public function start(Request $request, AuthenticationException $authException = null)
{
$apiProblem = new ApiProblem(Response::HTTP_UNAUTHORIZED);
$message = $authException ? $authException->getMessageKey() : 'Missing credentials';
$apiProblem->set('detail', $message);
return $this->responseFactory->createResponse($apiProblem);
}
public function onKernelException(GetResponseForExceptionEvent $event)
{
$exception = $event->getException();
$statusCode = $exception instanceof HttpExceptionInterface ? $exception->getStatusCode() : Response::HTTP_INTERNAL_SERVER_ERROR;
// Allow HTTP 500 on ongoing exception to be handled by symfony when running in debug mode
if ($this->debug && $statusCode >= Response::HTTP_INTERNAL_SERVER_ERROR) {
return;
}
if ($exception instanceof ApiProblemException) {
$apiProblem = $exception->getApiProblem();
} else {
$apiProblem = new ApiProblem($statusCode);
/**
* @see https://tools.ietf.org/html/draft-ietf-appsawg-http-problem-03#section-3.1
*
* If it is an HttpException message (e.g. for 404, 403), we'll say as a rule that the exception message is
* safe for the client. Otherwise, it could be some sensitive low-level exception, which should *not* be
* exposed
*/
if ($exception instanceof HttpExceptionInterface) {
$apiProblem->set('detail', $exception->getMessage());
}
}
$response = $this->responseFactory->createResponse($apiProblem);
$event->setResponse($response);
}
