Franz Liedke
47a528305b
Restore error details in JSON-API error formatter
...
Fixes #1865 . Refs #1843 .
2020-02-04 22:58:48 +01:00
Franz Liedke
6121229c6f
Convert controller test to request test
...
This further decouples these tests from the implementation (i.e. which
controller are we calling?).
2020-02-04 22:58:48 +01:00
Matteo Contrini
df7f1291a7
Allow formatting post content without a request ( #1848 )
2020-02-04 22:58:28 +01:00
Matthew Kilgore
52e73b2481
Add Edit User permission to permissions grid ( #1859 )
2020-02-04 22:58:28 +01:00
Franz Liedke
d08f851c0b
When signups are prohibited, respond with HTTP 403
2020-02-04 22:58:28 +01:00
Franz Liedke
22b32bd601
Move authentication check into assertCan() method
...
This will cause the right error (HTTP 401) to be thrown whenever
we're checking for a specific permission, but the user is not even
logged in. Authenticated users will still get HTTP 403.
2020-02-04 22:58:28 +01:00
Franz Liedke
6797770c75
Remove unnecessary indirection
2020-02-04 22:58:28 +01:00
Franz Liedke
4cab48c0fd
Document permission check methods
2020-02-04 22:58:28 +01:00
Franz Liedke
f7222d7e20
Fix inconsistent status codes
...
HTTP 401 should be used when logging in (i.e. authenticating) would make
a difference; HTTP 403 is reserved for requests that fail because the
already authenticated user is not authorized (i.e. lacking permissions)
to do something.
2020-02-04 22:58:28 +01:00
dependabot[bot]
53c728b184
Bump lodash from 4.17.11 to 4.17.15 in /js ( #1863 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.11 to 4.17.15.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.15 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-02-04 22:58:28 +01:00
dependabot[bot]
1d525d0a78
Bump mixin-deep from 1.3.1 to 1.3.2 in /js ( #1862 )
...
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep ) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases )
- [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-02-04 22:58:28 +01:00
Franz Liedke
301e571772
Remove unnecessary dependency
...
Refs #1773 .
2020-02-04 22:58:28 +01:00
Franz Liedke
e7c12ce928
Remove superfluous ForbiddenException
...
It has the same effect as the PermissionDeniedException, so let's
just use that.
Refs #1641 .
2020-02-04 22:58:28 +01:00
Franz Liedke
5d5ebc088e
Travis: Remove deploy key
2020-02-04 22:55:25 +01:00
David Sevilla Martín
6e62240153
Move to GitHub Actions ( #1853 )
2020-02-04 22:55:25 +01:00
Franz Liedke
17d1942c5c
Error handling: Document another interface
2020-02-04 22:55:25 +01:00
Franz Liedke
e786e297ef
Rename method
2020-02-04 22:55:25 +01:00
Franz Liedke
2829618814
Error handling: Tweak Reporter interface
...
Because reporters are used for exceptions we were not able to handle, it
makes sense to simply pass the exception, not the "handled error".
2020-02-04 22:55:25 +01:00
Franz Liedke
5875b31fd5
Error handling: Document classes and interfaces
2020-02-04 22:55:25 +01:00
Franz Liedke
ae59bf549f
Error handling: Rename renderers to formatters
...
Refs #1641 .
2020-02-04 22:55:25 +01:00
Franz Liedke
d45bf04341
Remove obsolete queue config
2020-02-04 22:55:25 +01:00
Daniël Klabbers
7f9588af62
Queue support ( #1773 )
...
Implementation of clean queue handling, by default sync is used
2020-02-04 22:55:25 +01:00
Franz Liedke
17dfb58590
Don't fail when extend.php doesn't return an array
...
Refs #1607 .
2020-02-04 22:55:25 +01:00
Franz Liedke
c5e3e26d07
#1607 : Show more details when catching boot errors
2020-02-04 22:55:25 +01:00
Franz Liedke
5d768db6d2
Bubble up exception for invalid confirmation token
...
This way, the error handler can simply be amended to deal with this
exception type with a dedicated error message or page.
Refs #1337 .
Closes #1528 .
2020-02-04 22:55:25 +01:00
Franz Liedke
6e089c12d4
Determine error view and message based on type
...
...not based on status code.
To simplify this logic, we now use the same error "type" both when
routes are not found and specific models are not found. One exception is
ours, one is from Laravel, but for the purposes of error handling they
should be treated the same.
Fixes flarum/core#1641 .
