Merge branch '5.0' into 5.1

nicolas-grekas · nicolas-grekas · commit 932d4738b970 · 2020-05-28T10:20:44.000+02:00
* 5.0:
  Handle fetch mode deprecation of DBAL 2.11.
  Fixed handling of CSRF logout error
  [WebProfilerBundle] changed label of memory usage in time panel (Mb into MiB)
  [DotEnv][WebLink][Templating][ErrorHandler] Updated README with minimal example
diff --git a/Firewall/ExceptionListener.php b/Firewall/ExceptionListener.php
@@ -111,7 +111,7 @@ public function onKernelException(ExceptionEvent $event)
             }
 
             if ($exception instanceof LogoutException) {
-                $this->handleLogoutException($exception);
+                $this->handleLogoutException($event, $exception);
 
                 return;
             }
@@ -183,10 +183,12 @@ private function handleAccessDeniedException(ExceptionEvent $event, AccessDenied
         }
     }
 
-    private function handleLogoutException(LogoutException $exception): void
+    private function handleLogoutException(ExceptionEvent $event, LogoutException $exception): void
     {
+        $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
+
         if (null !== $this->logger) {
-            $this->logger->info('A LogoutException was thrown.', ['exception' => $exception]);
+            $this->logger->info('A LogoutException was thrown; wrapping with AccessDeniedHttpException', ['exception' => $exception]);
         }
     }
 
diff --git a/Tests/Firewall/ExceptionListenerTest.php b/Tests/Firewall/ExceptionListenerTest.php
@@ -21,6 +21,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Exception\LogoutException;
 use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
 use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\Security\Http\Firewall\ExceptionListener;
@@ -157,6 +158,17 @@ public function testAccessDeniedExceptionNotFullFledged(\Exception $exception, \
         $this->assertSame(null === $eventException ? $exception : $eventException, $event->getThrowable()->getPrevious());
     }
 
+    public function testLogoutException()
+    {
+        $event = $this->createEvent(new LogoutException('Invalid CSRF.'));
+
+        $listener = $this->createExceptionListener();
+        $listener->onKernelException($event);
+
+        $this->assertEquals('Invalid CSRF.', $event->getException()->getMessage());
+        $this->assertEquals(403, $event->getException()->getStatusCode());
+    }
+
     public function getAccessDeniedExceptionProvider()
     {
         return [

Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ public function onKernelException(ExceptionEvent $event)`
`111`	`111`	`}`
`112`	`112`
`113`	`113`	`if ($exception instanceof LogoutException) {`
`114`		`- $this->handleLogoutException($exception);`
	`114`	`+ $this->handleLogoutException($event, $exception);`
`115`	`115`
`116`	`116`	`return;`
`117`	`117`	`}`
`@@ -183,10 +183,12 @@ private function handleAccessDeniedException(ExceptionEvent $event, AccessDenied`
`183`	`183`	`}`
`184`	`184`	`}`
`185`	`185`
`186`		`- private function handleLogoutException(LogoutException $exception): void`
	`186`	`+ private function handleLogoutException(ExceptionEvent $event, LogoutException $exception): void`
`187`	`187`	`{`
	`188`	`+ $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));`
	`189`	`+`
`188`	`190`	`if (null !== $this->logger) {`
`189`		`- $this->logger->info('A LogoutException was thrown.', ['exception' => $exception]);`
	`191`	`+ $this->logger->info('A LogoutException was thrown; wrapping with AccessDeniedHttpException', ['exception' => $exception]);`
`190`	`192`	`}`
`191`	`193`	`}`
`192`	`194`