz Liedke
bbeacc0299 Tweak translation keys, always use full keys
Makes them easier to grep when editing / removing.

Refs #1750, #1788.
2020-02-04 22:55:25 +01:00
Franz Liedke
82480457ce Extract real method
Refs #1750, #1788.
2020-02-04 22:55:25 +01:00
flarum-bot
685459c0bc Bundled output for commit 37e0a5579b [skip ci] 2020-02-04 22:55:25 +01:00
Tobias Karlsson
347edcf2cd Improve feedback on user deletion
Fixes #1750, #1777
2020-02-04 22:55:25 +01:00
Franz Liedke
731a038f29 Support multiple error reporters
The error handling middleware now expects an array of reporters.
Extensions can register new reporters in the container like this:

    use Flarum\Foundation\ErrorHandling\Reporter;

    $container->tag(NewReporter::class, Reporter::class);

Note that this is just an implementation detail and will be hidden
behind an extender.
2020-02-04 22:55:25 +01:00
Franz Liedke
af5113eb7b Remove old error handler, middleware and tests 2020-02-04 22:55:25 +01:00
Franz Liedke
ddfb2c1ec1 API Client: Use new error handling mechanism 2020-02-04 22:37:25 +01:00
Franz Liedke
6cf3c1088d Use new error handler middleware 2020-02-04 22:37:24 +01:00
Franz Liedke
2f174edfd0 Wire up new error handling stack 2020-02-04 22:37:24 +01:00
Franz Liedke
2c231aa475 Make existing extensions compatible with new stack 2020-02-04 22:37:24 +01:00
Franz Liedke
1e5c7e54ee Implement new error handling stack
This separates the error registry (mapping exception types to status
codes) from actual handling (the middleware) as well as error formatting
(Whoops, pretty error pages or JSON-API?) and reporting (log? Sentry?).

The components can be reused in different places (e.g. the API client
and the error handler middleware both need the registry to understand
all the exceptions Flarum knows how to handle), while still allowing to
change only the parts that need to change (the API stack always uses the
JSON-API formatter, and the forum stack switches between Whoops and
pretty error pages based on debug mode).

Finally, this paves the way for some planned features and extensibility:
- A console error handler can build on top of the registry.
- Extensions can register new exceptions and how to handle them.
- Extensions can change how we report exceptions (e.g. Sentry).
- We can build more pretty error pages, even different ones for
  exceptions having the same status code.
2020-02-04 22:37:24 +01:00
Franz Liedke
408043a203 Remove obsolete constructor parameter
This was removed in commit 484c6d2e.
2020-02-04 22:37:24 +01:00
flarum-bot
9b449386d6 Bundled output for commit c5122bf5d5 [skip ci] 2020-02-04 22:37:24 +01:00
Franz Liedke
f1d9753aee a11y: Try to make screenreaders read tooltips
Refs #1835.
2020-02-04 22:37:24 +01:00
David Sevilla Martín
54f733ca80 Add canonical URL to discussion list (#1814) 2020-02-04 22:37:24 +01:00
Franz Liedke
a737b98e7f Bypass CSRF token check when using access tokens
Fixes #1828.
2020-02-04 22:37:24 +01:00
Franz Liedke
80546b9ed7 Make exception message dynamic as well 2020-02-04 22:37:24 +01:00
Franz Liedke
9758dfac47 Determine default route after extensions
Fixes #1819.
2020-02-04 22:37:24 +01:00
Franz Liedke
970c0f5604 PHPUnit: Get rid of deprecated annotation
Refs #1795.
2020-02-04 22:37:24 +01:00
Daniël Klabbers
42a7f2f586 Allows configuration of where the language files live. So that
language packs can optionally decide for themselves if they want
to use a different directory.
2020-02-04 22:37:24 +01:00
Daniël Klabbers
3611fa1bb9 fixes #1695, take into consideration is_private with counts on User stats 2020-02-04 22:37:24 +01:00
Daniël Klabbers
c881f9f633 fixed ci, make green again; mysql service wasnt booted 2020-02-04 22:37:24 +01:00
Franz Liedke
0a22a66189 Prevent MySQL search operators from taking effect
We do not want to inherit MySQL's fulltext query language, so let's
just drop all non-word characters from the search term.

Fixes #1498.
2020-02-04 22:37:24 +01:00