mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-10-18 02:03:40 +00:00
Try to be more clear about OAuth errors
This commit is contained in:
Sander Dorigo
@@ -58,6 +58,7 @@ use function Safe\parse_url;
|
|||||||
*/
|
*/
|
||||||
class Handler extends ExceptionHandler
|
class Handler extends ExceptionHandler
|
||||||
{
|
{
|
||||||
|
public static ?Throwable $lastError = null;
|
||||||
/**
|
/**
|
||||||
* @var array<int, class-string<Throwable>>
|
* @var array<int, class-string<Throwable>>
|
||||||
*/
|
*/
|
||||||
@@ -123,7 +124,7 @@ class Handler extends ExceptionHandler
|
|||||||
// somehow Laravel handler does not catch this:
|
// somehow Laravel handler does not catch this:
|
||||||
app('log')->debug('Return JSON unauthenticated error.');
|
app('log')->debug('Return JSON unauthenticated error.');
|
||||||
|
|
||||||
return response()->json(['message' => 'Unauthenticated', 'exception' => 'AuthenticationException'], 401);
|
return response()->json(['message' => $e->getMessage(), 'exception' => 'AuthenticationException'], 401);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($e instanceof OAuthServerException && $expectsJson) {
|
if ($e instanceof OAuthServerException && $expectsJson) {
|
||||||
@@ -215,6 +216,7 @@ class Handler extends ExceptionHandler
|
|||||||
#[Override]
|
#[Override]
|
||||||
public function report(Throwable $e): void
|
public function report(Throwable $e): void
|
||||||
{
|
{
|
||||||
|
self::$lastError = $e;
|
||||||
$doMailError = (bool) config('firefly.send_error_message');
|
$doMailError = (bool) config('firefly.send_error_message');
|
||||||
if ($this->shouldntReportLocal($e) || !$doMailError) {
|
if ($this->shouldntReportLocal($e) || !$doMailError) {
|
||||||
parent::report($e);
|
parent::report($e);
|
||||||
|
|||||||
@@ -178,7 +178,7 @@ class Kernel extends HttpKernel
|
|||||||
'api' => [
|
'api' => [
|
||||||
AcceptHeaders::class,
|
AcceptHeaders::class,
|
||||||
EnsureFrontendRequestsAreStateful::class,
|
EnsureFrontendRequestsAreStateful::class,
|
||||||
'auth:api,sanctum',
|
'auth:api',
|
||||||
'bindings',
|
'bindings',
|
||||||
],
|
],
|
||||||
// do only bindings, no auth
|
// do only bindings, no auth
|
||||||
|
|||||||
@@ -26,10 +26,12 @@ namespace FireflyIII\Http\Middleware;
|
|||||||
|
|
||||||
use Closure;
|
use Closure;
|
||||||
use FireflyIII\Exceptions\FireflyException;
|
use FireflyIII\Exceptions\FireflyException;
|
||||||
|
use FireflyIII\Exceptions\Handler;
|
||||||
use FireflyIII\User;
|
use FireflyIII\User;
|
||||||
use Illuminate\Auth\AuthenticationException;
|
use Illuminate\Auth\AuthenticationException;
|
||||||
use Illuminate\Contracts\Auth\Factory as Auth;
|
use Illuminate\Contracts\Auth\Factory as Auth;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class Authenticate
|
* Class Authenticate
|
||||||
@@ -84,6 +86,7 @@ class Authenticate
|
|||||||
if ($this->auth->check()) {
|
if ($this->auth->check()) {
|
||||||
// do an extra check on user object.
|
// do an extra check on user object.
|
||||||
/** @noinspection PhpUndefinedMethodInspection */
|
/** @noinspection PhpUndefinedMethodInspection */
|
||||||
|
|
||||||
/** @var User $user */
|
/** @var User $user */
|
||||||
$user = $this->auth->authenticate();
|
$user = $this->auth->authenticate();
|
||||||
$this->validateBlockedUser($user, $guards);
|
$this->validateBlockedUser($user, $guards);
|
||||||
@@ -94,20 +97,23 @@ class Authenticate
|
|||||||
}
|
}
|
||||||
|
|
||||||
foreach ($guards as $guard) {
|
foreach ($guards as $guard) {
|
||||||
if ('api' !== $guard) {
|
|
||||||
$this->auth->guard($guard)->authenticate();
|
|
||||||
}
|
|
||||||
$result = $this->auth->guard($guard)->check();
|
$result = $this->auth->guard($guard)->check();
|
||||||
if ($result) {
|
if ($result) {
|
||||||
$user = $this->auth->guard($guard)->user();
|
$user = $this->auth->guard($guard)->user();
|
||||||
$this->validateBlockedUser($user, $guards);
|
$this->validateBlockedUser($user, $guards);
|
||||||
|
|
||||||
// According to PHPstan the method returns void, but we'll see.
|
// According to PHPstan the method returns void, but we'll see.
|
||||||
return $this->auth->shouldUse($guard); // @phpstan-ignore-line
|
return $this->auth->shouldUse($guard); // @phpstan-ignore-line
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new AuthenticationException('Unauthenticated.', $guards);
|
// this is a massive hack, but if the hander has the oauth exception
|
||||||
|
// at this point we can report its error instead of a generic one.
|
||||||
|
$message = 'Unauthenticated.';
|
||||||
|
if(Handler::$lastError instanceof OAuthServerException) {
|
||||||
|
$message = Handler::$lastError->getHint();
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new AuthenticationException($message, $guards);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user