mirrors/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-03-13 22:52:39 +00:00
Code Issues Projects Releases Wiki Activity

Merge abed8ee7d3 into a4a6eb580b

Browse source
This commit is contained in:
Yassine Guedidi 2025-03-13 00:32:59 +01:00 committed by GitHub
commit 1ddbc3b375
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 71 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/config/security.yml
View file

@ -70,7 +70,6 @@ security:
- { path: /(unread|starred|archive|annotated|all).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/locale, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /tags/(.*).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/feed, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /(unread|starred|archive|annotated).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } # For backwards compatibility
- { path: ^/share, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/settings, roles: ROLE_SUPER_ADMIN }

6
src/Controller/FeedController.php
View file

@ -6,6 +6,7 @@ use Pagerfanta\Adapter\ArrayAdapter;
use Pagerfanta\Doctrine\ORM\QueryAdapter as DoctrineORMAdapter;
use Pagerfanta\Exception\OutOfRangeCurrentPageException;
use Pagerfanta\Pagerfanta;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
@ -30,6 +31,7 @@ class FeedController extends AbstractController
* Shows unread entries for current user.
*
* @Route("/feed/{username}/{token}/unread/{page}", name="unread_feed", methods={"GET"}, defaults={"page"=1, "_format"="xml"})
* @IsGranted("PUBLIC_ACCESS")
*
* @ParamConverter("user", class="Wallabag\Entity\User", converter="username_feed_token_converter")
*
@ -44,6 +46,7 @@ class FeedController extends AbstractController
* Shows read entries for current user.
*
* @Route("/feed/{username}/{token}/archive/{page}", name="archive_feed", methods={"GET"}, defaults={"page"=1, "_format"="xml"})
* @IsGranted("PUBLIC_ACCESS")
*
* @ParamConverter("user", class="Wallabag\Entity\User", converter="username_feed_token_converter")
*
@ -58,6 +61,7 @@ class FeedController extends AbstractController
* Shows starred entries for current user.
*
* @Route("/feed/{username}/{token}/starred/{page}", name="starred_feed", methods={"GET"}, defaults={"page"=1, "_format"="xml"})
* @IsGranted("PUBLIC_ACCESS")
*
* @ParamConverter("user", class="Wallabag\Entity\User", converter="username_feed_token_converter")
*
@ -72,6 +76,7 @@ class FeedController extends AbstractController
* Shows all entries for current user.
*
* @Route("/feed/{username}/{token}/all/{page}", name="all_feed", methods={"GET"}, defaults={"page"=1, "_format"="xml"})
* @IsGranted("PUBLIC_ACCESS")
*
* @ParamConverter("user", class="Wallabag\Entity\User", converter="username_feed_token_converter")
*
@ -86,6 +91,7 @@ class FeedController extends AbstractController
* Shows entries associated to a tag for current user.
*
* @Route("/feed/{username}/{token}/tags/{slug}/{page}", name="tag_feed", methods={"GET"}, defaults={"page"=1, "_format"="xml"})
* @IsGranted("PUBLIC_ACCESS")
*
* @ParamConverter("user", class="Wallabag\Entity\User", converter="username_feed_token_converter")
* @ParamConverter("tag", options={"mapping": {"slug": "slug"}})

29
src/Event/Subscriber/AccessDeniedToNotFoundSubscriber.php Normal file
View file

@ -0,0 +1,29 @@
<?php
namespace Wallabag\Event\Subscriber;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ExceptionEvent;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\KernelEvents;
class AccessDeniedToNotFoundSubscriber implements EventSubscriberInterface
{
public static function getSubscribedEvents(): array
{
return [
KernelEvents::EXCEPTION => 'onKernelException',
];
}
public function onKernelException(ExceptionEvent $event): void
{
$exception = $event->getThrowable();
if ($exception instanceof AccessDeniedHttpException) {
$notFoundException = new NotFoundHttpException('', $exception);
$event->setThrowable($notFoundException);
}
}
}

2
tests/Controller/Api/DeveloperControllerTest.php
View file

@ -105,7 +105,7 @@ class DeveloperControllerTest extends WallabagTestCase
$this->logInAs('bob');
$client->request('POST', '/developer/client/delete/' . $adminApiClient->getId());
$this->assertSame(403, $client->getResponse()->getStatusCode());
$this->assertSame(404, $client->getResponse()->getStatusCode());
// Try to remove the admin's client with the good user
$this->logInAs('admin');

6
tests/Controller/Api/EntryRestControllerTest.php
View file

@ -110,7 +110,7 @@ class EntryRestControllerTest extends WallabagApiTestCase
$this->client->request('GET', '/api/entries/' . $entry->getId() . '.json');
$this->assertSame(403, $this->client->getResponse()->getStatusCode());
$this->assertSame(404, $this->client->getResponse()->getStatusCode());
}
public function testGetEntries()
@ -1260,14 +1260,14 @@ class EntryRestControllerTest extends WallabagApiTestCase
{
$this->client->request('GET', '/api/entries/exists?url=');
$this->assertSame(403, $this->client->getResponse()->getStatusCode());
$this->assertSame(404, $this->client->getResponse()->getStatusCode());
}
public function testGetEntriesExistsWithNoHashedUrl()
{
$this->client->request('GET', '/api/entries/exists?hashed_url=');
$this->assertSame(403, $this->client->getResponse()->getStatusCode());
$this->assertSame(404, $this->client->getResponse()->getStatusCode());
}
public function testReloadEntryErrorWhileFetching()

