/** * Handler for all SOAP operations. * * @param string $operation * @param array $arguments * @return stdClass * @throws Mage_Webapi_Model_Soap_Fault * @throws Mage_Webapi_Exception */ public function __call($operation, $arguments) { if (in_array($operation, $this->_requestHeaders)) { $this->_processSoapHeader($operation, $arguments); } else { try { if (is_null($this->_usernameToken)) { throw new Mage_Webapi_Exception($this->_helper->__('WS-Security UsernameToken is not found in SOAP-request.'), Mage_Webapi_Exception::HTTP_UNAUTHORIZED); } $this->_authentication->authenticate($this->_usernameToken); $resourceVersion = $this->_getOperationVersion($operation); $resourceName = $this->_apiConfig->getResourceNameByOperation($operation, $resourceVersion); if (!$resourceName) { throw new Mage_Webapi_Exception($this->_helper->__('Method "%s" is not found.', $operation), Mage_Webapi_Exception::HTTP_NOT_FOUND); } $controllerClass = $this->_apiConfig->getControllerClassByOperationName($operation); $controllerInstance = $this->_controllerFactory->createActionController($controllerClass, $this->_request); $method = $this->_apiConfig->getMethodNameByOperation($operation, $resourceVersion); $this->_authorization->checkResourceAcl($resourceName, $method); $arguments = reset($arguments); $arguments = get_object_vars($arguments); $versionAfterFallback = $this->_apiConfig->identifyVersionSuffix($operation, $resourceVersion, $controllerInstance); $this->_apiConfig->checkDeprecationPolicy($resourceName, $method, $versionAfterFallback); $action = $method . $versionAfterFallback; $arguments = $this->_helper->prepareMethodParams($controllerClass, $action, $arguments, $this->_apiConfig); $outputData = call_user_func_array(array($controllerInstance, $action), $arguments); return (object) array(self::RESULT_NODE_NAME => $outputData); } catch (Mage_Webapi_Exception $e) { throw new Mage_Webapi_Model_Soap_Fault($e->getMessage(), $e->getOriginator(), $e); } catch (Exception $e) { $maskedException = $this->_errorProcessor->maskException($e); throw new Mage_Webapi_Model_Soap_Fault($maskedException->getMessage(), Mage_Webapi_Model_Soap_Fault::FAULT_CODE_RECEIVER, $maskedException); } } }
/** * Dispatch request to SOAP endpoint. * * @return Mage_Webapi_Controller_Dispatcher_Soap */ public function dispatch() { try { if ($this->_request->getParam(Mage_Webapi_Model_Soap_Server::REQUEST_PARAM_WSDL) !== null) { $responseBody = $this->_autoDiscover->handle($this->_request->getRequestedResources(), $this->_soapServer->generateUri()); $this->_setResponseContentType('text/xml'); } else { $responseBody = $this->_initSoapServer()->handle(); $this->_setResponseContentType('application/soap+xml'); } $this->_setResponseBody($responseBody); } catch (Exception $e) { $maskedException = $this->_errorProcessor->maskException($e); $this->_processBadRequest($maskedException->getMessage()); } $this->_response->sendResponse(); return $this; }
/** * Test maskException method with turned on developer mode. */ public function testMaskNonWebapiException() { /** Assert exception was logged. */ $this->_loggerMock->expects($this->once())->method('logException'); $maskedException = $this->_errorProcessor->maskException(new LogicException()); /** Assert masked exception type is Mage_Webapi_Exception. */ $this->assertInstanceOf('Mage_Webapi_Exception', $maskedException, 'Masked exception type is not Webapi.'); /** Asser masked exception code is 500. */ $this->assertEquals(Mage_Webapi_Exception::HTTP_INTERNAL_ERROR, $maskedException->getCode(), 'Masked exception code is wrong.'); /** Assert masked exception message. */ $this->assertEquals('Internal Error. Details are available in Magento log file. Report ID: "%s"', $maskedException->getMessage(), 'Masked exception message is wrong.'); }
/** * Add exception to the list of exceptions. * * Replace real error message of untrusted exceptions to prevent potential vulnerability. * * @param Exception $exception * @return Mage_Webapi_Controller_Response_Rest */ public function setException(Exception $exception) { return parent::setException($this->_errorProcessor->maskException($exception)); }