skobkin/point-tools
1
1
Fork 0
Code Issues 4 Pull requests 1 Releases Activity

Crutch-fixing PostController::showAction() exception handling with 404 instead of 403 exception.

Browse source
This commit is contained in:
Alexey Skobkin 2019-04-03 20:34:16 +03:00
parent 44c4158602
commit f598864d4d
3 changed files with 11 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/config/security.yml
View file

@ -9,11 +9,4 @@ security:
security: false security: false
default: default:
# Needs to be changed if authentication is added anonymous: true
# Also it needs to be carefully checked that after enabling security here
# \Symfony\Component\Security\Http\Firewall\ExceptionListener::handleAccessDeniedException() doesn't start to replace 403 by 401 exceptions
# for all users
# For example \Skobkin\Bundle\PointToolsBundle\Controller\PostController::showAction() can return AccessDeniedException and this logic must be saved
# After enabling authentication
security: false
#anonymous: true

8
src/Skobkin/Bundle/PointToolsBundle/Controller/PostController.php
View file

@ -16,7 +16,13 @@ class PostController extends AbstractController
public function showAction(Post $post, PostRepository $postRepository): Response public function showAction(Post $post, PostRepository $postRepository): Response
{ {
if ((!$post->getAuthor()->isPublic()) || $post->getAuthor()->isWhitelistOnly()) { if ((!$post->getAuthor()->isPublic()) || $post->getAuthor()->isWhitelistOnly()) {
throw $this->createAccessDeniedException('Author\'s blog is private.'); /**
* Throwing 404 instead of 403 because of
* @see \Symfony\Component\Security\Http\Firewall\ExceptionListener::handleAccessDeniedException()
* starts to replace 403 by 401 exceptions for anonymous users and tries to authenticate them.
*/
throw $this->createNotFoundException('Author\'s blog is private.');
//throw $this->createAccessDeniedException('Author\'s blog is private.');
} }
return $this->render('SkobkinPointToolsBundle:Post:show.html.twig', [ return $this->render('SkobkinPointToolsBundle:Post:show.html.twig', [

6
tests/Skobkin/PointToolsBundle/Controller/PostControllerTest.php
View file

@ -62,21 +62,21 @@ class PostControllerTest extends WebTestCase
{ {
$client = $this->createClientForPostId(LoadPostData::POST_ID_PR_USER); $client = $this->createClientForPostId(LoadPostData::POST_ID_PR_USER);
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private user\'s post'); $this->assertTrue($client->getResponse()->isNotFound(), '404 response code for private user\'s post');
} }
public function testWhitelistOnlyUserPostForbidden() public function testWhitelistOnlyUserPostForbidden()
{ {
$client = $this->createClientForPostId(LoadPostData::POST_ID_WL_USER); $client = $this->createClientForPostId(LoadPostData::POST_ID_WL_USER);
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for whitelist-only user\'s post'); $this->assertTrue($client->getResponse()->isNotFound(), '404 response code for whitelist-only user\'s post');
} }
public function testPrivateWhitelistOnlyUserPostForbidden() public function testPrivateWhitelistOnlyUserPostForbidden()
{ {
$client = $this->createClientForPostId(LoadPostData::POST_ID_PR_WL_USER); $client = $this->createClientForPostId(LoadPostData::POST_ID_PR_WL_USER);
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private whitelist-only user\'s post'); $this->assertTrue($client->getResponse()->isNotFound(), '404 response code for private whitelist-only user\'s post');
} }
private function createClientForPostId(string $id): Client private function createClientForPostId(string $id): Client