diff --git a/core/lib/Drupal/Core/EventSubscriber/AuthenticationSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/AuthenticationSubscriber.php index 62f5486..be3f55e 100644 --- a/core/lib/Drupal/Core/EventSubscriber/AuthenticationSubscriber.php +++ b/core/lib/Drupal/Core/EventSubscriber/AuthenticationSubscriber.php @@ -96,7 +96,7 @@ public function onKernelRequestFilterProvider(GetResponseEvent $event) { if (isset($this->filter) && $event->getRequestType() === HttpKernelInterface::MASTER_REQUEST) { $request = $event->getRequest(); if ($this->authenticationProvider->applies($request) && !$this->filter->appliesToRoutedRequest($request, TRUE)) { - throw new AccessDeniedHttpException(); + throw new AccessDeniedHttpException('The used authentication method is not allowed on this route.'); } } } diff --git a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php index a5cb361..5e279a6 100644 --- a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php +++ b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php @@ -106,7 +106,7 @@ public static function create(ContainerInterface $container, array $configuratio public function get(EntityInterface $entity) { $entity_access = $entity->access('view', NULL, TRUE); if (!$entity_access->isAllowed()) { - throw new AccessDeniedHttpException(); + throw new AccessDeniedHttpException("You are not authorized to view this {$entity->getEntityTypeId()} entity of bundle {$entity->bundle()}."); } $response = new ResourceResponse($entity, 200); @@ -145,7 +145,7 @@ public function post(EntityInterface $entity = NULL) { } if (!$entity->access('create')) { - throw new AccessDeniedHttpException(); + throw new AccessDeniedHttpException("You are not authorized to create this {$entity->getEntityTypeId()} entity of bundle {$entity->bundle()}."); } $definition = $this->getPluginDefinition(); // Verify that the deserialized entity is of the type that we expect to @@ -200,7 +200,7 @@ public function patch(EntityInterface $original_entity, EntityInterface $entity throw new BadRequestHttpException('Invalid entity type'); } if (!$original_entity->access('update')) { - throw new AccessDeniedHttpException(); + throw new AccessDeniedHttpException("You are not authorized to update this {$entity->getEntityTypeId()} entity of bundle {$entity->bundle()}."); } // Overwrite the received properties. @@ -264,7 +264,7 @@ public function patch(EntityInterface $original_entity, EntityInterface $entity */ public function delete(EntityInterface $entity) { if (!$entity->access('delete')) { - throw new AccessDeniedHttpException(); + throw new AccessDeniedHttpException("You are not authorized to delete this {$entity->getEntityTypeId()} entity of bundle {$entity->bundle()}."); } try { $entity->delete(); diff --git a/core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php b/core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php index 18dc296..f0c6fd5 100644 --- a/core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php +++ b/core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php @@ -92,7 +92,7 @@ protected function getAuthenticationRequestOptions($method) { * {@inheritdoc} */ protected function assertResponseWhenMissingAuthentication(ResponseInterface $response) { - $this->assertResourceErrorResponse(403, '', $response); + $this->assertResourceErrorResponse(403, FALSE, $response); } /** diff --git a/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php b/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php index 48ed438..e98fa3b 100644 --- a/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php +++ b/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php @@ -301,7 +301,7 @@ public function testGet() { // response because ?_format query string is present. $response = $this->request('GET', $url, $request_options); if ($has_canonical_url) { - $this->assertResourceErrorResponse(403, '', $response); + $this->assertResourceErrorResponse(403, "You are not authorized to view this {$this->entity->getEntityTypeId()} entity of bundle {$this->entity->bundle()}.", $response); } else { $this->assertResourceErrorResponse(404, 'No route found for "GET ' . str_replace($this->baseUrl, '', $this->getUrl()->setAbsolute()->toString()) . '"', $response); @@ -340,8 +340,7 @@ public function testGet() { // DX: 403 when unauthorized. $response = $this->request('GET', $url, $request_options); - // @todo Update the message in https://www.drupal.org/node/2808233. - $this->assertResourceErrorResponse(403, '', $response); + $this->assertResourceErrorResponse(403, "You are not authorized to view this {$this->entity->getEntityTypeId()} entity of bundle {$this->entity->bundle()}.", $response); $this->setUpAuthorization('GET'); @@ -399,8 +398,7 @@ public function testGet() { // DX: 403 when unauthorized. $response = $this->request('GET', $url, $request_options); - // @todo Update the message in https://www.drupal.org/node/2808233. - $this->assertResourceErrorResponse(403, '', $response); + $this->assertResourceErrorResponse(403, "You are not authorized to view this {$this->entity->getEntityTypeId()} entity of bundle {$this->entity->bundle()}.", $response); $this->grantPermissionsToTestedRole(['restful get entity:' . static::$entityTypeId]); @@ -554,8 +552,7 @@ public function testPost() { // DX: 403 when unauthorized. $response = $this->request('POST', $url, $request_options); - // @todo Update the message in https://www.drupal.org/node/2808233. - $this->assertResourceErrorResponse(403, '', $response); + $this->assertResourceErrorResponse(403, "You are not authorized to create this {$this->entity->getEntityTypeId()} entity of bundle {$this->entity->bundle()}.", $response); $this->setUpAuthorization('POST'); @@ -622,8 +619,7 @@ public function testPost() { // DX: 403 when unauthorized. $response = $this->request('POST', $url, $request_options); - // @todo Update the message in https://www.drupal.org/node/2808233. - $this->assertResourceErrorResponse(403, '', $response); + $this->assertResourceErrorResponse(403, "You are not authorized to write this {$this->entity->getEntityTypeId()} entity of bundle {$this->entity->bundle()}.", $response); $this->grantPermissionsToTestedRole(['restful post entity:' . static::$entityTypeId]); @@ -746,8 +742,7 @@ public function testPatch() { // DX: 403 when unauthorized. $response = $this->request('PATCH', $url, $request_options); - // @todo Update the message in https://www.drupal.org/node/2808233. - $this->assertResourceErrorResponse(403, '', $response); + $this->assertResourceErrorResponse(403, "You are not authorized to update this {$this->entity->getEntityTypeId()} entity of bundle {$this->entity->bundle()}.", $response); $this->setUpAuthorization('PATCH'); @@ -829,8 +824,7 @@ public function testPatch() { // DX: 403 when unauthorized. $response = $this->request('PATCH', $url, $request_options); - // @todo Update the message in https://www.drupal.org/node/2808233. - $this->assertResourceErrorResponse(403, '', $response); + $this->assertResourceErrorResponse(403, "You are not authorized to update this {$this->entity->getEntityTypeId()} entity of bundle {$this->entity->bundle()}.", $response); $this->grantPermissionsToTestedRole(['restful patch entity:' . static::$entityTypeId]); @@ -899,8 +893,7 @@ public function testDelete() { // DX: 403 when unauthorized. $response = $this->request('DELETE', $url, $request_options); - // @todo Update the message in https://www.drupal.org/node/2808233. - $this->assertResourceErrorResponse(403, '', $response); + $this->assertResourceErrorResponse(403, "You are not authorized to delete this {$this->entity->getEntityTypeId()} entity of bundle {$this->entity->bundle()}.", $response); $this->setUpAuthorization('DELETE'); @@ -929,8 +922,7 @@ public function testDelete() { // DX: 403 when unauthorized. $response = $this->request('DELETE', $url, $request_options); - // @todo Update the message in https://www.drupal.org/node/2808233. - $this->assertResourceErrorResponse(403, '', $response); + $this->assertResourceErrorResponse(403, "You are not authorized to delete this {$this->entity->getEntityTypeId()} entity of bundle {$this->entity->bundle()}.", $response); $this->grantPermissionsToTestedRole(['restful delete entity:' . static::$entityTypeId]); diff --git a/core/modules/rest/tests/src/Functional/EntityResource/Role/RoleJsonBasicAuthTest.php b/core/modules/rest/tests/src/Functional/EntityResource/Role/RoleJsonBasicAuthTest.php index 75fcd08..f956bfa 100644 --- a/core/modules/rest/tests/src/Functional/EntityResource/Role/RoleJsonBasicAuthTest.php +++ b/core/modules/rest/tests/src/Functional/EntityResource/Role/RoleJsonBasicAuthTest.php @@ -3,6 +3,7 @@ namespace Drupal\Tests\rest\Functional\EntityResource\Role; use Drupal\Tests\rest\Functional\BasicAuthResourceTestTrait; +use Drupal\Tests\rest\Functional\JsonBasicAuthWorkaroundFor2805281Trait; use Psr\Http\Message\ResponseInterface; /** @@ -37,12 +38,9 @@ class RoleJsonBasicAuthTest extends RoleResourceTestBase { */ protected static $auth = 'basic_auth'; - /** - * {@inheritdoc} - */ - protected function assertResponseWhenMissingAuthentication(ResponseInterface $response) { - $this->assertSame(401, $response->getStatusCode()); - $this->assertSame('{"message":"A fatal error occurred: No authentication credentials provided."}', (string) $response->getBody()); + // @todo Fix in https://www.drupal.org/node/2805281: remove this trait usage. + use JsonBasicAuthWorkaroundFor2805281Trait { + JsonBasicAuthWorkaroundFor2805281Trait::assertResponseWhenMissingAuthentication insteadof BasicAuthResourceTestTrait; } }