Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-24975

Unauthorized repository exceptions don't trigger the login screen

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: High
    • Resolution: Done
    • Affects Version/s: 2015.09.1
    • Fix Version/s: 2015.11
    • Component/s: None
    • Labels:
      None

      Description

      Repository exceptions such as UnauthorizedException will bubble up to the end, and be displayed as such instead of showing the login screen.

      The reasons are multiple.

      1. The Core\ExceptionListener from the Bundle has a priority of -90, while the one from the Firewall Sf component has 0. Ours translates the repository exception after the firewall has checked if it should display the login screen.

      2. The Core\ExceptionListener translates API\UnauthorizedException into an HttpKernel\AccessDeniedException. As it turns out, that one does NOT implement Security\AccessDeniedException, meaning that the Firewall exception listener still doesn't see it.

      I see two solutions:
      a) Translate the exception to a new eZ\Publish\Core\Base\Exceptions\AccessDeniedHttpException that implements both HttpKernel\HttpException and Security\AccessDeniedException
      b) Translate the exception to an Security\AccessDeniedException directly. As far as I can tell, the Security listener will correctly handle the HTTP codes, both for authenticated and unauthenticated users.

      Maybe a makes more sense.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                bertrand.dunogier@ez.no Bertrand Dunogier
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: