Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-24975

Unauthorized repository exceptions don't trigger the login screen

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: High High
    • Resolution: Done
    • Affects Version/s: 2015.09.1
    • Fix Version/s: 2015.11
    • Component/s: None
    • Labels:
      None

      Description

      Repository exceptions such as UnauthorizedException will bubble up to the end, and be displayed as such instead of showing the login screen.

      The reasons are multiple.

      1. The Core\ExceptionListener from the Bundle has a priority of -90, while the one from the Firewall Sf component has 0. Ours translates the repository exception after the firewall has checked if it should display the login screen.

      2. The Core\ExceptionListener translates API\UnauthorizedException into an HttpKernel\AccessDeniedException. As it turns out, that one does NOT implement Security\AccessDeniedException, meaning that the Firewall exception listener still doesn't see it.

      I see two solutions:
      a) Translate the exception to a new eZ\Publish\Core\Base\Exceptions\AccessDeniedHttpException that implements both HttpKernel\HttpException and Security\AccessDeniedException
      b) Translate the exception to an Security\AccessDeniedException directly. As far as I can tell, the Security listener will correctly handle the HTTP codes, both for authenticated and unauthenticated users.

      Maybe a makes more sense.

        Issue Links

          Activity

          Show
          Bertrand Dunogier added a comment - Pull-request : https://github.com/ezsystems/ezpublish-kernel/pull/1468 .
          Hide
          Bertrand Dunogier added a comment -

          QA: the feature is covered by a behat scenario, maybe you can just review that ? See unauthorized_login_form.feature.

          Show
          Bertrand Dunogier added a comment - QA: the feature is covered by a behat scenario, maybe you can just review that ? See unauthorized_login_form.feature .
          Hide
          Pedro Resende (Inactive) added a comment -

          Bertrand Dunogier: While testing this issue I've decided to create a new content and change it's section to "Restricted" then, I've tried to access that content on the frontend and got a

          Oops! An Error Occurred
          The server returned a "500 Internal Server Error".
          Something is broken. Please let us know what you were doing when this error occurred. We will fix it as soon as possible. Sorry for any inconvenience caused. 
          

          in ezpublish/logs/prod.log I have the following

          [2015-10-20 14:18:35] app.NOTICE: Siteaccess not matched against configuration, returning default siteaccess. [] []
          [2015-10-20 14:18:35] app.DEBUG: Router eZ\Bundle\EzPublishCoreBundle\Routing\DefaultRouter was not able to match, message "" [] []
          [2015-10-20 14:18:35] app.INFO: UrlAlias matched location #134. Forwarding to ViewController [] []
          [2015-10-20 14:18:35] request.INFO: Matched route "ez_urlalias". {"route_parameters":{"_route":"ez_urlalias","_controller":"ez_content:viewAction","contentId":132,"locationId":"134","viewType":"full","layout":true},"request_uri":"http://ezplatform.vm/teste"} []
          [2015-10-20 14:18:35] security.DEBUG: Read existing security token from the session. {"key":"_security_ezpublish_front"} []
          [2015-10-20 14:18:35] security.DEBUG: User was reloaded from a user provider. {"username":"admin","provider":"eZ\\Publish\\Core\\MVC\\Symfony\\Security\\User\\Provider"} []
          [2015-10-20 14:18:35] request.CRITICAL: Uncaught PHP Exception InvalidArgumentException: "Unable to find template ""." at /var/www/ezplatform/vendor/symfony/symfony/src/Symfony/Bridge/Twig/TwigEngine.php line 128 {"exception":"[object] (InvalidArgumentException(code: 0): Unable to find template \"\". at /var/www/ezplatform/vendor/symfony/symfony/src/Symfony/Bridge/Twig/TwigEngine.php:128, Twig_Error_Loader(code: 0): Unable to find template \"\". at /var/www/ezplatform/vendor/symfony/symfony/src/Symfony/Bundle/TwigBundle/Loader/FilesystemLoader.php:91, InvalidArgumentException(code: 0): Unable to find template \"\" : \"An empty file name is not valid to be located.\". at /var/www/ezplatform/ezpublish/cache/prod/classes.php:796, InvalidArgumentException(code: 0): An empty file name is not valid to be located. at /var/www/ezplatform/ezpublish/cache/prod/classes.php:1757)"} []
          [2015-10-20 14:18:35] security.DEBUG: Stored the security token in the session. {"key":"_security_ezpublish_front"} []
          
