From ac934ca94370f5204319f88eef0a7747fe7e133a Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Sun, 19 Apr 2020 13:47:34 +0200
Subject: Reclassify various exceptions as UserInputException

These are errors that a user can correct themselves so we should
classify them accordingly. That way they get the correct HTTP status
code and they also get ignored by the logging code.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 NEWS                                    |  1 +
 application/controllers/Api.php         | 12 ++++++------
 application/controllers/User.php        | 10 +++++-----
 application/controllers/api/v2/file.php |  2 +-
 application/models/Muser.php            |  6 +++---
 5 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/NEWS b/NEWS
index ca67c6f6a..94adab041 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ This file lists major, incompatible or otherwise important changes, you should l
 
 NEXT
  - Log PublicApiException to error log
+ - Reclassify various user input exceptions
 
 3.4.3 2019-12-07
  - PHP 7.4 compatibility fixes
diff --git a/application/controllers/Api.php b/application/controllers/Api.php
index 1fa49cb46..4f32ad427 100644
--- a/application/controllers/Api.php
+++ b/application/controllers/Api.php
@@ -24,7 +24,7 @@ class Api extends MY_Controller {
 			$function = $this->uri->segment(4);
 
 			if (!preg_match("/^v([0-9]+)(.[0-9]+){0,2}$/", $requested_version)) {
-				throw new \exceptions\PublicApiException("api/invalid-version", "Invalid API version requested");
+				throw new \exceptions\UserInputException("api/invalid-version", "Invalid API version requested");
 			}
 
 			$requested_version = substr($requested_version, 1);
@@ -32,11 +32,11 @@ class Api extends MY_Controller {
 			$major = intval(explode(".", $requested_version)[0]);
 
 			if (!preg_match("/^[a-zA-Z-_]+$/", $controller)) {
-				throw new \exceptions\PublicApiException("api/invalid-endpoint", "Invalid endpoint requested");
+				throw new \exceptions\UserInputException("api/invalid-endpoint", "Invalid endpoint requested");
 			}
 
 			if (!preg_match("/^[a-zA-Z-_]+$/", $function)) {
-				throw new \exceptions\PublicApiException("api/invalid-endpoint", "Invalid endpoint requested");
+				throw new \exceptions\UserInputException("api/invalid-endpoint", "Invalid endpoint requested");
 			}
 
 			$namespace = "controllers\\api\\v".$major;
@@ -44,16 +44,16 @@ class Api extends MY_Controller {
 			$class_info = $namespace."\\api_info";
 
 			if (!class_exists($class_info) || version_compare($class_info::get_version(), $requested_version, "<")) {
-				throw new \exceptions\PublicApiException("api/version-not-supported", "Requested API version is not supported");
+				throw new \exceptions\UserInputException("api/version-not-supported", "Requested API version is not supported");
 			}
 
 			if (!class_exists($class)) {
-				throw new \exceptions\PublicApiException("api/unknown-endpoint", "Unknown endpoint requested");
+				throw new \exceptions\UserInputException("api/unknown-endpoint", "Unknown endpoint requested");
 			}
 
 			$c= new $class;
 			if (!method_exists($c, $function)) {
-				throw new \exceptions\PublicApiException("api/unknown-endpoint", "Unknown endpoint requested");
+				throw new \exceptions\UserInputException("api/unknown-endpoint", "Unknown endpoint requested");
 			}
 			return $this->send_json_reply($c->$function());
 		} catch (\exceptions\PublicApiException $e) {
diff --git a/application/controllers/User.php b/application/controllers/User.php
index c98784d50..00d348240 100644
--- a/application/controllers/User.php
+++ b/application/controllers/User.php
@@ -326,7 +326,7 @@ class User extends MY_Controller {
 		$username = $this->input->post("username");
 
 		if (!$this->muser->username_exists($username)) {
-			throw new \exceptions\PublicApiException("user/reset_password/invalid-username", "Invalid username");
+			throw new \exceptions\UserInputException("user/reset_password/invalid-username", "Invalid username");
 		}
 
 		$userinfo = $this->db->select('id, email, username')
@@ -485,18 +485,18 @@ class User extends MY_Controller {
 			$values = explode("-", $value);
 
 			if (!is_array($values) || count($values) != 2) {
-				throw new \exceptions\PublicApiException("user/profile/invalid-upload-id-limit", "Invalid upload id limit value");
+				throw new \exceptions\UserInputException("user/profile/invalid-upload-id-limit", "Invalid upload id limit value");
 			}
 
 			$lower = intval($values[0]);
 			$upper = intval($values[1]);
 
 			if ($lower > $upper) {
-				throw new \exceptions\PublicApiException("user/profile/lower-bigger-than-upper", "lower limit > upper limit");
+				throw new \exceptions\UserInputException("user/profile/lower-bigger-than-upper", "lower limit > upper limit");
 			}
 
 			if ($lower < 3 || $upper > 64) {
-				throw new \exceptions\PublicApiException("user/profile/limit-out-of-bounds", "upper or lower limit out of bounds (3-64)");
+				throw new \exceptions\UserInputException("user/profile/limit-out-of-bounds", "upper or lower limit out of bounds (3-64)");
 			}
 
 			return $lower."-".$upper;
@@ -512,7 +512,7 @@ class User extends MY_Controller {
 			}
 
 			if (!$this->muser->valid_email($value)) {
-				throw new \exceptions\PublicApiException("user/profile/invalid-email", "Invalid email");
+				throw new \exceptions\UserInputException("user/profile/invalid-email", "Invalid email");
 			}
 
 			$this->load->library("email");
diff --git a/application/controllers/api/v2/file.php b/application/controllers/api/v2/file.php
index 3d4103f1c..6da0d8155 100644
--- a/application/controllers/api/v2/file.php
+++ b/application/controllers/api/v2/file.php
@@ -24,7 +24,7 @@ class file extends \controllers\api\api_controller {
 		$files = getNormalizedFILES();
 
 		if (empty($files)) {
-			throw new \exceptions\PublicApiException("file/no-file", "No file was uploaded or unknown error occurred.");
+			throw new \exceptions\UserInputException("file/no-file", "No file was uploaded or unknown error occurred.");
 		}
 
 		\service\files::verify_uploaded_files($files);
diff --git a/application/models/Muser.php b/application/models/Muser.php
index ef260f47b..521d1c989 100644
--- a/application/models/Muser.php
+++ b/application/models/Muser.php
@@ -162,15 +162,15 @@ class Muser extends CI_Model {
 	public function add_user($username, $password, $email, $referrer)
 	{
 		if (!$this->valid_username($username)) {
-			throw new \exceptions\PublicApiException("user/invalid-username", "Invalid username (only up to 32 chars of a-z0-9 are allowed)");
+			throw new \exceptions\UserInputException("user/invalid-username", "Invalid username (only up to 32 chars of a-z0-9 are allowed)");
 		} else {
 			if ($this->muser->username_exists($username)) {
-				throw new \exceptions\PublicApiException("user/username-already-exists", "Username already exists");
+				throw new \exceptions\UserInputException("user/username-already-exists", "Username already exists");
 			}
 		}
 
 		if (!$this->valid_email($email)) {
-			throw new \exceptions\PublicApiException("user/invalid-email", "Invalid email");
+			throw new \exceptions\UserInputException("user/invalid-email", "Invalid email");
 		}
 
 		$this->db->set(array(
-- 
cgit v1.2.3-24-g4f1b