diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php index c7a61d3a028f..1a3e702a2425 100644 --- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php @@ -17,6 +17,7 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Event\GetResponseEvent; +use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\PropertyAccess\Exception\AccessException; use Symfony\Component\PropertyAccess\PropertyAccess; use Symfony\Component\PropertyAccess\PropertyAccessorInterface; @@ -83,23 +84,23 @@ public function handle(GetResponseEvent $event) try { if (!$data instanceof \stdClass) { - throw new BadCredentialsException('Invalid JSON.'); + throw new BadRequestHttpException('Invalid JSON.'); } try { $username = $this->propertyAccessor->getValue($data, $this->options['username_path']); } catch (AccessException $e) { - throw new BadCredentialsException(sprintf('The key "%s" must be provided.', $this->options['username_path'])); + throw new BadRequestHttpException(sprintf('The key "%s" must be provided.', $this->options['username_path']), $e); } try { $password = $this->propertyAccessor->getValue($data, $this->options['password_path']); } catch (AccessException $e) { - throw new BadCredentialsException(sprintf('The key "%s" must be provided.', $this->options['password_path'])); + throw new BadRequestHttpException(sprintf('The key "%s" must be provided.', $this->options['password_path']), $e); } if (!is_string($username)) { - throw new BadCredentialsException(sprintf('The key "%s" must be a string.', $this->options['username_path'])); + throw new BadRequestHttpException(sprintf('The key "%s" must be a string.', $this->options['username_path'])); } if (strlen($username) > Security::MAX_USERNAME_LENGTH) { @@ -107,7 +108,7 @@ public function handle(GetResponseEvent $event) } if (!is_string($password)) { - throw new BadCredentialsException(sprintf('The key "%s" must be a string.', $this->options['password_path'])); + throw new BadRequestHttpException(sprintf('The key "%s" must be a string.', $this->options['password_path'])); } $token = new UsernamePasswordToken($username, $password, $this->providerKey); diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php index 634d281a7ad9..cbc9669660ec 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php @@ -93,6 +93,23 @@ public function testUsePath() $this->assertEquals('ok', $event->getResponse()->getContent()); } + /** + * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException + * @expectedExceptionMessage Invalid JSON + */ + public function testAttemptAuthenticationNoJson() + { + $this->createListener(); + $request = new Request(); + $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); + + $this->listener->handle($event); + } + + /** + * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException + * @expectedExceptionMessage The key "username" must be provided + */ public function testAttemptAuthenticationNoUsername() { $this->createListener(); @@ -100,9 +117,12 @@ public function testAttemptAuthenticationNoUsername() $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event); - $this->assertSame('ko', $event->getResponse()->getContent()); } + /** + * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException + * @expectedExceptionMessage The key "password" must be provided + */ public function testAttemptAuthenticationNoPassword() { $this->createListener(); @@ -110,9 +130,12 @@ public function testAttemptAuthenticationNoPassword() $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event); - $this->assertSame('ko', $event->getResponse()->getContent()); } + /** + * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException + * @expectedExceptionMessage The key "username" must be a string. + */ public function testAttemptAuthenticationUsernameNotAString() { $this->createListener(); @@ -120,9 +143,12 @@ public function testAttemptAuthenticationUsernameNotAString() $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event); - $this->assertSame('ko', $event->getResponse()->getContent()); } + /** + * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException + * @expectedExceptionMessage The key "password" must be a string. + */ public function testAttemptAuthenticationPasswordNotAString() { $this->createListener(); @@ -130,7 +156,6 @@ public function testAttemptAuthenticationPasswordNotAString() $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event); - $this->assertSame('ko', $event->getResponse()->getContent()); } public function testAttemptAuthenticationUsernameTooLong()