Commit a33414e5 authored by xjm's avatar xjm

Issue #2472371 by Dom., pfrenssen: Exception shown on 401 Unauthorized

parent f82428c7
...@@ -16,6 +16,7 @@ ...@@ -16,6 +16,7 @@
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent; use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
/** /**
* Exception subscriber for handling core default HTML error pages. * Exception subscriber for handling core default HTML error pages.
...@@ -75,6 +76,16 @@ protected function getHandledFormats() { ...@@ -75,6 +76,16 @@ protected function getHandledFormats() {
return ['html']; return ['html'];
} }
/**
* Handles a 401 error for HTML.
*
* @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event
* The event to process.
*/
public function on401(GetResponseForExceptionEvent $event) {
$this->makeSubrequest($event, Url::fromRoute('system.401')->toString(), Response::HTTP_UNAUTHORIZED);
}
/** /**
* Handles a 403 error for HTML. * Handles a 403 error for HTML.
* *
...@@ -107,6 +118,7 @@ public function on404(GetResponseForExceptionEvent $event) { ...@@ -107,6 +118,7 @@ public function on404(GetResponseForExceptionEvent $event) {
*/ */
protected function makeSubrequest(GetResponseForExceptionEvent $event, $url, $status_code) { protected function makeSubrequest(GetResponseForExceptionEvent $event, $url, $status_code) {
$request = $event->getRequest(); $request = $event->getRequest();
$exception = $event->getException();
if (!($url && $url[0] == '/')) { if (!($url && $url[0] == '/')) {
$url = $request->getBasePath() . '/' . $url; $url = $request->getBasePath() . '/' . $url;
...@@ -136,6 +148,12 @@ protected function makeSubrequest(GetResponseForExceptionEvent $event, $url, $st ...@@ -136,6 +148,12 @@ protected function makeSubrequest(GetResponseForExceptionEvent $event, $url, $st
$response = $this->httpKernel->handle($sub_request, HttpKernelInterface::SUB_REQUEST); $response = $this->httpKernel->handle($sub_request, HttpKernelInterface::SUB_REQUEST);
$response->setStatusCode($status_code); $response->setStatusCode($status_code);
// Persist any special HTTP headers that were set on the exception.
if ($exception instanceof HttpExceptionInterface) {
$response->headers->add($exception->getHeaders());
}
$event->setResponse($response); $event->setResponse($response);
} }
catch (\Exception $e) { catch (\Exception $e) {
......
...@@ -153,6 +153,30 @@ function testLocale() { ...@@ -153,6 +153,30 @@ function testLocale() {
$this->curlClose(); $this->curlClose();
} }
/**
* Tests if a comprehensive message is displayed when the route is denied.
*/
function testUnauthorizedErrorMessage() {
$account = $this->drupalCreateUser();
$url = Url::fromRoute('router_test.11');
// Case when no credentials are passed.
$this->drupalGet($url);
$this->assertResponse('401', 'The user is blocked when no credentials are passed.');
$this->assertNoText('Exception', "No raw exception is displayed on the page.");
$this->assertText('Please log in to access this page.', "A user friendly access unauthorized message is displayed.");
// Case when empty credentials are passed.
$this->basicAuthGet($url, NULL, NULL);
$this->assertResponse('403', 'The user is blocked when empty credentials are passed.');
$this->assertText('Access denied', "A user friendly access denied message is displayed");
// Case when wrong credentials are passed.
$this->basicAuthGet($url, $account->getUsername(), $this->randomMachineName());
$this->assertResponse('403', 'The user is blocked when wrong credentials are passed.');
$this->assertText('Access denied', "A user friendly access denied message is displayed");
}
/** /**
* Does HTTP basic auth request. * Does HTTP basic auth request.
* *
......
...@@ -14,11 +14,23 @@ ...@@ -14,11 +14,23 @@
*/ */
class Http4xxController extends ControllerBase { class Http4xxController extends ControllerBase {
/**
* The default 401 content.
*
* @return array
* A render array containing the message to display for 401 pages.
*/
public function on401() {
return [
'#markup' => $this->t('Please log in to access this page.'),
];
}
/** /**
* The default 403 content. * The default 403 content.
* *
* @return array * @return array
* A render array containing the message to display for 404 pages. * A render array containing the message to display for 404 pages.
*/ */
public function on403() { public function on403() {
return [ return [
...@@ -30,7 +42,7 @@ public function on403() { ...@@ -30,7 +42,7 @@ public function on403() {
* The default 404 content. * The default 404 content.
* *
* @return array * @return array
* A render array containing the message to display for 404 pages. * A render array containing the message to display for 404 pages.
*/ */
public function on404() { public function on404() {
return [ return [
......
...@@ -7,6 +7,14 @@ system.ajax: ...@@ -7,6 +7,14 @@ system.ajax:
requirements: requirements:
_access: 'TRUE' _access: 'TRUE'
system.401:
path: '/system/401'
defaults:
_controller: '\Drupal\system\Controller\Http4xxController:on401'
_title: 'Unauthorized'
requirements:
_access: 'TRUE'
system.403: system.403:
path: '/system/403' path: '/system/403'
defaults: defaults:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment