Merge pull request #4320 from devdot/improve-api-auth-exception
Improve ApiAuthException control flow
This commit is contained in:
commit
bae0e80cee
3 changed files with 24 additions and 37 deletions
|
@ -2,6 +2,25 @@
|
|||
|
||||
namespace BookStack\Exceptions;
|
||||
|
||||
class ApiAuthException extends UnauthorizedException
|
||||
use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
|
||||
|
||||
class ApiAuthException extends \Exception implements HttpExceptionInterface
|
||||
{
|
||||
protected int $status;
|
||||
|
||||
public function __construct(string $message, int $statusCode = 401)
|
||||
{
|
||||
$this->status = $statusCode;
|
||||
parent::__construct($message, $statusCode);
|
||||
}
|
||||
|
||||
public function getStatusCode(): int
|
||||
{
|
||||
return $this->status;
|
||||
}
|
||||
|
||||
public function getHeaders(): array
|
||||
{
|
||||
return [];
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace BookStack\Exceptions;
|
||||
|
||||
use Exception;
|
||||
|
||||
class UnauthorizedException extends Exception
|
||||
{
|
||||
/**
|
||||
* ApiAuthException constructor.
|
||||
*/
|
||||
public function __construct($message, $code = 401)
|
||||
{
|
||||
parent::__construct($message, $code);
|
||||
}
|
||||
}
|
|
@ -3,7 +3,6 @@
|
|||
namespace BookStack\Http\Middleware;
|
||||
|
||||
use BookStack\Exceptions\ApiAuthException;
|
||||
use BookStack\Exceptions\UnauthorizedException;
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
|
@ -11,15 +10,13 @@ class ApiAuthenticate
|
|||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @throws ApiAuthException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
// Validate the token and it's users API access
|
||||
try {
|
||||
$this->ensureAuthorizedBySessionOrToken();
|
||||
} catch (UnauthorizedException $exception) {
|
||||
return $this->unauthorisedResponse($exception->getMessage(), $exception->getCode());
|
||||
}
|
||||
$this->ensureAuthorizedBySessionOrToken();
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
@ -28,7 +25,7 @@ class ApiAuthenticate
|
|||
* Ensure the current user can access authenticated API routes, either via existing session
|
||||
* authentication or via API Token authentication.
|
||||
*
|
||||
* @throws UnauthorizedException
|
||||
* @throws ApiAuthException
|
||||
*/
|
||||
protected function ensureAuthorizedBySessionOrToken(): void
|
||||
{
|
||||
|
@ -58,17 +55,4 @@ class ApiAuthenticate
|
|||
|
||||
return $hasApiPermission && hasAppAccess();
|
||||
}
|
||||
|
||||
/**
|
||||
* Provide a standard API unauthorised response.
|
||||
*/
|
||||
protected function unauthorisedResponse(string $message, int $code)
|
||||
{
|
||||
return response()->json([
|
||||
'error' => [
|
||||
'code' => $code,
|
||||
'message' => $message,
|
||||
],
|
||||
], $code);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue