Merge pull request #62 from Nyholm/patch-exception

Throw exceptions instead of creating responses
trikoder · Jun 6, 2019 · 8a505f6 · 8a505f6
2 parents 1fd6e76 + 1a9cb81
commit 8a505f6
Show file tree

Hide file tree

Showing 8 changed files with 89 additions and 7 deletions.
diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -24,6 +24,14 @@ public function getConfigTreeBuilder()
         $rootNode->append($this->createScopesNode());
         $rootNode->append($this->createPersistenceNode());
 
+        $rootNode
+            ->children()
+                ->scalarNode('exception_event_listener_priority')
+                    ->info('The priority of the event listener that converts an Exception to a Response')
+                    ->defaultValue(10)
+                ->end()
+            ->end();
+
         return $treeBuilder;
     }
 

diff --git a/DependencyInjection/TrikoderOAuth2Extension.php b/DependencyInjection/TrikoderOAuth2Extension.php
@@ -24,6 +24,7 @@
 use Symfony\Component\DependencyInjection\Extension\PrependExtensionInterface;
 use Symfony\Component\DependencyInjection\Loader\XmlFileLoader;
 use Symfony\Component\DependencyInjection\Reference;
+use Symfony\Component\HttpKernel\KernelEvents;
 use Trikoder\Bundle\OAuth2Bundle\DBAL\Type\Grant as GrantType;
 use Trikoder\Bundle\OAuth2Bundle\DBAL\Type\RedirectUri as RedirectUriType;
 use Trikoder\Bundle\OAuth2Bundle\DBAL\Type\Scope as ScopeType;
@@ -46,6 +47,13 @@ public function load(array $configs, ContainerBuilder $container)
         $this->configureAuthorizationServer($container, $config['authorization_server']);
         $this->configureResourceServer($container, $config['resource_server']);
         $this->configureScopes($container, $config['scopes']);
+
+        $container->getDefinition('trikoder.oauth2.event_listener.authorization.convert_to_response')
+            ->addTag('kernel.event_listener', [
+                'event' => KernelEvents::EXCEPTION,
+                'method' => 'onKernelException',
+                'priority' => $config['exception_event_listener_priority'],
+            ]);
     }
 
     /**

diff --git a/EventListener/ConvertExceptionToResponseListener.php b/EventListener/ConvertExceptionToResponseListener.php
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Trikoder\Bundle\OAuth2Bundle\EventListener;
+
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
+use Trikoder\Bundle\OAuth2Bundle\Security\Exception\InsufficientScopesException;
+use Trikoder\Bundle\OAuth2Bundle\Security\Exception\Oauth2AuthenticationFailedException;
+
+/**
+ * @author Tobias Nyholm <[email protected]>
+ */
+final class ConvertExceptionToResponseListener
+{
+    public function onKernelException(GetResponseForExceptionEvent $event)
+    {
+        $exception = $event->getException();
+        if ($exception instanceof InsufficientScopesException || $exception instanceof Oauth2AuthenticationFailedException) {
+            $event->setResponse(new Response($exception->getMessage(), $exception->getCode()));
+        }
+    }
+}
diff --git a/README.md b/README.md
@@ -102,6 +102,10 @@ This package is currently in the active development.
                 entity_manager: default # Required
 
             in_memory: ~
+         
+        # The priority of the event listener that converts an Exception to a Response
+        exception_event_listener_priority: 10 
+       
     ```
 
 3. Enable the bundle in `config/bundles.php` by adding it to the array:

diff --git a/Resources/config/services.xml b/Resources/config/services.xml
@@ -92,6 +92,7 @@
             <argument type="service" id="Symfony\Component\Security\Core\Security" />
             <tag name="kernel.event_listener" event="trikoder.oauth2.authorization_request_resolve" method="onAuthorizationRequest" priority="1024" />
         </service>
+        <service id="trikoder.oauth2.event_listener.authorization.convert_to_response" class="Trikoder\Bundle\OAuth2Bundle\EventListener\ConvertExceptionToResponseListener" />
 
         <!-- Token controller -->
         <service id="trikoder.oauth2.controller.token_controller" class="Trikoder\Bundle\OAuth2Bundle\Controller\TokenController">

diff --git a/Security/Exception/InsufficientScopesException.php b/Security/Exception/InsufficientScopesException.php
@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Trikoder\Bundle\OAuth2Bundle\Security\Exception;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+
+/**
+ * @author Tobias Nyholm <[email protected]>
+ */
+class InsufficientScopesException extends AuthenticationException
+{
+    public static function create(TokenInterface $token): self
+    {
+        $exception = new self('The token has insufficient scopes.', 403);
+        $exception->setToken($token);
+
+        return $exception;
+    }
+}
diff --git a/Security/Exception/Oauth2AuthenticationFailedException.php b/Security/Exception/Oauth2AuthenticationFailedException.php
@@ -0,0 +1,18 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Trikoder\Bundle\OAuth2Bundle\Security\Exception;
+
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+
+/**
+ * @author Tobias Nyholm <[email protected]>
+ */
+class Oauth2AuthenticationFailedException extends AuthenticationException
+{
+    public static function create(string $message): self
+    {
+        return new self($message, 401);
+    }
+}
diff --git a/Security/Firewall/OAuth2Listener.php b/Security/Firewall/OAuth2Listener.php
@@ -6,13 +6,14 @@
 
 use Symfony\Bridge\PsrHttpMessage\HttpMessageFactoryInterface;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Http\Firewall\ListenerInterface;
 use Trikoder\Bundle\OAuth2Bundle\Security\Authentication\Token\OAuth2Token;
+use Trikoder\Bundle\OAuth2Bundle\Security\Exception\InsufficientScopesException;
+use Trikoder\Bundle\OAuth2Bundle\Security\Exception\Oauth2AuthenticationFailedException;
 
 final class OAuth2Listener implements ListenerInterface
 {
@@ -56,15 +57,11 @@ public function handle(GetResponseEvent $event)
             /** @var OAuth2Token $authenticatedToken */
             $authenticatedToken = $this->authenticationManager->authenticate(new OAuth2Token($request, null));
         } catch (AuthenticationException $e) {
-            $event->setResponse(new Response($e->getMessage(), Response::HTTP_UNAUTHORIZED));
-
-            return;
+            throw Oauth2AuthenticationFailedException::create($e->getMessage());
         }
 
         if (!$this->isAccessToRouteGranted($event->getRequest(), $authenticatedToken)) {
-            $event->setResponse(new Response('The token has insufficient scopes.', Response::HTTP_FORBIDDEN));
-
-            return;
+            throw InsufficientScopesException::create($authenticatedToken);
         }
 
         $this->tokenStorage->setToken($authenticatedToken);