Issue #3114122 by jungle, klausi, dww: ExceptionLoggingSubscriber sho…

…uld log 403 access denied reason
drupal · May 7, 2020 · 2419a0c · 2419a0c
1 parent 27acf07
commit 2419a0c
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 2 deletions.
diff --git a/lib/Drupal/Core/EventSubscriber/ExceptionLoggingSubscriber.php b/lib/Drupal/Core/EventSubscriber/ExceptionLoggingSubscriber.php
@@ -38,8 +38,12 @@ public function __construct(LoggerChannelFactoryInterface $logger) {
    *   The event to process.
    */
   public function on403(GetResponseForExceptionEvent $event) {
-    $request = $event->getRequest();
-    $this->logger->get('access denied')->warning('@uri', ['@uri' => $request->getRequestUri()]);
+    // Log the exception with the page where it happened so that admins know
+    // why access was denied.
+    $exception = $event->getException();
+    $error = Error::decodeException($exception);
+    $error['@uri'] = $event->getRequest()->getRequestUri();
+    $this->logger->get('access denied')->warning('Path: @uri. %type: @message in %function (line %line of %file).', $error);
   }
 
   /**

diff --git a/modules/dblog/tests/src/Functional/DbLogTest.php b/modules/dblog/tests/src/Functional/DbLogTest.php
@@ -135,6 +135,44 @@ public function testLogEventPage() {
     $this->assertText('Notice', 'The severity was properly displayed on the detail page.');
   }
 
+  /**
+   * Tests that a 403 event is logged with the exception triggering it.
+   */
+  public function test403LogEventPage() {
+    $assert_session = $this->assertSession();
+    $uri = 'admin/reports';
+
+    $this->drupalLogin($this->webUser);
+    $this->drupalGet($uri);
+    $assert_session->statusCodeEquals(403);
+
+    $this->drupalLogin($this->adminUser);
+
+    $wid = Database::getConnection()->query("SELECT MAX(wid) FROM {watchdog} WHERE type='access denied'")->fetchField();
+    $this->drupalGet('admin/reports/dblog/event/' . $wid);
+
+    $table = $this->xpath("//table[@class='dblog-event']");
+    $this->assertCount(1, $table);
+
+    // Verify type, severity and location.
+    $type = $table[0]->findAll('xpath', "//tr/th[contains(text(), 'Type')]/../td");
+    $this->assertCount(1, $type);
+    $this->assertEquals('access denied', $type[0]->getText());
+    $severity = $table[0]->findAll('xpath', "//tr/th[contains(text(), 'Severity')]/../td");
+    $this->assertCount(1, $severity);
+    $this->assertEquals('Warning', $severity[0]->getText());
+    $location = $table[0]->findAll('xpath', "//tr/th[contains(text(), 'Location')]/../td/a");
+    $this->assertCount(1, $location);
+    $href = $location[0]->getAttribute('href');
+    $this->assertEquals($this->baseUrl . '/' . $uri, $href);
+
+    // Verify message.
+    $message = $table[0]->findAll('xpath', "//tr/th[contains(text(), 'Message')]/../td");
+    $this->assertCount(1, $message);
+    $regex = "@Path: .+admin/reports\. Drupal\\\\Core\\\\Http\\\\Exception\\\\CacheableAccessDeniedHttpException: The 'access site reports' permission is required\. in Drupal\\\\Core\\\\Routing\\\\AccessAwareRouter->checkAccess\(\) \(line \d+ of .+/core/lib/Drupal/Core/Routing/AccessAwareRouter\.php\)\.@";
+    $this->assertRegExp($regex, $message[0]->getText());
+  }
+
   /**
    * Test not-existing log event page.
    */