Improve client XHR error handling

The default XHR error handler produce an alert which is appropriate to the response status code. It can be overridden per-request (by specifying the `errorHandler` option) so that the alert can be suppressed or displayed in a different position (e.g. inside a modal). ref #118
2025-07-26 03:01:22 +02:00 · 2015-10-20 12:48:26 +10:30
parent 0952651cf3
commit f2dbb96e84
26 changed files with 192 additions and 175 deletions
--- a/framework/core/src/Api/Controller/TokenController.php
+++ b/framework/core/src/Api/Controller/TokenController.php
@@ -12,11 +12,11 @@ namespace Flarum\Api\Controller;

 use Flarum\Api\Command\GenerateAccessToken;
 use Flarum\Core\Repository\UserRepository;
-use Flarum\Core\Exception\PermissionDeniedException;
 use Flarum\Event\UserEmailChangeWasRequested;
 use Flarum\Http\Controller\ControllerInterface;
 use Illuminate\Contracts\Bus\Dispatcher as BusDispatcher;
 use Illuminate\Contracts\Events\Dispatcher as EventDispatcher;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Psr\Http\Message\ServerRequestInterface;
 use Zend\Diactoros\Response\JsonResponse;

@@ -62,16 +62,13 @@ class TokenController implements ControllerInterface
        $user = $this->users->findByIdentification($identification);

        if (! $user || ! $user->checkPassword($password)) {
-            throw new PermissionDeniedException;
+            throw new ModelNotFoundException;
        }

        if (! $user->is_activated) {
            $this->events->fire(new UserEmailChangeWasRequested($user, $user->email));

-            return new JsonResponse([
-                'code' => 'confirm_email',
-                'email' => $user->email
-            ], 401);
+            return new JsonResponse(['emailConfirmationRequired' => $user->email], 401);
        }

        $token = $this->bus->dispatch(
--- a/framework/core/src/Core/Command/EditUserHandler.php
+++ b/framework/core/src/Core/Command/EditUserHandler.php
@@ -63,6 +63,7 @@ class EditUserHandler

        $attributes = array_get($data, 'attributes', []);
        $relationships = array_get($data, 'relationships', []);
+        $validate = [];

        if (isset($attributes['username'])) {
            $this->assertPermission($canEdit);
@@ -72,6 +73,10 @@ class EditUserHandler
        if (isset($attributes['email'])) {
            if ($isSelf) {
                $user->requestEmailChange($attributes['email']);
+
+                if ($attributes['email'] !== $user->email) {
+                    $validate['email'] = $attributes['email'];
+                }
            } else {
                $this->assertPermission($canEdit);
                $user->changeEmail($attributes['email']);
@@ -81,6 +86,8 @@ class EditUserHandler
        if (isset($attributes['password'])) {
            $this->assertPermission($canEdit);
            $user->changePassword($attributes['password']);
+
+            $validate['password'] = $attributes['password'];
        }

        if (isset($attributes['bio'])) {
@@ -127,7 +134,7 @@ class EditUserHandler
            new UserWillBeSaved($user, $actor, $data)
        );

-        $this->validator->assertValid(array_merge($user->getDirty(), array_only($attributes, ['password', 'email'])));
+        $this->validator->assertValid(array_merge($user->getDirty(), $validate));

        $user->save();

--- a/framework/core/src/Forum/Controller/LoginController.php
+++ b/framework/core/src/Forum/Controller/LoginController.php
@@ -55,12 +55,11 @@ class LoginController implements ControllerInterface
        $actor = $request->getAttribute('actor');
        $params = array_only($request->getParsedBody(), ['identification', 'password']);

-        $data = json_decode($this->apiClient->send($controller, $actor, [], $params)->getBody());
+        $response = $this->apiClient->send($controller, $actor, [], $params);
+
+        if ($response->getStatusCode() === 200) {
+            $data = json_decode($response->getBody());

-        // TODO: The client needs to pass through exceptions(?) or the whole
-        // response so we can look at the response code. For now if there isn't
-        // any useful data we just assume it's a 401.
-        if (isset($data->userId)) {
            // Extend the token's expiry to 2 weeks so that we can set a
            // remember cookie
            AccessToken::where('id', $data->token)->update(['expires_at' => new DateTime('+2 weeks')]);
@@ -68,11 +67,11 @@ class LoginController implements ControllerInterface
            event(new UserLoggedIn($this->users->findOrFail($data->userId), $data->token));

            return $this->withRememberCookie(
-                new JsonResponse($data),
+                $response,
                $data->token
            );
        } else {
-            return new EmptyResponse(401);
+            return $response;
        }
    }
 }