[5.5] Use AccessDeniedHttpException (#19611)

* Use AccessDeniedHttpException. * Add an extra test. * StyleCI fix.
laravel · Jun 15, 2017 · caeec06 · caeec06
1 parent 15f59f3
commit caeec06
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 12 deletions.
diff --git a/src/Illuminate/Broadcasting/Broadcasters/Broadcaster.php b/src/Illuminate/Broadcasting/Broadcasters/Broadcaster.php
@@ -8,7 +8,7 @@
 use Illuminate\Container\Container;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Contracts\Routing\BindingRegistrar;
-use Symfony\Component\HttpKernel\Exception\HttpException;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Illuminate\Contracts\Broadcasting\Broadcaster as BroadcasterContract;
 
 abstract class Broadcaster implements BroadcasterContract
@@ -47,7 +47,7 @@ public function channel($channel, callable $callback)
      * @param  \Illuminate\Http\Request  $request
      * @param  string  $channel
      * @return mixed
-     * @throws \Symfony\Component\HttpKernel\Exception\HttpException
+     * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
      */
     protected function verifyUserCanAccessChannel($request, $channel)
     {
@@ -63,7 +63,7 @@ protected function verifyUserCanAccessChannel($request, $channel)
             }
         }
 
-        throw new HttpException(403);
+        throw new AccessDeniedHttpException;
     }
 
     /**
@@ -141,7 +141,7 @@ protected function resolveExplicitBindingIfPossible($key, $value)
      * @param  mixed  $value
      * @param  array  $callbackParameters
      * @return mixed
-     * @throws \Symfony\Component\HttpKernel\Exception\HttpException
+     * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
      */
     protected function resolveImplicitBindingIfPossible($key, $value, $callbackParameters)
     {
@@ -153,7 +153,7 @@ protected function resolveImplicitBindingIfPossible($key, $value, $callbackParam
             $model = $parameter->getClass()->newInstance();
 
             return $model->where($model->getRouteKeyName(), $value)->firstOr(function () {
-                throw new HttpException(403);
+                throw new AccessDeniedHttpException;
             });
         }
 

diff --git a/src/Illuminate/Broadcasting/Broadcasters/PusherBroadcaster.php b/src/Illuminate/Broadcasting/Broadcasters/PusherBroadcaster.php
@@ -6,7 +6,7 @@
 use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
 use Illuminate\Broadcasting\BroadcastException;
-use Symfony\Component\HttpKernel\Exception\HttpException;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 
 class PusherBroadcaster extends Broadcaster
 {
@@ -33,13 +33,13 @@ public function __construct(Pusher $pusher)
      *
      * @param  \Illuminate\Http\Request  $request
      * @return mixed
-     * @throws \Symfony\Component\HttpKernel\Exception\HttpException
+     * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
      */
     public function auth($request)
     {
         if (Str::startsWith($request->channel_name, ['private-', 'presence-']) &&
             ! $request->user()) {
-            throw new HttpException(403);
+            throw new AccessDeniedHttpException;
         }
 
         $channelName = Str::startsWith($request->channel_name, 'private-')

diff --git a/src/Illuminate/Broadcasting/Broadcasters/RedisBroadcaster.php b/src/Illuminate/Broadcasting/Broadcasters/RedisBroadcaster.php
@@ -5,7 +5,7 @@
 use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
 use Illuminate\Contracts\Redis\Factory as Redis;
-use Symfony\Component\HttpKernel\Exception\HttpException;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 
 class RedisBroadcaster extends Broadcaster
 {
@@ -41,13 +41,13 @@ public function __construct(Redis $redis, $connection = null)
      *
      * @param  \Illuminate\Http\Request  $request
      * @return mixed
-     * @throws \Symfony\Component\HttpKernel\Exception\HttpException
+     * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
      */
     public function auth($request)
     {
         if (Str::startsWith($request->channel_name, ['private-', 'presence-']) &&
             ! $request->user()) {
-            throw new HttpException(403);
+            throw new AccessDeniedHttpException;
         }
 
         $channelName = Str::startsWith($request->channel_name, 'private-')

diff --git a/src/Illuminate/Foundation/Exceptions/Handler.php b/src/Illuminate/Foundation/Exceptions/Handler.php
@@ -26,6 +26,7 @@
 use Symfony\Component\Console\Application as ConsoleApplication;
 use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\Debug\ExceptionHandler as SymfonyExceptionHandler;
 use Illuminate\Contracts\Debug\ExceptionHandler as ExceptionHandlerContract;
 use Symfony\Component\HttpFoundation\RedirectResponse as SymfonyRedirectResponse;
@@ -183,7 +184,7 @@ protected function prepareException(Exception $e)
         if ($e instanceof ModelNotFoundException) {
             $e = new NotFoundHttpException($e->getMessage(), $e);
         } elseif ($e instanceof AuthorizationException) {
-            $e = new HttpException(403, $e->getMessage());
+            $e = new AccessDeniedHttpException($e->getMessage());
         } elseif ($e instanceof TokenMismatchException) {
             $e = new HttpException(419, $e->getMessage());
         }

diff --git a/tests/Foundation/FoundationExceptionsHandlerTest.php b/tests/Foundation/FoundationExceptionsHandlerTest.php
@@ -10,6 +10,7 @@
 use Illuminate\Contracts\Support\Responsable;
 use Illuminate\Foundation\Exceptions\Handler;
 use Symfony\Component\HttpKernel\Exception\HttpException;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 
 class FoundationExceptionsHandlerTest extends TestCase
 {
@@ -98,6 +99,21 @@ public function testReturnsJsonWithoutStackTraceWhenAjaxRequestAndDebugFalseAndH
         $this->assertNotContains('"line":', $response);
         $this->assertNotContains('"trace":', $response);
     }
+
+    public function testReturnsJsonWithoutStackTraceWhenAjaxRequestAndDebugFalseAndAccessDeniedHttpExceptionErrorIsShown()
+    {
+        $this->config->shouldReceive('get')->with('app.debug', null)->once()->andReturn(false);
+        $this->request->shouldReceive('expectsJson')->once()->andReturn(true);
+
+        $response = $this->handler->render($this->request, new AccessDeniedHttpException('My custom error message'))->getContent();
+
+        $this->assertContains('"message": "My custom error message"', $response);
+        $this->assertNotContains('<!DOCTYPE html>', $response);
+        $this->assertNotContains('"message": "Server Error"', $response);
+        $this->assertNotContains('"file":', $response);
+        $this->assertNotContains('"line":', $response);
+        $this->assertNotContains('"trace":', $response);
+    }
 }
 
 class CustomException extends Exception implements Responsable