From 5fbd9c79423767a6a940c4f99fbb9206152f26b2 Mon Sep 17 00:00:00 2001 From: catch Date: Thu, 7 May 2020 19:31:24 +0100 Subject: [PATCH] Issue #3114122 by jungle, klausi, dww: ExceptionLoggingSubscriber should log 403 access denied reason --- .../ExceptionLoggingSubscriber.php | 8 +++- .../dblog/tests/src/Functional/DbLogTest.php | 38 +++++++++++++++++++ 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/core/lib/Drupal/Core/EventSubscriber/ExceptionLoggingSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/ExceptionLoggingSubscriber.php index 83052a5306..93bf496121 100644 --- a/core/lib/Drupal/Core/EventSubscriber/ExceptionLoggingSubscriber.php +++ b/core/lib/Drupal/Core/EventSubscriber/ExceptionLoggingSubscriber.php @@ -38,8 +38,12 @@ public function __construct(LoggerChannelFactoryInterface $logger) { * The event to process. */ public function on403(ExceptionEvent $event) { - $request = $event->getRequest(); - $this->logger->get('access denied')->warning('@uri', ['@uri' => $request->getRequestUri()]); + // Log the exception with the page where it happened so that admins know + // why access was denied. + $exception = $event->getThrowable(); + $error = Error::decodeException($exception); + $error['@uri'] = $event->getRequest()->getRequestUri(); + $this->logger->get('access denied')->warning('Path: @uri. %type: @message in %function (line %line of %file).', $error); } /** diff --git a/core/modules/dblog/tests/src/Functional/DbLogTest.php b/core/modules/dblog/tests/src/Functional/DbLogTest.php index 79e06a854e..56ebfc6223 100644 --- a/core/modules/dblog/tests/src/Functional/DbLogTest.php +++ b/core/modules/dblog/tests/src/Functional/DbLogTest.php @@ -135,6 +135,44 @@ public function testLogEventPage() { $this->assertText('Notice', 'The severity was properly displayed on the detail page.'); } + /** + * Tests that a 403 event is logged with the exception triggering it. + */ + public function test403LogEventPage() { + $assert_session = $this->assertSession(); + $uri = 'admin/reports'; + + $this->drupalLogin($this->webUser); + $this->drupalGet($uri); + $assert_session->statusCodeEquals(403); + + $this->drupalLogin($this->adminUser); + + $wid = Database::getConnection()->query("SELECT MAX(wid) FROM {watchdog} WHERE type='access denied'")->fetchField(); + $this->drupalGet('admin/reports/dblog/event/' . $wid); + + $table = $this->xpath("//table[@class='dblog-event']"); + $this->assertCount(1, $table); + + // Verify type, severity and location. + $type = $table[0]->findAll('xpath', "//tr/th[contains(text(), 'Type')]/../td"); + $this->assertCount(1, $type); + $this->assertEquals('access denied', $type[0]->getText()); + $severity = $table[0]->findAll('xpath', "//tr/th[contains(text(), 'Severity')]/../td"); + $this->assertCount(1, $severity); + $this->assertEquals('Warning', $severity[0]->getText()); + $location = $table[0]->findAll('xpath', "//tr/th[contains(text(), 'Location')]/../td/a"); + $this->assertCount(1, $location); + $href = $location[0]->getAttribute('href'); + $this->assertEquals($this->baseUrl . '/' . $uri, $href); + + // Verify message. + $message = $table[0]->findAll('xpath', "//tr/th[contains(text(), 'Message')]/../td"); + $this->assertCount(1, $message); + $regex = "@Path: .+admin/reports\. Drupal\\\\Core\\\\Http\\\\Exception\\\\CacheableAccessDeniedHttpException: The 'access site reports' permission is required\. in Drupal\\\\Core\\\\Routing\\\\AccessAwareRouter->checkAccess\(\) \(line \d+ of .+/core/lib/Drupal/Core/Routing/AccessAwareRouter\.php\)\.@"; + $this->assertRegExp($regex, $message[0]->getText()); + } + /** * Test not-existing log event page. */ -- GitLab