18
tests/Controller/ConfigControllerTest.php
View file

@ -577,9 +577,9 @@ class ConfigControllerTest extends WallabagTestCase
$crawler = $client->request('GET', '/tagging-rule/delete/' . $rule->getId());
$this->assertSame(403, $client->getResponse()->getStatusCode());
$this->assertSame(404, $client->getResponse()->getStatusCode());
$this->assertGreaterThan(1, $body = $crawler->filter('body')->extract(['_text']));
$this->assertStringContainsString('You can not access this rule', $body[0]);
$this->assertStringContainsString('404: Not Found', $body[0]);
}
public function testEditingTaggingRuleFromAnOtherUser()
@ -593,9 +593,9 @@ class ConfigControllerTest extends WallabagTestCase
$crawler = $client->request('GET', '/tagging-rule/edit/' . $rule->getId());
$this->assertSame(403, $client->getResponse()->getStatusCode());
$this->assertSame(404, $client->getResponse()->getStatusCode());
$this->assertGreaterThan(1, $body = $crawler->filter('body')->extract(['_text']));
$this->assertStringContainsString('You can not access this rule', $body[0]);
$this->assertStringContainsString('404: Not Found', $body[0]);
}
public function testIgnoreOriginRuleCreation()
@ -714,9 +714,9 @@ class ConfigControllerTest extends WallabagTestCase
$crawler = $client->request('GET', '/ignore-origin-user-rule/edit/' . $rule->getId());
$this->assertSame(403, $client->getResponse()->getStatusCode());
$this->assertSame(404, $client->getResponse()->getStatusCode());
$this->assertGreaterThan(1, $body = $crawler->filter('body')->extract(['_text']));
$this->assertStringContainsString('You can not access this rule', $body[0]);
$this->assertStringContainsString('404: Not Found', $body[0]);
}
public function testEditingIgnoreOriginRuleFromAnOtherUser()
@ -730,9 +730,9 @@ class ConfigControllerTest extends WallabagTestCase
$crawler = $client->request('GET', '/ignore-origin-user-rule/edit/' . $rule->getId());
$this->assertSame(403, $client->getResponse()->getStatusCode());
$this->assertSame(404, $client->getResponse()->getStatusCode());
$this->assertGreaterThan(1, $body = $crawler->filter('body')->extract(['_text']));
$this->assertStringContainsString('You can not access this rule', $body[0]);
$this->assertStringContainsString('404: Not Found', $body[0]);
}
public function testDeleteUserButtonVisibility()
@ -767,7 +767,7 @@ class ConfigControllerTest extends WallabagTestCase
$this->assertStringNotContainsString('config.form_user.delete.button', $body[0]);
$client->request('POST', '/account/delete');
$this->assertSame(403, $client->getResponse()->getStatusCode());
$this->assertSame(404, $client->getResponse()->getStatusCode());
$user = $em
->getRepository(User::class)

2
tests/Controller/EntryControllerTest.php
View file

@ -781,7 +781,7 @@ class EntryControllerTest extends WallabagTestCase
$client->request('GET', '/view/' . $content->getId());
$this->assertSame(403, $client->getResponse()->getStatusCode());
$this->assertSame(404, $client->getResponse()->getStatusCode());
}
public function testFilterOnReadingTime()

20
tests/Controller/FeedControllerTest.php
View file

@ -84,6 +84,8 @@ class FeedControllerTest extends WallabagTestCase
{
$client = $this->getTestClient();
$this->logInAs('empty');
$client->request('GET', $url);
$this->assertSame(404, $client->getResponse()->getStatusCode());
@ -92,6 +94,9 @@ class FeedControllerTest extends WallabagTestCase
public function testUnread()
{
$client = $this->getTestClient();
$this->logInAs('admin');
$em = $client->getContainer()->get(EntityManagerInterface::class);
$user = $em
->getRepository(User::class)
@ -113,6 +118,9 @@ class FeedControllerTest extends WallabagTestCase
public function testStarred()
{
$client = $this->getTestClient();
$this->logInAs('admin');
$em = $client->getContainer()->get(EntityManagerInterface::class);
$user = $em
->getRepository(User::class)
@ -135,6 +143,9 @@ class FeedControllerTest extends WallabagTestCase
public function testArchives()
{
$client = $this->getTestClient();
$this->logInAs('admin');
$em = $client->getContainer()->get(EntityManagerInterface::class);
$user = $em
->getRepository(User::class)
@ -157,6 +168,9 @@ class FeedControllerTest extends WallabagTestCase
public function testAll()
{
$client = $this->getTestClient();
$this->logInAs('admin');
$em = $client->getContainer()->get(EntityManagerInterface::class);
$user = $em
->getRepository(User::class)
@ -179,6 +193,9 @@ class FeedControllerTest extends WallabagTestCase
public function testPagination()
{
$client = $this->getTestClient();
$this->logInAs('admin');
$em = $client->getContainer()->get(EntityManagerInterface::class);
$user = $em
->getRepository(User::class)
@ -207,6 +224,9 @@ class FeedControllerTest extends WallabagTestCase
public function testTags()
{
$client = $this->getTestClient();
$this->logInAs('admin');
$em = $client->getContainer()->get(EntityManagerInterface::class);
$user = $em
->getRepository(User::class)

2
tests/Controller/SettingsControllerTest.php
View file

@ -27,6 +27,6 @@ class SettingsControllerTest extends WallabagTestCase
$crawler = $client->request('GET', '/settings');
$this->assertSame(403, $client->getResponse()->getStatusCode());
$this->assertSame(404, $client->getResponse()->getStatusCode());
}
}

2
tests/Controller/SiteCredentialControllerTest.php
View file

@ -114,7 +114,7 @@ class SiteCredentialControllerTest extends WallabagTestCase
$client->request('GET', '/site-credentials/' . $credential->getId() . '/edit');
$this->assertSame(403, $client->getResponse()->getStatusCode());
$this->assertSame(404, $client->getResponse()->getStatusCode());
}
public function testDeleteSiteCredential()