public function start(Request $request, AuthenticationException $authException = null) { $apiProblem = new ApiProblem(Response::HTTP_UNAUTHORIZED); $message = $authException ? $authException->getMessageKey() : 'Missing credentials'; $apiProblem->set('detail', $message); return $this->responseFactory->createResponse($apiProblem); }
public function onKernelException(GetResponseForExceptionEvent $event) { $exception = $event->getException(); $statusCode = $exception instanceof HttpExceptionInterface ? $exception->getStatusCode() : Response::HTTP_INTERNAL_SERVER_ERROR; // Allow HTTP 500 on ongoing exception to be handled by symfony when running in debug mode if ($this->debug && $statusCode >= Response::HTTP_INTERNAL_SERVER_ERROR) { return; } if ($exception instanceof ApiProblemException) { $apiProblem = $exception->getApiProblem(); } else { $apiProblem = new ApiProblem($statusCode); /** * @see https://tools.ietf.org/html/draft-ietf-appsawg-http-problem-03#section-3.1 * * If it is an HttpException message (e.g. for 404, 403), we'll say as a rule that the exception message is * safe for the client. Otherwise, it could be some sensitive low-level exception, which should *not* be * exposed */ if ($exception instanceof HttpExceptionInterface) { $apiProblem->set('detail', $exception->getMessage()); } } $response = $this->responseFactory->createResponse($apiProblem); $event->setResponse($response); }