Issue #3114122 by jungle, klausi, dww: ExceptionLoggingSubscriber should log...

Issue #3114122 by jungle, klausi, dww: ExceptionLoggingSubscriber should log 403 access denied reason (cherry picked from commit 5fbd9c79)

Issue #3114122 by jungle, klausi, dww: ExceptionLoggingSubscriber should log...
Issue #3114122 by jungle, klausi, dww: ExceptionLoggingSubscriber should log 403 access denied reason (cherry picked from commit 5fbd9c79)
5a9823d1 · Nathaniel Catchpole · 2a52b32d · 5a9823d1 · 5a9823d1
Commit 5a9823d1 authored May 07, 2020 by Nathaniel Catchpole
--- a/core/lib/Drupal/Core/EventSubscriber/ExceptionLoggingSubscriber.php
+++ b/core/lib/Drupal/Core/EventSubscriber/ExceptionLoggingSubscriber.php
@@ -38,8 +38,12 @@ public function __construct(LoggerChannelFactoryInterface $logger) {
   *   The event to process.
   */
  public function on403(ExceptionEvent $event) {
-    $request = $event->getRequest();
-    $this->logger->get('access denied')->warning('@uri', ['@uri' => $request->getRequestUri()]);
+    // Log the exception with the page where it happened so that admins know
+    // why access was denied.
+    $exception = $event->getThrowable();
+    $error = Error::decodeException($exception);
+    $error['@uri'] = $event->getRequest()->getRequestUri();
+    $this->logger->get('access denied')->warning('Path: @uri. %type: @message in %function (line %line of %file).', $error);
  }

  /**

--- a/core/modules/dblog/tests/src/Functional/DbLogTest.php
+++ b/core/modules/dblog/tests/src/Functional/DbLogTest.php
@@ -135,6 +135,44 @@ public function testLogEventPage() {
    $this->assertText('Notice', 'The severity was properly displayed on the detail page.');
  }

+  /**
+   * Tests that a 403 event is logged with the exception triggering it.
+   */
+  public function test403LogEventPage() {
+    $assert_session = $this->assertSession();
+    $uri = 'admin/reports';
+
+    $this->drupalLogin($this->webUser);
+    $this->drupalGet($uri);
+    $assert_session->statusCodeEquals(403);
+
+    $this->drupalLogin($this->adminUser);
+
+    $wid = Database::getConnection()->query("SELECT MAX(wid) FROM {watchdog} WHERE type='access denied'")->fetchField();
+    $this->drupalGet('admin/reports/dblog/event/' . $wid);
+
+    $table = $this->xpath("//table[@class='dblog-event']");
+    $this->assertCount(1, $table);
+
+    // Verify type, severity and location.
+    $type = $table[0]->findAll('xpath', "//tr/th[contains(text(), 'Type')]/../td");
+    $this->assertCount(1, $type);
+    $this->assertEquals('access denied', $type[0]->getText());
+    $severity = $table[0]->findAll('xpath', "//tr/th[contains(text(), 'Severity')]/../td");
+    $this->assertCount(1, $severity);
+    $this->assertEquals('Warning', $severity[0]->getText());
+    $location = $table[0]->findAll('xpath', "//tr/th[contains(text(), 'Location')]/../td/a");
+    $this->assertCount(1, $location);
+    $href = $location[0]->getAttribute('href');
+    $this->assertEquals($this->baseUrl . '/' . $uri, $href);
+
+    // Verify message.
+    $message = $table[0]->findAll('xpath', "//tr/th[contains(text(), 'Message')]/../td");
+    $this->assertCount(1, $message);
+    $regex = "@Path: .+admin/reports\. Drupal\\\\Core\\\\Http\\\\Exception\\\\CacheableAccessDeniedHttpException: The 'access site reports' permission is required\. in Drupal\\\\Core\\\\Routing\\\\AccessAwareRouter->checkAccess\(\) \(line \d+ of .+/core/lib/Drupal/Core/Routing/AccessAwareRouter\.php\)\.@";
+    $this->assertRegExp($regex, $message[0]->getText());
+  }
+
  /**
   * Test not-existing log event page.
   */