Rework firewall access denied rule

dimabory · nesk · commit 9954f18109dc · 2019-11-27T11:30:53.000+01:00
diff --git a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
@@ -150,8 +150,6 @@ private function handleAccessDeniedException(ExceptionEvent $event, AccessDenied
             } catch (\Exception $e) {
                 $event->setThrowable($e);
             }
-
-            return;
         }
 
         if (null !== $this->logger) {
@@ -169,7 +167,7 @@ private function handleAccessDeniedException(ExceptionEvent $event, AccessDenied
                 $subRequest = $this->httpUtils->createRequest($event->getRequest(), $this->errorPage);
                 $subRequest->attributes->set(Security::ACCESS_DENIED_ERROR, $exception);
 
-                $event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true));
+                $event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST));
                 $event->allowCustomResponseCode();
             }
         } catch (\Exception $e) {
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php
@@ -130,10 +130,8 @@ public function testAccessDeniedExceptionFullFledgedAndWithAccessDeniedHandlerAn
     {
         $event = $this->createEvent($exception);
 
-        $accessDeniedHandler = $this->getMockBuilder('Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface')->getMock();
-        $accessDeniedHandler->expects($this->once())->method('handle')->willReturn(new Response('error'));
+        $listener = $this->createExceptionListener(null, $this->createTrustResolver(true), null, null, null, $this->createCustomAccessDeniedHandler(new Response('error')));
 
-        $listener = $this->createExceptionListener(null, $this->createTrustResolver(true), null, null, null, $accessDeniedHandler);
         $listener->onKernelException($event);
 
         $this->assertEquals('error', $event->getResponse()->getContent());
@@ -147,16 +145,51 @@ public function testAccessDeniedExceptionNotFullFledged(\Exception $exception, \
     {
         $event = $this->createEvent($exception);
 
-        $tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();
-        $tokenStorage->expects($this->once())->method('getToken')->willReturn($this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock());
-
-        $listener = $this->createExceptionListener($tokenStorage, $this->createTrustResolver(false), null, $this->createEntryPoint());
+        $listener = $this->createExceptionListener($this->createTokenStorage(), $this->createTrustResolver(false), null, $this->createEntryPoint());
         $listener->onKernelException($event);
 
         $this->assertEquals('OK', $event->getResponse()->getContent());
         $this->assertSame(null === $eventException ? $exception : $eventException, $event->getThrowable()->getPrevious());
     }
 
+    /**
+     * @dataProvider getAccessDeniedExceptionProvider
+     */
+    public function testAccessDeniedExceptionNotFullFledgedAndWithAccessDeniedHandlerAndWithoutErrorPage(\Exception $exception, \Exception $eventException = null)
+    {
+        $event = $this->createEvent($exception);
+
+        $listener = $this->createExceptionListener($this->createTokenStorage(), $this->createTrustResolver(false), null, $this->createEntryPoint(), null, $this->createCustomAccessDeniedHandler(new Response('denied', 403)));
+        $listener->onKernelException($event);
+
+        $this->assertEquals('denied', $event->getResponse()->getContent());
+        $this->assertEquals(403, $event->getResponse()->getStatusCode());
+        $this->assertSame(null === $eventException ? $exception : $eventException, $event->getThrowable()->getPrevious());
+    }
+
+    /**
+     * @dataProvider getAccessDeniedExceptionProvider
+     */
+    public function testAccessDeniedExceptionNotFullFledgedAndWithoutAccessDeniedHandlerAndWithErrorPage(\Exception $exception, \Exception $eventException = null)
+    {
+        $kernel = $this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock();
+        $kernel->expects($this->once())->method('handle')->willReturn(new Response('Unauthorized', 401));
+
+        $event = $this->createEvent($exception, $kernel);
+
+        $httpUtils = $this->getMockBuilder('Symfony\Component\Security\Http\HttpUtils')->getMock();
+        $httpUtils->expects($this->once())->method('createRequest')->willReturn(Request::create('/error'));
+
+        $listener = $this->createExceptionListener($this->createTokenStorage(), $this->createTrustResolver(true), $httpUtils, null, '/error');
+        $listener->onKernelException($event);
+
+        $this->assertTrue($event->isAllowingCustomResponseCode());
+
+        $this->assertEquals('Unauthorized', $event->getResponse()->getContent());
+        $this->assertEquals(401, $event->getResponse()->getStatusCode());
+        $this->assertSame(null === $eventException ? $exception : $eventException, $event->getThrowable()->getPrevious());
+    }
+
     public function getAccessDeniedExceptionProvider()
     {
         return [
@@ -168,6 +201,22 @@ public function getAccessDeniedExceptionProvider()
         ];
     }
 
+    private function createTokenStorage()
+    {
+        $tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();
+        $tokenStorage->expects($this->once())->method('getToken')->willReturn($this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock());
+
+        return $tokenStorage;
+    }
+
+    private function createCustomAccessDeniedHandler(Response $response)
+    {
+        $accessDeniedHandler = $this->getMockBuilder('Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface')->getMock();
+        $accessDeniedHandler->expects($this->once())->method('handle')->willReturn($response);
+
+        return $accessDeniedHandler;
+    }
+
     private function createEntryPoint(Response $response = null)
     {
         $entryPoint = $this->getMockBuilder('Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface')->getMock();

Original file line number	Diff line number	Diff line change
`@@ -150,8 +150,6 @@ private function handleAccessDeniedException(ExceptionEvent $event, AccessDenied`
`150`	`150`	`} catch (\Exception $e) {`
`151`	`151`	`$event->setThrowable($e);`
`152`	`152`	`}`
`153`		`-`
`154`		`- return;`
`155`	`153`	`}`
`156`	`154`
`157`	`155`	`if (null !== $this->logger) {`
`@@ -169,7 +167,7 @@ private function handleAccessDeniedException(ExceptionEvent $event, AccessDenied`
`169`	`167`	`$subRequest = $this->httpUtils->createRequest($event->getRequest(), $this->errorPage);`
`170`	`168`	`$subRequest->attributes->set(Security::ACCESS_DENIED_ERROR, $exception);`
`171`	`169`
`172`		`- $event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true));`
	`170`	`+ $event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST));`
`173`	`171`	`$event->allowCustomResponseCode();`
`174`	`172`	`}`
`175`	`173`	`} catch (\Exception $e) {`