Simplify ApiAuthException control flow

Remove unnecessary UnauthorizedException
and make ApiAuthException compatible with HttpExceptionInterface.

Move the creation of a rsponse for the exception
from ApiAuthenticate middleware into the application exception handler.

diff --git a/app/Exceptions/ApiAuthException.php b/app/Exceptions/ApiAuthException.php
index 360370de4109e723ed3446d5ff9de901fcc80556..070f7a8df0b9786e9937645a213d5ea16444a478 100644 (file)
--- a/app/Exceptions/ApiAuthException.php
+++ b/app/Exceptions/ApiAuthException.php
@@ -2,6 +2,25 @@
 
 namespace BookStack\Exceptions;
 
-class ApiAuthException extends UnauthorizedException
+use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
+
+class ApiAuthException extends \Exception implements HttpExceptionInterface
 {
+    protected int $status;
+
+    public function __construct(string $message, int $statusCode = 401)
+    {
+        $this->status = $statusCode;
+        parent::__construct($message, $statusCode);
+    }
+
+    public function getStatusCode(): int
+    {
+        return $this->status;
+    }
+
+    public function getHeaders(): array
+    {
+        return [];
+    }
 }

diff --git a/app/Exceptions/UnauthorizedException.php b/app/Exceptions/UnauthorizedException.php
deleted file mode 100644 (file)
index 5c73ca0..0000000
--- a/app/Exceptions/UnauthorizedException.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-
-namespace BookStack\Exceptions;
-
-use Exception;
-
-class UnauthorizedException extends Exception
-{
-    /**
-     * ApiAuthException constructor.
-     */
-    public function __construct($message, $code = 401)
-    {
-        parent::__construct($message, $code);
-    }
-}

diff --git a/app/Http/Middleware/ApiAuthenticate.php b/app/Http/Middleware/ApiAuthenticate.php
index 5d621ac119a22abf16c103d4cfc40dc617fcb5e8..b348473cf4d3dc40c1e353f1fb31c3b90e3c00de 100644 (file)
--- a/app/Http/Middleware/ApiAuthenticate.php
+++ b/app/Http/Middleware/ApiAuthenticate.php
@@ -3,7 +3,6 @@
 namespace BookStack\Http\Middleware;
 
 use BookStack\Exceptions\ApiAuthException;
-use BookStack\Exceptions\UnauthorizedException;
 use Closure;
 use Illuminate\Http\Request;
 
@@ -11,15 +10,13 @@ class ApiAuthenticate
 {
     /**
      * Handle an incoming request.
+     *
+     * @throws ApiAuthException
      */
     public function handle(Request $request, Closure $next)
     {
         // Validate the token and it's users API access
-        try {
-            $this->ensureAuthorizedBySessionOrToken();
-        } catch (UnauthorizedException $exception) {
-            return $this->unauthorisedResponse($exception->getMessage(), $exception->getCode());
-        }
+        $this->ensureAuthorizedBySessionOrToken();
 
         return $next($request);
     }
@@ -28,7 +25,7 @@ class ApiAuthenticate
      * Ensure the current user can access authenticated API routes, either via existing session
      * authentication or via API Token authentication.
      *
-     * @throws UnauthorizedException
+     * @throws ApiAuthException
      */
     protected function ensureAuthorizedBySessionOrToken(): void
     {
@@ -58,17 +55,4 @@ class ApiAuthenticate
 
         return $hasApiPermission && hasAppAccess();
     }
-
-    /**
-     * Provide a standard API unauthorised response.
-     */
-    protected function unauthorisedResponse(string $message, int $code)
-    {
-        return response()->json([
-            'error' => [
-                'code'    => $code,
-                'message' => $message,
-            ],
-        ], $code);
-    }
 }