Merge pull request #4320 from devdot/improve-api-auth-exception

Improve ApiAuthException control flow
2024-10-01 01:36:00 -04:00 · 2023-06-25 23:35:19 +01:00 · 2023-06-25 23:35:19 +01:00 · bae0e80cee
commit bae0e80cee
parent 847a57a49a 74097bd47c
3 changed files with 24 additions and 37 deletions
--- a/app/Exceptions/ApiAuthException.php
+++ b/app/Exceptions/ApiAuthException.php
@ -2,6 +2,25 @@

 namespace BookStack\Exceptions;

-class ApiAuthException extends UnauthorizedException
+use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
+
+class ApiAuthException extends \Exception implements HttpExceptionInterface
 {
+    protected int $status;
+
+    public function __construct(string $message, int $statusCode = 401)
+    {
+        $this->status = $statusCode;
+        parent::__construct($message, $statusCode);
+    }
+
+    public function getStatusCode(): int
+    {
+        return $this->status;
+    }
+
+    public function getHeaders(): array
+    {
+        return [];
+    }
 }
--- a/app/Exceptions/UnauthorizedException.php
+++ b/app/Exceptions/UnauthorizedException.php
@ -1,16 +0,0 @@
-<?php
-
-namespace BookStack\Exceptions;
-
-use Exception;
-
-class UnauthorizedException extends Exception
-{
-    /**
-     * ApiAuthException constructor.
-     */
-    public function __construct($message, $code = 401)
-    {
-        parent::__construct($message, $code);
-    }
-}
--- a/app/Http/Middleware/ApiAuthenticate.php
+++ b/app/Http/Middleware/ApiAuthenticate.php
@ -3,7 +3,6 @@
 namespace BookStack\Http\Middleware;

 use BookStack\Exceptions\ApiAuthException;
-use BookStack\Exceptions\UnauthorizedException;
 use Closure;
 use Illuminate\Http\Request;

@ -11,15 +10,13 @@ class ApiAuthenticate
 {
    /**
     * Handle an incoming request.
+     *
+     * @throws ApiAuthException
     */
    public function handle(Request $request, Closure $next)
    {
        // Validate the token and it's users API access
-        try {
-            $this->ensureAuthorizedBySessionOrToken();
-        } catch (UnauthorizedException $exception) {
-            return $this->unauthorisedResponse($exception->getMessage(), $exception->getCode());
-        }
+        $this->ensureAuthorizedBySessionOrToken();

        return $next($request);
    }
@ -28,7 +25,7 @@ class ApiAuthenticate
     * Ensure the current user can access authenticated API routes, either via existing session
     * authentication or via API Token authentication.
     *
-     * @throws UnauthorizedException
+     * @throws ApiAuthException
     */
    protected function ensureAuthorizedBySessionOrToken(): void
    {
@ -58,17 +55,4 @@ class ApiAuthenticate

        return $hasApiPermission && hasAppAccess();
    }
-
-    /**
-     * Provide a standard API unauthorised response.
-     */
-    protected function unauthorisedResponse(string $message, int $code)
-    {
-        return response()->json([
-            'error' => [
-                'code'    => $code,
-                'message' => $message,
-            ],
-        ], $code);
-    }
 }