Merge pull request #4320 from devdot/improve-api-auth-exception

Improve ApiAuthException control flow
This commit is contained in:
Dan Brown 2023-06-25 23:35:19 +01:00 committed by GitHub
commit bae0e80cee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 37 deletions

View File

@ -2,6 +2,25 @@
namespace BookStack\Exceptions;
class ApiAuthException extends UnauthorizedException
use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
class ApiAuthException extends \Exception implements HttpExceptionInterface
{
protected int $status;
public function __construct(string $message, int $statusCode = 401)
{
$this->status = $statusCode;
parent::__construct($message, $statusCode);
}
public function getStatusCode(): int
{
return $this->status;
}
public function getHeaders(): array
{
return [];
}
}

View File

@ -1,16 +0,0 @@
<?php
namespace BookStack\Exceptions;
use Exception;
class UnauthorizedException extends Exception
{
/**
* ApiAuthException constructor.
*/
public function __construct($message, $code = 401)
{
parent::__construct($message, $code);
}
}

View File

@ -3,7 +3,6 @@
namespace BookStack\Http\Middleware;
use BookStack\Exceptions\ApiAuthException;
use BookStack\Exceptions\UnauthorizedException;
use Closure;
use Illuminate\Http\Request;
@ -11,15 +10,13 @@ class ApiAuthenticate
{
/**
* Handle an incoming request.
*
* @throws ApiAuthException
*/
public function handle(Request $request, Closure $next)
{
// Validate the token and it's users API access
try {
$this->ensureAuthorizedBySessionOrToken();
} catch (UnauthorizedException $exception) {
return $this->unauthorisedResponse($exception->getMessage(), $exception->getCode());
}
$this->ensureAuthorizedBySessionOrToken();
return $next($request);
}
@ -28,7 +25,7 @@ class ApiAuthenticate
* Ensure the current user can access authenticated API routes, either via existing session
* authentication or via API Token authentication.
*
* @throws UnauthorizedException
* @throws ApiAuthException
*/
protected function ensureAuthorizedBySessionOrToken(): void
{
@ -58,17 +55,4 @@ class ApiAuthenticate
return $hasApiPermission && hasAppAccess();
}
/**
* Provide a standard API unauthorised response.
*/
protected function unauthorisedResponse(string $message, int $code)
{
return response()->json([
'error' => [
'code' => $code,
'message' => $message,
],
], $code);
}
}