diff --git a/core/lib/Drupal/Core/EventSubscriber/DefaultExceptionHtmlSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/DefaultExceptionHtmlSubscriber.php index fc5375c..6d2f48f 100644 --- a/core/lib/Drupal/Core/EventSubscriber/DefaultExceptionHtmlSubscriber.php +++ b/core/lib/Drupal/Core/EventSubscriber/DefaultExceptionHtmlSubscriber.php @@ -76,6 +76,16 @@ protected function getHandledFormats() { } /** + * Handles a 401 error for HTML. + * + * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event + * The event to process. + */ + public function on401(GetResponseForExceptionEvent $event) { + $this->makeSubrequest($event, Url::fromRoute('system.401')->toString(), Response::HTTP_UNAUTHORIZED); + } + + /** * Handles a 403 error for HTML. * * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event diff --git a/core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php b/core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php index fcc2239..72c4d46 100644 --- a/core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php +++ b/core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php @@ -156,6 +156,30 @@ function testLocale() { } /** + * Tests if a comprehensive message is displayed rather then a raw exception + * when route is denied. + */ + function testUnauthorizedErrorMessage() { + $account = $this->drupalCreateUser(); + $url = Url::fromRoute('router_test.11'); + + // Case when no credentials are passed. + $this->drupalGet($url); + $this->assertResponse('401', 'The user is blocked when no credentials are passed.'); + $this->assertNoText('Exception', "A user friendly access unauthorized message is displayed"); + + // Case when empty credentials are passed. + $this->basicAuthGet($url, NULL, NULL); + $this->assertResponse('403', 'The user is blocked when empty credentials are passed.'); + $this->assertText('Access denied', "A user friendly access denied message is displayed"); + + // Case when wrong credentials are passed. + $this->basicAuthGet($url, $account->getUsername(), $this->randomMachineName()); + $this->assertResponse('403', 'The user is blocked when wrong credentials are passed.'); + $this->assertText('Access denied', "A user friendly access denied message is displayed"); + } + + /** * Does HTTP basic auth request. * * We do not use \Drupal\simpletest\WebTestBase::drupalGet because we need to diff --git a/core/modules/system/src/Controller/Http4xxController.php b/core/modules/system/src/Controller/Http4xxController.php index 7add79e..7616341 100644 --- a/core/modules/system/src/Controller/Http4xxController.php +++ b/core/modules/system/src/Controller/Http4xxController.php @@ -15,10 +15,22 @@ class Http4xxController extends ControllerBase { /** + * The default 401 content. + * + * @return array + * A render array containing the message to display for 401 pages. + */ + public function on401() { + return [ + '#markup' => $this->t('Please provide valid credentials.'), + ]; + } + + /** * The default 403 content. * * @return array - * A render array containing the message to display for 404 pages. + * A render array containing the message to display for 404 pages. */ public function on403() { return [ @@ -30,7 +42,7 @@ public function on403() { * The default 404 content. * * @return array - * A render array containing the message to display for 404 pages. + * A render array containing the message to display for 404 pages. */ public function on404() { return [ diff --git a/core/modules/system/system.routing.yml b/core/modules/system/system.routing.yml index 39755b6..661f4e0 100644 --- a/core/modules/system/system.routing.yml +++ b/core/modules/system/system.routing.yml @@ -7,6 +7,14 @@ system.ajax: requirements: _access: 'TRUE' +system.401: + path: '/system/401' + defaults: + _controller: '\Drupal\system\Controller\Http4xxController:on401' + _title: 'Unauthorized' + requirements: + _access: 'TRUE' + system.403: path: '/system/403' defaults: