Issue #2472371 by Dom., pfrenssen: Exception shown on 401 Unauthorized

a33414e5 · xjm · f82428c7 · a33414e5 · a33414e5 · a33414e5
Commit a33414e5 authored Apr 25, 2015 by xjm
--- a/core/lib/Drupal/Core/EventSubscriber/DefaultExceptionHtmlSubscriber.php
+++ b/core/lib/Drupal/Core/EventSubscriber/DefaultExceptionHtmlSubscriber.php
@@ -16,6 +16,7 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;

 /**
 * Exception subscriber for handling core default HTML error pages.
@@ -75,6 +76,16 @@ protected function getHandledFormats() {
    return ['html'];
  }

+  /**
+   * Handles a 401 error for HTML.
+   *
+   * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event
+   *   The event to process.
+   */
+  public function on401(GetResponseForExceptionEvent $event) {
+    $this->makeSubrequest($event, Url::fromRoute('system.401')->toString(), Response::HTTP_UNAUTHORIZED);
+  }
+
  /**
   * Handles a 403 error for HTML.
   *
@@ -107,6 +118,7 @@ public function on404(GetResponseForExceptionEvent $event) {
   */
  protected function makeSubrequest(GetResponseForExceptionEvent $event, $url, $status_code) {
    $request = $event->getRequest();
+    $exception = $event->getException();

    if (!($url && $url[0] == '/')) {
      $url = $request->getBasePath() . '/' . $url;
@@ -136,6 +148,12 @@ protected function makeSubrequest(GetResponseForExceptionEvent $event, $url, $st

        $response = $this->httpKernel->handle($sub_request, HttpKernelInterface::SUB_REQUEST);
        $response->setStatusCode($status_code);
+
+        // Persist any special HTTP headers that were set on the exception.
+        if ($exception instanceof HttpExceptionInterface) {
+          $response->headers->add($exception->getHeaders());
+        }
+
        $event->setResponse($response);
      }
      catch (\Exception $e) {

--- a/core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php
+++ b/core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php
@@ -153,6 +153,30 @@ function testLocale() {
    $this->curlClose();
  }

+  /**
+   * Tests if a comprehensive message is displayed when the route is denied.
+   */
+  function testUnauthorizedErrorMessage() {
+    $account = $this->drupalCreateUser();
+    $url = Url::fromRoute('router_test.11');
+
+    // Case when no credentials are passed.
+    $this->drupalGet($url);
+    $this->assertResponse('401', 'The user is blocked when no credentials are passed.');
+    $this->assertNoText('Exception', "No raw exception is displayed on the page.");
+    $this->assertText('Please log in to access this page.', "A user friendly access unauthorized message is displayed.");
+
+    // Case when empty credentials are passed.
+    $this->basicAuthGet($url, NULL, NULL);
+    $this->assertResponse('403', 'The user is blocked when empty credentials are passed.');
+    $this->assertText('Access denied', "A user friendly access denied message is displayed");
+
+    // Case when wrong credentials are passed.
+    $this->basicAuthGet($url, $account->getUsername(), $this->randomMachineName());
+    $this->assertResponse('403', 'The user is blocked when wrong credentials are passed.');
+    $this->assertText('Access denied', "A user friendly access denied message is displayed");
+  }
+
  /**
   * Does HTTP basic auth request.
   *

--- a/core/modules/system/src/Controller/Http4xxController.php
+++ b/core/modules/system/src/Controller/Http4xxController.php
@@ -14,11 +14,23 @@
 */
 class Http4xxController extends ControllerBase {

+  /**
+   * The default 401 content.
+   *
+   * @return array
+   *   A render array containing the message to display for 401 pages.
+   */
+  public function on401() {
+    return [
+      '#markup' => $this->t('Please log in to access this page.'),
+    ];
+  }
+
  /**
   * The default 403 content.
   *
   * @return array
-   *  A render array containing the message to display for 404 pages.
+   *   A render array containing the message to display for 404 pages.
   */
  public function on403() {
    return [
@@ -30,7 +42,7 @@ public function on403() {
   * The default 404 content.
   *
   * @return array
-   *  A render array containing the message to display for 404 pages.
+   *   A render array containing the message to display for 404 pages.
   */
  public function on404() {
    return [

--- a/core/modules/system/system.routing.yml
+++ b/core/modules/system/system.routing.yml
@@ -7,6 +7,14 @@ system.ajax:
  requirements:
    _access: 'TRUE'

+system.401:
+  path: '/system/401'
+  defaults:
+    _controller: '\Drupal\system\Controller\Http4xxController:on401'
+    _title: 'Unauthorized'
+  requirements:
+    _access: 'TRUE'
+
 system.403:
  path: '/system/403'
  defaults: