diff --git a/framework/core/src/Api/Controller/ListNotificationsController.php b/framework/core/src/Api/Controller/ListNotificationsController.php index b8aaeef53..352e7130a 100644 --- a/framework/core/src/Api/Controller/ListNotificationsController.php +++ b/framework/core/src/Api/Controller/ListNotificationsController.php @@ -15,12 +15,14 @@ use Flarum\Api\Serializer\NotificationSerializer; use Flarum\Discussion\Discussion; use Flarum\Http\UrlGenerator; use Flarum\Notification\NotificationRepository; -use Flarum\User\Exception\PermissionDeniedException; +use Flarum\User\AssertPermissionTrait; use Psr\Http\Message\ServerRequestInterface; use Tobscure\JsonApi\Document; class ListNotificationsController extends AbstractListController { + use AssertPermissionTrait; + /** * {@inheritdoc} */ @@ -67,9 +69,7 @@ class ListNotificationsController extends AbstractListController { $actor = $request->getAttribute('actor'); - if ($actor->isGuest()) { - throw new PermissionDeniedException; - } + $this->assertRegistered($actor); $actor->markNotificationsAsRead()->save(); diff --git a/framework/core/src/Api/Controller/ListUsersController.php b/framework/core/src/Api/Controller/ListUsersController.php index 18d36ceab..b10ed17a4 100644 --- a/framework/core/src/Api/Controller/ListUsersController.php +++ b/framework/core/src/Api/Controller/ListUsersController.php @@ -14,7 +14,7 @@ namespace Flarum\Api\Controller; use Flarum\Api\Serializer\UserSerializer; use Flarum\Http\UrlGenerator; use Flarum\Search\SearchCriteria; -use Flarum\User\Exception\PermissionDeniedException; +use Flarum\User\AssertPermissionTrait; use Flarum\User\Search\UserSearcher; use Illuminate\Support\Arr; use Psr\Http\Message\ServerRequestInterface; @@ -22,6 +22,8 @@ use Tobscure\JsonApi\Document; class ListUsersController extends AbstractListController { + use AssertPermissionTrait; + /** * {@inheritdoc} */ @@ -70,9 +72,8 @@ class ListUsersController extends AbstractListController { $actor = $request->getAttribute('actor'); - if ($actor->cannot('viewUserList')) { - throw new PermissionDeniedException; - } + $this->assertRegistered($actor); + $this->assertCan($actor, 'viewUserList'); $query = Arr::get($this->extractFilter($request), 'q'); $sort = $this->extractSort($request); diff --git a/framework/core/src/Foundation/ErrorServiceProvider.php b/framework/core/src/Foundation/ErrorServiceProvider.php index aa7060bb5..2e7278039 100644 --- a/framework/core/src/Foundation/ErrorServiceProvider.php +++ b/framework/core/src/Foundation/ErrorServiceProvider.php @@ -31,6 +31,7 @@ class ErrorServiceProvider extends AbstractServiceProvider // 401 Unauthorized 'invalid_access_token' => 401, + 'not_authenticated' => 401, // 403 Forbidden 'forbidden' => 403, diff --git a/framework/core/src/Group/Command/CreateGroupHandler.php b/framework/core/src/Group/Command/CreateGroupHandler.php index 036443213..8a000679e 100644 --- a/framework/core/src/Group/Command/CreateGroupHandler.php +++ b/framework/core/src/Group/Command/CreateGroupHandler.php @@ -49,6 +49,7 @@ class CreateGroupHandler $actor = $command->actor; $data = $command->data; + $this->assertRegistered($actor); $this->assertCan($actor, 'createGroup'); $group = Group::build( diff --git a/framework/core/src/User/AssertPermissionTrait.php b/framework/core/src/User/AssertPermissionTrait.php index d6310440a..8941b1615 100644 --- a/framework/core/src/User/AssertPermissionTrait.php +++ b/framework/core/src/User/AssertPermissionTrait.php @@ -11,12 +11,13 @@ namespace Flarum\User; +use Flarum\User\Exception\NotAuthenticatedException; use Flarum\User\Exception\PermissionDeniedException; trait AssertPermissionTrait { /** - * @param $condition + * @param bool $condition * @throws PermissionDeniedException */ protected function assertPermission($condition) @@ -26,6 +27,17 @@ trait AssertPermissionTrait } } + /** + * @param bool $condition + * @throws NotAuthenticatedException + */ + protected function assertAuthentication($condition) + { + if (! $condition) { + throw new NotAuthenticatedException; + } + } + /** * @param User $actor * @param string $ability @@ -39,20 +51,11 @@ trait AssertPermissionTrait /** * @param User $actor - * @throws \Flarum\User\Exception\PermissionDeniedException - */ - protected function assertGuest(User $actor) - { - $this->assertPermission($actor->isGuest()); - } - - /** - * @param User $actor - * @throws PermissionDeniedException + * @throws NotAuthenticatedException */ protected function assertRegistered(User $actor) { - $this->assertPermission(! $actor->isGuest()); + $this->assertAuthentication(! $actor->isGuest()); } /** diff --git a/framework/core/src/User/Exception/NotAuthenticatedException.php b/framework/core/src/User/Exception/NotAuthenticatedException.php new file mode 100644 index 000000000..bb45b8705 --- /dev/null +++ b/framework/core/src/User/Exception/NotAuthenticatedException.php @@ -0,0 +1,23 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Flarum\User\Exception; + +use Exception; +use Flarum\Foundation\KnownError; + +class NotAuthenticatedException extends Exception implements KnownError +{ + public function getType(): string + { + return 'not_authenticated'; + } +} diff --git a/framework/core/tests/integration/api/Auth/AuthenticateWithApiKeyTest.php b/framework/core/tests/integration/api/Auth/AuthenticateWithApiKeyTest.php index 1ba3ce5a1..e895dafdf 100644 --- a/framework/core/tests/integration/api/Auth/AuthenticateWithApiKeyTest.php +++ b/framework/core/tests/integration/api/Auth/AuthenticateWithApiKeyTest.php @@ -65,7 +65,7 @@ class AuthenticateWithApiKeyTest extends TestCase $response = $api->send(CreateGroupController::class, new Guest); - $this->assertEquals(403, $response->getStatusCode()); + $this->assertEquals(401, $response->getStatusCode()); } /** diff --git a/framework/core/tests/integration/api/Controller/CreateGroupControllerTest.php b/framework/core/tests/integration/api/Controller/CreateGroupControllerTest.php index d2edcada1..08275615d 100644 --- a/framework/core/tests/integration/api/Controller/CreateGroupControllerTest.php +++ b/framework/core/tests/integration/api/Controller/CreateGroupControllerTest.php @@ -80,7 +80,7 @@ class CreateGroupControllerTest extends ApiControllerTestCase /** * @test */ - public function unauthorized_user_cannot_create_group() + public function normal_user_cannot_create_group() { $this->actor = User::find(2); diff --git a/framework/core/tests/integration/api/Controller/ListNotificationsControllerTest.php b/framework/core/tests/integration/api/Controller/ListNotificationsControllerTest.php index 9f301607b..0e1135825 100644 --- a/framework/core/tests/integration/api/Controller/ListNotificationsControllerTest.php +++ b/framework/core/tests/integration/api/Controller/ListNotificationsControllerTest.php @@ -36,7 +36,7 @@ class ListNotificationsControllerTest extends ApiControllerTestCase { $response = $this->callWith(); - $this->assertEquals(403, $response->getStatusCode()); + $this->assertEquals(401, $response->getStatusCode()); } /** diff --git a/framework/core/tests/integration/api/Controller/ListUsersControllerTest.php b/framework/core/tests/integration/api/Controller/ListUsersControllerTest.php index 35eee7504..b57e8c4d9 100644 --- a/framework/core/tests/integration/api/Controller/ListUsersControllerTest.php +++ b/framework/core/tests/integration/api/Controller/ListUsersControllerTest.php @@ -42,7 +42,7 @@ class ListUsersControllerTest extends ApiControllerTestCase { $response = $this->callWith(); - $this->assertEquals(403, $response->getStatusCode()); + $this->assertEquals(401, $response->getStatusCode()); } /**