2020-02-04 22:55:25 +01:00
flarum-bot
5ddb843eb2
Bundled output for commit 29df6b60be
[skip ci]
2020-02-04 22:55:25 +01:00
Franz Liedke
bbeacc0299
Tweak translation keys, always use full keys
...
Makes them easier to grep when editing / removing.
Refs #1750 , #1788 .
2020-02-04 22:55:25 +01:00
Franz Liedke
82480457ce
Extract real method
...
Refs #1750 , #1788 .
2020-02-04 22:55:25 +01:00
flarum-bot
685459c0bc
Bundled output for commit 37e0a5579b
[skip ci]
2020-02-04 22:55:25 +01:00
Tobias Karlsson
347edcf2cd
Improve feedback on user deletion
...
Fixes #1750 , #1777
2020-02-04 22:55:25 +01:00
Franz Liedke
731a038f29
Support multiple error reporters
...
The error handling middleware now expects an array of reporters.
Extensions can register new reporters in the container like this:
use Flarum\Foundation\ErrorHandling\Reporter;
$container->tag(NewReporter::class, Reporter::class);
Note that this is just an implementation detail and will be hidden
behind an extender.
2020-02-04 22:55:25 +01:00
Franz Liedke
af5113eb7b
Remove old error handler, middleware and tests
2020-02-04 22:55:25 +01:00
Franz Liedke
ddfb2c1ec1
API Client: Use new error handling mechanism
2020-02-04 22:37:25 +01:00
Franz Liedke
6cf3c1088d
Use new error handler middleware
2020-02-04 22:37:24 +01:00
Franz Liedke
2f174edfd0
Wire up new error handling stack
2020-02-04 22:37:24 +01:00
Franz Liedke
2c231aa475
Make existing extensions compatible with new stack
2020-02-04 22:37:24 +01:00
Franz Liedke
1e5c7e54ee
Implement new error handling stack
...
This separates the error registry (mapping exception types to status
codes) from actual handling (the middleware) as well as error formatting
(Whoops, pretty error pages or JSON-API?) and reporting (log? Sentry?).
The components can be reused in different places (e.g. the API client
and the error handler middleware both need the registry to understand
all the exceptions Flarum knows how to handle), while still allowing to
change only the parts that need to change (the API stack always uses the
JSON-API formatter, and the forum stack switches between Whoops and
pretty error pages based on debug mode).
Finally, this paves the way for some planned features and extensibility:
- A console error handler can build on top of the registry.
- Extensions can register new exceptions and how to handle them.
- Extensions can change how we report exceptions (e.g. Sentry).
- We can build more pretty error pages, even different ones for
exceptions having the same status code.
2020-02-04 22:37:24 +01:00
Franz Liedke
408043a203
Remove obsolete constructor parameter
...
This was removed in commit 484c6d2e
.
2020-02-04 22:37:24 +01:00
flarum-bot
9b449386d6
Bundled output for commit c5122bf5d5
[skip ci]
2020-02-04 22:37:24 +01:00
Franz Liedke
f1d9753aee
a11y: Try to make screenreaders read tooltips
...
Refs #1835 .
2020-02-04 22:37:24 +01:00
David Sevilla Martín
54f733ca80
Add canonical URL to discussion list ( #1814 )
2020-02-04 22:37:24 +01:00
Franz Liedke
a737b98e7f
Bypass CSRF token check when using access tokens
...
Fixes #1828 .
2020-02-04 22:37:24 +01:00
Franz Liedke
80546b9ed7
Make exception message dynamic as well
2020-02-04 22:37:24 +01:00
Franz Liedke
9758dfac47
Determine default route after extensions
...
Fixes #1819 .
2020-02-04 22:37:24 +01:00
Franz Liedke
970c0f5604
PHPUnit: Get rid of deprecated annotation
...
Refs #1795 .
2020-02-04 22:37:24 +01:00
Daniël Klabbers
42a7f2f586
Allows configuration of where the language files live. So that
...
language packs can optionally decide for themselves if they want
to use a different directory.
2020-02-04 22:37:24 +01:00
Daniël Klabbers
3611fa1bb9
fixes #1695 , take into consideration is_private with counts on User stats
2020-02-04 22:37:24 +01:00
Daniël Klabbers
c881f9f633
fixed ci, make green again; mysql service wasnt booted
2020-02-04 22:37:24 +01:00
Franz Liedke
0a22a66189
Prevent MySQL search operators from taking effect
...
We do not want to inherit MySQL's fulltext query language, so let's
just drop all non-word characters from the search term.
Fixes #1498 .
2020-02-04 22:37:24 +01:00