/** * CAUTION: the @Stuff turns off security checks; for this page no admin is * required and no CSRF check. If you don't know what CSRF is, read * it up in the docs or you might create a security hole. This is * basically the only required method to add this exemption, don't * add it to any other method if you don't exactly know what it does * * @NoAdminRequired * @NoCSRFRequired */ public function index() { $params = ['user' => $this->userId]; $response = new TemplateResponse('user_permission', 'main', $params); // templates/main.php $response->setStatus(Http::STATUS_UNAUTHORIZED); return $response; }
/** * Return 403 page in case of an exception * @param \OCP\AppFramework\Controller $controller * @param string $methodName * @param \Exception $exception * @return TemplateResponse * @throws \Exception */ public function afterException($controller, $methodName, \Exception $exception) { if ($exception instanceof NotAdminException) { $response = new TemplateResponse('core', '403', array(), 'guest'); $response->setStatus(Http::STATUS_FORBIDDEN); return $response; } throw $exception; }
/** * @dataProvider exceptionProvider * @param SecurityException $exception */ public function testAfterExceptionReturnsTemplateResponse(SecurityException $exception) { $this->request = new Request(['server' => ['HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'REQUEST_URI' => 'owncloud/index.php/apps/specialapp']], $this->getMock('\\OCP\\Security\\ISecureRandom'), $this->getMock('\\OCP\\IConfig')); $this->middleware = $this->getMiddleware(false, false); $this->logger->expects($this->once())->method('debug')->with($exception->getMessage()); $response = $this->middleware->afterException($this->controller, 'test', $exception); $expected = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest'); $expected->setStatus($exception->getCode()); $this->assertEquals($expected, $response); }
/** * @PublicPage * @NoCSRFRequired * @Guest * * Generates an error page based on the error code * * @param int $code * * @return TemplateResponse */ public function errorPage($code) { $appName = $this->appName; $message = $this->request->getCookie('galleryErrorMessage'); $params = ['appName' => $appName, 'message' => $message, 'code' => $code]; $errorTemplate = new TemplateResponse($appName, 'index', $params, 'guest'); $errorTemplate->setStatus($code); $errorTemplate->invalidateCookie('galleryErrorMessage'); return $errorTemplate; }
/** * @PublicPage * @NoCSRFRequired * @Guest * * Generates an error page based on the error code * * @param string $message * @param int $code * * @return TemplateResponse */ public function errorPage($message, $code) { $appName = $this->appName; $params = ['appName' => $appName, 'message' => $message, 'code' => $code]; $errorTemplate = new TemplateResponse($appName, 'index', $params, 'guest'); $errorTemplate->setStatus($code); return $errorTemplate; }
/** * If an SecurityException is being caught, ajax requests return a JSON error * response and non ajax requests redirect to the index * @param Controller $controller the controller that is being called * @param string $methodName the name of the method that will be called on * the controller * @param \Exception $exception the thrown exception * @throws \Exception the passed in exception if it cant handle it * @return Response a Response object or null in case that the exception could not be handled */ public function afterException($controller, $methodName, \Exception $exception) { if ($exception instanceof SecurityException) { if (stripos($this->request->getHeader('Accept'), 'html') === false) { $response = new JSONResponse(array('message' => $exception->getMessage()), $exception->getCode()); } else { if ($exception instanceof NotLoggedInException) { // TODO: replace with link to route $url = $this->urlGenerator->getAbsoluteURL('index.php'); $url .= '?redirect_url=' . urlencode($this->request->server['REQUEST_URI']); $response = new RedirectResponse($url); } else { $response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest'); $response->setStatus($exception->getCode()); } } $this->logger->debug($exception->getMessage()); return $response; } throw $exception; }
/** * @expectedException \Exception */ public function testAfterRegularException() { $expectedResponse = new TemplateResponse('core', '403', array(), 'guest'); $expectedResponse->setStatus(403); $this->subadminMiddleware->afterException($this->controller, 'foo', new \Exception()); }