Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 616b6c5

Browse filesBrowse files
karionfabpot
karion
authored and
fabpot
committed
[Security] fixed error 500 instead of 403 if previous exception is provided to AccessDeniedException
1 parent c33341d commit 616b6c5
Copy full SHA for 616b6c5

File tree

Expand file treeCollapse file tree

1 file changed

+67
-51
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+67
-51
lines changed

‎src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
+67-51Lines changed: 67 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -83,79 +83,95 @@ public function onKernelException(GetResponseForExceptionEvent $event)
8383
$exception = $event->getException();
8484
$request = $event->getRequest();
8585

86-
// determine the actual cause for the exception
87-
while (null !== $previous = $exception->getPrevious()) {
88-
$exception = $previous;
89-
}
90-
91-
if ($exception instanceof AuthenticationException) {
92-
if (null !== $this->logger) {
93-
$this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage()));
94-
}
95-
96-
try {
97-
$response = $this->startAuthentication($request, $exception);
98-
} catch (\Exception $e) {
99-
$event->setException($e);
100-
101-
return;
102-
}
103-
} elseif ($exception instanceof AccessDeniedException) {
104-
$event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
105-
106-
$token = $this->context->getToken();
107-
if (!$this->authenticationTrustResolver->isFullFledged($token)) {
86+
while (null !== $exception) {
87+
if ($exception instanceof AuthenticationException) {
10888
if (null !== $this->logger) {
109-
$this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine()));
89+
$this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage()));
11090
}
11191

11292
try {
113-
$insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception);
114-
$insufficientAuthenticationException->setToken($token);
115-
$response = $this->startAuthentication($request, $insufficientAuthenticationException);
93+
$response = $this->startAuthentication($request, $exception);
94+
95+
break;
11696
} catch (\Exception $e) {
11797
$event->setException($e);
11898

11999
return;
120100
}
121-
} else {
122-
if (null !== $this->logger) {
123-
$this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine()));
124-
}
101+
}
125102

126-
try {
127-
if (null !== $this->accessDeniedHandler) {
128-
$response = $this->accessDeniedHandler->handle($request, $exception);
103+
if ($exception instanceof AccessDeniedException) {
104+
$event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
129105

130-
if (!$response instanceof Response) {
131-
return;
132-
}
133-
} elseif (null !== $this->errorPage) {
134-
$subRequest = $this->httpUtils->createRequest($request, $this->errorPage);
135-
$subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception);
106+
$token = $this->context->getToken();
107+
if (!$this->authenticationTrustResolver->isFullFledged($token)) {
108+
if (null !== $this->logger) {
109+
$this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine()));
110+
}
111+
112+
try {
113+
$insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception);
114+
$insufficientAuthenticationException->setToken($token);
115+
$response = $this->startAuthentication($request, $insufficientAuthenticationException);
116+
117+
break;
118+
} catch (\Exception $e) {
119+
$event->setException($e);
136120

137-
$response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);
138-
} else {
139121
return;
140122
}
141-
} catch (\Exception $e) {
123+
} else {
142124
if (null !== $this->logger) {
143-
$this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage()));
125+
$this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine()));
144126
}
145127

146-
$event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e));
128+
try {
129+
if (null !== $this->accessDeniedHandler) {
130+
$response = $this->accessDeniedHandler->handle($request, $exception);
147131

148-
return;
132+
if (!$response instanceof Response) {
133+
return;
134+
}
135+
136+
break;
137+
}
138+
139+
if (null !== $this->errorPage) {
140+
$subRequest = $this->httpUtils->createRequest($request, $this->errorPage);
141+
$subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception);
142+
143+
$response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);
144+
145+
break;
146+
}
147+
148+
return;
149+
150+
} catch (\Exception $e) {
151+
if (null !== $this->logger) {
152+
$this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage()));
153+
}
154+
155+
$event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e));
156+
157+
return;
158+
}
159+
}
160+
}
161+
162+
if ($exception instanceof LogoutException) {
163+
if (null !== $this->logger) {
164+
$this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
149165
}
166+
167+
return;
150168
}
151-
} elseif ($exception instanceof LogoutException) {
152-
if (null !== $this->logger) {
153-
$this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
169+
170+
if (null === $exception->getPrevious()) {
171+
return;
154172
}
155173

156-
return;
157-
} else {
158-
return;
174+
$exception = $exception->getPrevious();
159175
}
160176

161177
$event->setResponse($response);

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.