improve thrown exception to include the blackhole reason details

cakephp · Mar 11, 2016 · 8b80371 · 8b80371
1 parent b64bcff
commit 8b80371
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 8 deletions.
diff --git a/src/Controller/Component/SecurityComponent.php b/src/Controller/Component/SecurityComponent.php
@@ -180,8 +180,7 @@ public function requireAuth($actions)
      *
      * @param \Cake\Controller\Controller $controller Instantiating controller
      * @param string $error Error method
-     * @param \Cake\Controller\Exception\SecurityException $exception Additional debug info describing the cause,
-     * debug mode only
+     * @param \Cake\Controller\Exception\SecurityException $exception Additional debug info describing the cause
      * @return mixed If specified, controller blackHoleCallback's response, or no return otherwise
      * @see \Cake\Controller\Component\SecurityComponent::$blackHoleCallback
      * @link http://book.cakephp.org/3.0/en/controllers/components/security.html#handling-blackhole-callbacks
@@ -190,14 +189,30 @@ public function requireAuth($actions)
     public function blackHole(Controller $controller, $error = '', SecurityException $exception = null)
     {
         if (!$this->_config['blackHoleCallback']) {
-            if (Configure::read('debug') && $exception !== null) {
-                throw $exception;
-            }
-            throw new BadRequestException('The request has been black-holed');
+            $this->_throwException($exception);
         }
         return $this->_callback($controller, $this->_config['blackHoleCallback'], [$error, $exception]);
     }
 
+    /**
+     * Check debug status and throw an Exception based on the existing one
+     *
+     * @param \Cake\Controller\Exception\SecurityException $exception Additional debug info describing the cause
+     * @throws \Cake\Network\Exception\BadRequestException
+     */
+    protected function _throwException($exception = null)
+    {
+        $defaultMessage = 'The request has been black-holed';
+        if ($exception !== null) {
+            if (!Configure::read('debug')) {
+                $exception->setReason($exception->getMessage());
+                $exception->setMessage($defaultMessage);
+            }
+            throw $exception;
+        }
+        throw new BadRequestException($defaultMessage);
+    }
+
     /**
      * Sets the actions that require a $method HTTP request, or empty for all actions
      *
@@ -323,7 +338,7 @@ protected function _validatePost(Controller $controller)
      *
      * @param \Cake\Controller\Controller $controller Instantiating controller
      * @throws \Cake\Controller\Exception\SecurityException
-     * @return String fields token
+     * @return string fields token
      */
     protected function _validToken(Controller $controller)
     {

diff --git a/src/Controller/Exception/SecurityException.php b/src/Controller/Exception/SecurityException.php
@@ -25,6 +25,13 @@ class SecurityException extends BadRequestException
      */
     protected $_type = 'secure';
 
+    /**
+     * Reason for request blackhole
+     *
+     * @var string
+     */
+    protected $_reason = null;
+
     /**
      * Getter for type
      *
@@ -34,4 +41,36 @@ public function getType()
     {
         return $this->_type;
     }
+
+    /**
+     * Set Message
+     *
+     * @param string $message Exception message
+     * @return void
+     */
+    public function setMessage($message)
+    {
+        $this->message = $message;
+    }
+
+    /**
+     * Set Reason
+     *
+     * @param string $reason Reason details
+     * @return void
+     */
+    public function setReason($reason = null)
+    {
+        $this->_reason = $reason;
+    }
+
+    /**
+     * Get Reason
+     *
+     * @return string
+     */
+    public function getReason()
+    {
+        return $this->_reason;
+    }
 }
diff --git a/tests/TestCase/Controller/Component/SecurityComponentTest.php b/tests/TestCase/Controller/Component/SecurityComponentTest.php
@@ -1431,11 +1431,13 @@ public function testBlackholeThrowsBadRequest()
         Configure::write('debug', false);
         try {
             $this->Security->blackHole($this->Controller, 'auth', new SecurityException('error description'));
-        } catch (BadRequestException $ex) {
+        } catch (SecurityException $ex) {
             $message = $ex->getMessage();
+            $reason = $ex->getReason();
         }
         Configure::write('debug', $debug);
         $this->assertEquals('The request has been black-holed', $message);
+        $this->assertEquals('error description', $reason);
     }
 
     /**