Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Convert InsufficientAuthenticationException to HttpException with 401 status code#28801

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
fabpot merged 1 commit intosymfony:2.8fromvincentchalamon:master
Oct 17, 2018

Conversation

@vincentchalamon
Copy link
Contributor

@vincentchalamonvincentchalamon commentedOct 10, 2018
edited by nicolas-grekas
Loading

QA
Branch?2.8
Bug fix?yes
New feature?no
BC breaks?no
Deprecations?no
Tests pass?yes
Fixed ticket#8467
LicenseMIT

I was trying to implement thejson_login authentication and test it with an API Platform project. When I call a secured endpoint without authentication, an InsufficientAuthenticationException is thrown with a 500 status code instead of a 401.

After some researches with@dunglas, there is no defaultentrypoint on the security firewall. As one already exists forform_login in the FormLoginFactory, this component might need a default one to convert this 500 exception to a correct 401 HTTP error.

Thisfixes#25806 (comment).

Koc and aminin reacted with thumbs up emoji
Copy link
Member

@dunglasdunglas left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

👍 when tests will be added

@vincentchalamonvincentchalamon changed the base branch frommaster to2.8October 10, 2018 12:46
@vincentchalamonvincentchalamon changed the title[WIP] Convert InsufficientAuthenticationException to HttpException with 401 status codeConvert InsufficientAuthenticationException to HttpException with 401 status codeOct 10, 2018
@Koc
Copy link
Contributor

Koc commentedOct 11, 2018

seems like this PR also fixes#8467, but not sure

@nicolas-grekasnicolas-grekas added this to the2.8 milestoneOct 17, 2018
@nicolas-grekas
Copy link
Member

@Koc I'm linking your issue as being fixed by this PR. I'll let you reopen an issue if that's not the case.

@fabpot
Copy link
Member

Thank you@vincentchalamon.

@fabpotfabpot merged commit4503ac8 intosymfony:2.8Oct 17, 2018
fabpot added a commit that referenced this pull requestOct 17, 2018
…on with 401 status code (vincentchalamon)This PR was merged into the 2.8 branch.Discussion----------Convert InsufficientAuthenticationException to HttpException with 401 status code| Q             | A| ------------- | ---| Branch?       | 2.8| Bug fix?      | yes| New feature?  | no| BC breaks?    | no| Deprecations? | no| Tests pass?   | yes| Fixed ticket |#8467| License       | MITI was trying to implement the `json_login` authentication and test it with an API Platform project. When I call a secured endpoint without authentication, an InsufficientAuthenticationException is thrown with a 500 status code instead of a 401.After some researches with@dunglas, there is no default `entrypoint` on the security firewall. As one already exists for `form_login` in the FormLoginFactory, this component might need a default one to convert this 500 exception to a correct 401 HTTP error.Thisfixes#25806 (comment).Commits-------4503ac8 Convert InsufficientAuthenticationException to HttpException
@Rebolon
Copy link

The problem also exist in 4+ branch, does the fix solve the issue in recent version of Sf ?

@dunglas
Copy link
Member

@Rebolon I think so, old branches are merged in the newer ones on a regular basis.

vincentchalamon reacted with thumbs up emoji

This was referencedNov 3, 2018
@gitnik
Copy link

Hey guys, this actually broke some of our code as we caught this specific exception and converted it to a 401 ourselves. With this change it turned into a 500 essentially reversing our scenario.
I would definitely consider throwing a different exception to be BC breaking.

@ganoch
Copy link

@gitnik nice, your case was bound to happen as this issue has been present for quite some time now. I must say your original fix is now the root of your problem. Do you mind telling how you fixed your new issue?

@gitnik
Copy link

Now we just catch the genericHttpException and check for status401. But it took quite some time figuring this out 😉

@Rebolon
Copy link

There is the same kind of missing feature with this Symfony Exception:
Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
Symfony always return a 500 instead of a 403

I opened an issue in ApiPlatformhttps://github.com/api-platform/api-platform/issues/1213
But i think tht the problem is on Symfony

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@fabpotfabpotfabpot approved these changes

@dunglasdunglasdunglas approved these changes

@nicolas-grekasnicolas-grekasnicolas-grekas approved these changes

@OskarStarkOskarStarkOskarStark approved these changes

Assignees

No one assigned

Projects

None yet

Milestone

2.8

Development

Successfully merging this pull request may close these issues.

10 participants

@vincentchalamon@Koc@nicolas-grekas@fabpot@Rebolon@dunglas@gitnik@ganoch@OskarStark@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp