summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2015-02-03 13:59:59 +0100
committerFlorian Pritz <bluewind@xinu.at>2015-02-03 16:15:52 +0100
commitbcd7920b817b60df9b1b266118419e44c39900db (patch)
treecf0b4515a6f99298109eb869b2d592a0e39bb465
parent5816cbcad0e9c4cda4dc10b730a5a1ea2c4e419a (diff)
generalize authentication handling
Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r--application/exceptions/ApiException.php5
-rw-r--r--application/exceptions/InsufficientPermissionsException.php14
-rw-r--r--application/exceptions/NotAuthenticatedException.php14
-rw-r--r--application/exceptions/UserInputException.php4
-rw-r--r--application/models/muser.php22
-rw-r--r--index.php4
6 files changed, 50 insertions, 13 deletions
diff --git a/application/exceptions/ApiException.php b/application/exceptions/ApiException.php
index b288bbaa2..b3b9decff 100644
--- a/application/exceptions/ApiException.php
+++ b/application/exceptions/ApiException.php
@@ -27,4 +27,9 @@ class ApiException extends \Exception {
{
return $this->data;
}
+
+ public function get_http_error_code()
+ {
+ return 500;
+ }
}
diff --git a/application/exceptions/InsufficientPermissionsException.php b/application/exceptions/InsufficientPermissionsException.php
new file mode 100644
index 000000000..a036edf9d
--- /dev/null
+++ b/application/exceptions/InsufficientPermissionsException.php
@@ -0,0 +1,14 @@
+<?php
+/*
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+namespace exceptions;
+
+class InsufficientPermissionsException extends UserInputException {
+ public function get_http_error_code()
+ {
+ return 403;
+ }
+}
diff --git a/application/exceptions/NotAuthenticatedException.php b/application/exceptions/NotAuthenticatedException.php
new file mode 100644
index 000000000..de26318d8
--- /dev/null
+++ b/application/exceptions/NotAuthenticatedException.php
@@ -0,0 +1,14 @@
+<?php
+/*
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+namespace exceptions;
+
+class NotAuthenticatedException extends UserInputException {
+ public function get_http_error_code()
+ {
+ return 401;
+ }
+}
diff --git a/application/exceptions/UserInputException.php b/application/exceptions/UserInputException.php
index 150d0204b..d4c327315 100644
--- a/application/exceptions/UserInputException.php
+++ b/application/exceptions/UserInputException.php
@@ -7,4 +7,8 @@
namespace exceptions;
class UserInputException extends PublicApiException {
+ public function get_http_error_code()
+ {
+ return 400;
+ }
}
diff --git a/application/models/muser.php b/application/models/muser.php
index ffcc5f6b3..fb8abad8b 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -160,14 +160,14 @@ class Muser extends CI_Model {
$have = array_search($session_level, $this->access_levels);
if ($wanted === false || $have === false) {
- show_error("Failed to determine access level");
+ throw new \exceptions\PublicApiException("api/invalid-accesslevel", "Failed to determine access level");
}
if ($have >= $wanted) {
- return true;
+ return;
}
- show_error("Access denied: Access level too low", 403);
+ throw new \exceptions\InsufficientPermissionsException("api/insufficient-permissions", "Access denied: Access level too low");
}
function require_access($wanted_level = "full")
@@ -184,17 +184,15 @@ class Muser extends CI_Model {
return $this->check_access_level($wanted_level);
}
- if (!stateful_client()) {
- show_error("Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.\n", 401);
+ if (stateful_client()) {
+ // desktop clients get redirected to the login form
+ $this->require_session();
+ if (!$this->session->userdata("flash:new:uri")) {
+ $this->session->set_flashdata("uri", $this->uri->uri_string());
+ }
}
- // desktop clients get redirected to the login form
- $this->require_session();
- if (!$this->session->userdata("flash:new:uri")) {
- $this->session->set_flashdata("uri", $this->uri->uri_string());
- }
- redirect('user/login');
- exit();
+ throw new \exceptions\NotAuthenticatedException("api/not-authenticated", "Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.");
}
function username_exists($username)
diff --git a/index.php b/index.php
index 21d3ffc04..051e76de6 100644
--- a/index.php
+++ b/index.php
@@ -307,8 +307,10 @@ register_shutdown_function("check_for_fatal");
*/
try {
require_once BASEPATH.'core/CodeIgniter.php';
+} catch (\exceptions\NotAuthenticatedException $e) {
+ redirect("user/login");
} catch (\exceptions\UserInputException $e) {
- show_error(nl2br(htmlspecialchars($e->__toString())), 400);
+ show_error(nl2br(htmlspecialchars($e->__toString())), $e->get_http_error_code());
}
/* End of file index.php */