diff options
author | Florian Pritz <bluewind@xinu.at> | 2015-02-03 13:59:59 +0100 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2015-02-03 16:15:52 +0100 |
commit | bcd7920b817b60df9b1b266118419e44c39900db (patch) | |
tree | cf0b4515a6f99298109eb869b2d592a0e39bb465 | |
parent | 5816cbcad0e9c4cda4dc10b730a5a1ea2c4e419a (diff) |
generalize authentication handling
Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r-- | application/exceptions/ApiException.php | 5 | ||||
-rw-r--r-- | application/exceptions/InsufficientPermissionsException.php | 14 | ||||
-rw-r--r-- | application/exceptions/NotAuthenticatedException.php | 14 | ||||
-rw-r--r-- | application/exceptions/UserInputException.php | 4 | ||||
-rw-r--r-- | application/models/muser.php | 22 | ||||
-rw-r--r-- | index.php | 4 |
6 files changed, 50 insertions, 13 deletions
diff --git a/application/exceptions/ApiException.php b/application/exceptions/ApiException.php index b288bbaa2..b3b9decff 100644 --- a/application/exceptions/ApiException.php +++ b/application/exceptions/ApiException.php @@ -27,4 +27,9 @@ class ApiException extends \Exception { { return $this->data; } + + public function get_http_error_code() + { + return 500; + } } diff --git a/application/exceptions/InsufficientPermissionsException.php b/application/exceptions/InsufficientPermissionsException.php new file mode 100644 index 000000000..a036edf9d --- /dev/null +++ b/application/exceptions/InsufficientPermissionsException.php @@ -0,0 +1,14 @@ +<?php +/* + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ +namespace exceptions; + +class InsufficientPermissionsException extends UserInputException { + public function get_http_error_code() + { + return 403; + } +} diff --git a/application/exceptions/NotAuthenticatedException.php b/application/exceptions/NotAuthenticatedException.php new file mode 100644 index 000000000..de26318d8 --- /dev/null +++ b/application/exceptions/NotAuthenticatedException.php @@ -0,0 +1,14 @@ +<?php +/* + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ +namespace exceptions; + +class NotAuthenticatedException extends UserInputException { + public function get_http_error_code() + { + return 401; + } +} diff --git a/application/exceptions/UserInputException.php b/application/exceptions/UserInputException.php index 150d0204b..d4c327315 100644 --- a/application/exceptions/UserInputException.php +++ b/application/exceptions/UserInputException.php @@ -7,4 +7,8 @@ namespace exceptions; class UserInputException extends PublicApiException { + public function get_http_error_code() + { + return 400; + } } diff --git a/application/models/muser.php b/application/models/muser.php index ffcc5f6b3..fb8abad8b 100644 --- a/application/models/muser.php +++ b/application/models/muser.php @@ -160,14 +160,14 @@ class Muser extends CI_Model { $have = array_search($session_level, $this->access_levels); if ($wanted === false || $have === false) { - show_error("Failed to determine access level"); + throw new \exceptions\PublicApiException("api/invalid-accesslevel", "Failed to determine access level"); } if ($have >= $wanted) { - return true; + return; } - show_error("Access denied: Access level too low", 403); + throw new \exceptions\InsufficientPermissionsException("api/insufficient-permissions", "Access denied: Access level too low"); } function require_access($wanted_level = "full") @@ -184,17 +184,15 @@ class Muser extends CI_Model { return $this->check_access_level($wanted_level); } - if (!stateful_client()) { - show_error("Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.\n", 401); + if (stateful_client()) { + // desktop clients get redirected to the login form + $this->require_session(); + if (!$this->session->userdata("flash:new:uri")) { + $this->session->set_flashdata("uri", $this->uri->uri_string()); + } } - // desktop clients get redirected to the login form - $this->require_session(); - if (!$this->session->userdata("flash:new:uri")) { - $this->session->set_flashdata("uri", $this->uri->uri_string()); - } - redirect('user/login'); - exit(); + throw new \exceptions\NotAuthenticatedException("api/not-authenticated", "Not authenticated. FileBin requires you to have an account, please go to the homepage for more information."); } function username_exists($username) @@ -307,8 +307,10 @@ register_shutdown_function("check_for_fatal"); */ try { require_once BASEPATH.'core/CodeIgniter.php'; +} catch (\exceptions\NotAuthenticatedException $e) { + redirect("user/login"); } catch (\exceptions\UserInputException $e) { - show_error(nl2br(htmlspecialchars($e->__toString())), 400); + show_error(nl2br(htmlspecialchars($e->__toString())), $e->get_http_error_code()); } /* End of file index.php */ |