          

          Show
          Pedro Resende (Inactive) added a comment - Bertrand Dunogier : While testing this issue I've decided to create a new content and change it's section to "Restricted" then, I've tried to access that content on the frontend and got a Oops! An Error Occurred The server returned a "500 Internal Server Error". Something is broken. Please let us know what you were doing when this error occurred. We will fix it as soon as possible. Sorry for any inconvenience caused. in ezpublish/logs/prod.log I have the following [2015-10-20 14:18:35] app.NOTICE: Siteaccess not matched against configuration, returning default siteaccess. [] [] [2015-10-20 14:18:35] app.DEBUG: Router eZ\Bundle\EzPublishCoreBundle\Routing\DefaultRouter was not able to match, message "" [] [] [2015-10-20 14:18:35] app.INFO: UrlAlias matched location #134. Forwarding to ViewController [] [] [2015-10-20 14:18:35] request.INFO: Matched route "ez_urlalias". {"route_parameters":{"_route":"ez_urlalias","_controller":"ez_content:viewAction","contentId":132,"locationId":"134","viewType":"full","layout":true},"request_uri":"http://ezplatform.vm/teste"} [] [2015-10-20 14:18:35] security.DEBUG: Read existing security token from the session. {"key":"_security_ezpublish_front"} [] [2015-10-20 14:18:35] security.DEBUG: User was reloaded from a user provider. {"username":"admin","provider":"eZ\\Publish\\Core\\MVC\\Symfony\\Security\\User\\Provider"} [] [2015-10-20 14:18:35] request.CRITICAL: Uncaught PHP Exception InvalidArgumentException: "Unable to find template ""." at /var/www/ezplatform/vendor/symfony/symfony/src/Symfony/Bridge/Twig/TwigEngine.php line 128 {"exception":"[object] (InvalidArgumentException(code: 0): Unable to find template \"\". at /var/www/ezplatform/vendor/symfony/symfony/src/Symfony/Bridge/Twig/TwigEngine.php:128, Twig_Error_Loader(code: 0): Unable to find template \"\". at /var/www/ezplatform/vendor/symfony/symfony/src/Symfony/Bundle/TwigBundle/Loader/FilesystemLoader.php:91, InvalidArgumentException(code: 0): Unable to find template \"\" : \"An empty file name is not valid to be located.\". at /var/www/ezplatform/ezpublish/cache/prod/classes.php:796, InvalidArgumentException(code: 0): An empty file name is not valid to be located. at /var/www/ezplatform/ezpublish/cache/prod/classes.php:1757)"} [] [2015-10-20 14:18:35] security.DEBUG: Stored the security token in the session. {"key":"_security_ezpublish_front"} []
          Hide
          Bertrand Dunogier added a comment - - edited

          Does it also fail if you don't set the restricted section ? Cause I don't really see this error coming from the bugfix itself.

          Show
          Bertrand Dunogier added a comment - - edited Does it also fail if you don't set the restricted section ? Cause I don't really see this error coming from the bugfix itself.
          Hide
          Pedro Resende (Inactive) added a comment -

          Apparently the problem is related with a new object not having a template

          Show
          Pedro Resende (Inactive) added a comment - Apparently the problem is related with a new object not having a template
          Hide
          Pedro Resende (Inactive) added a comment -

          Tested and approved by Q.A.

          Show
          Pedro Resende (Inactive) added a comment - Tested and approved by Q.A.
          Hide
          Gaetano Giunta added a comment -
          Show
          Gaetano Giunta added a comment - ps: might be of interest: https://github.com/symfony/symfony/issues/19285#issuecomment-230344126

            People

            • Assignee:
              Unassigned
              Reporter:
              Bertrand Dunogier
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: