Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit f1b53a2

Browse filesBrowse files
karionkarion
committed
Error 500 instead of 403 if previous exception is provided to AccessDeniedException
1 parent ba856e6 commit f1b53a2
Copy full SHA for f1b53a2

File tree

Expand file treeCollapse file tree

1 file changed

+59
-59
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+59
-59
lines changed

‎src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
+59-59Lines changed: 59 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -83,79 +83,79 @@ public function onKernelException(GetResponseForExceptionEvent $event)
8383
$exception = $event->getException();
8484
$request = $event->getRequest();
8585

86-
// determine the actual cause for the exception
87-
while (null !== $previous = $exception->getPrevious()) {
88-
$exception = $previous;
89-
}
90-
91-
if ($exception instanceof AuthenticationException) {
92-
if (null !== $this->logger) {
93-
$this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage()));
94-
}
95-
96-
try {
97-
$response = $this->startAuthentication($request, $exception);
98-
} catch (\Exception $e) {
99-
$event->setException($e);
100-
101-
return;
102-
}
103-
} elseif ($exception instanceof AccessDeniedException) {
104-
$event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
105-
106-
$token = $this->context->getToken();
107-
if (!$this->authenticationTrustResolver->isFullFledged($token)) {
86+
while (null !== $exception) {
87+
if ($exception instanceof AuthenticationException) {
10888
if (null !== $this->logger) {
109-
$this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine()));
89+
$this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage()));
11090
}
111-
91+
11292
try {
113-
$insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception);
114-
$insufficientAuthenticationException->setToken($token);
115-
$response = $this->startAuthentication($request, $insufficientAuthenticationException);
93+
$response = $this->startAuthentication($request, $exception);
11694
} catch (\Exception $e) {
11795
$event->setException($e);
118-
96+
11997
return;
12098
}
121-
} else {
122-
if (null !== $this->logger) {
123-
$this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine()));
124-
}
125-
126-
try {
127-
if (null !== $this->accessDeniedHandler) {
128-
$response = $this->accessDeniedHandler->handle($request, $exception);
129-
130-
if (!$response instanceof Response) {
131-
return;
132-
}
133-
} elseif (null !== $this->errorPage) {
134-
$subRequest = $this->httpUtils->createRequest($request, $this->errorPage);
135-
$subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception);
136-
137-
$response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);
138-
} else {
99+
} elseif ($exception instanceof AccessDeniedException) {
100+
$event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
101+
102+
$token = $this->context->getToken();
103+
if (!$this->authenticationTrustResolver->isFullFledged($token)) {
104+
if (null !== $this->logger) {
105+
$this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine()));
106+
}
107+
108+
try {
109+
$insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception);
110+
$insufficientAuthenticationException->setToken($token);
111+
$response = $this->startAuthentication($request, $insufficientAuthenticationException);
112+
} catch (\Exception $e) {
113+
$event->setException($e);
114+
139115
return;
140116
}
141-
} catch (\Exception $e) {
117+
} else {
142118
if (null !== $this->logger) {
143-
$this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage()));
119+
$this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine()));
144120
}
145-
146-
$event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e));
147-
121+
122+
try {
123+
if (null !== $this->accessDeniedHandler) {
124+
$response = $this->accessDeniedHandler->handle($request, $exception);
125+
126+
if (!$response instanceof Response) {
127+
return;
128+
}
129+
} elseif (null !== $this->errorPage) {
130+
$subRequest = $this->httpUtils->createRequest($request, $this->errorPage);
131+
$subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception);
132+
133+
$response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);
134+
} else {
135+
return;
136+
}
137+
} catch (\Exception $e) {
138+
if (null !== $this->logger) {
139+
$this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage()));
140+
}
141+
142+
$event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e));
143+
144+
return;
145+
}
146+
}
147+
} elseif ($exception instanceof LogoutException) {
148+
if (null !== $this->logger) {
149+
$this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
150+
}
151+
152+
return;
153+
} else {
154+
if (null === $exception->getPrevious()){
148155
return;
149156
}
150157
}
151-
} elseif ($exception instanceof LogoutException) {
152-
if (null !== $this->logger) {
153-
$this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
154-
}
155-
156-
return;
157-
} else {
158-
return;
158+
$exception = $exception->getPrevious();
159159
}
160160

161161
$event->setResponse($response);

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.