From 3bd434091fde2926d9869cff57037cbb99040a28 Mon Sep 17 00:00:00 2001 From: Yassine Guedidi Date: Wed, 12 Mar 2025 23:54:28 +0100 Subject: [PATCH] Convert 403 errors to 404 errors --- CHANGELOG.md | 1 + .../AccessDeniedToNotFoundSubscriber.php | 29 +++++++++++++++++++ .../Api/DeveloperControllerTest.php | 2 +- .../Api/EntryRestControllerTest.php | 6 ++-- tests/Controller/ConfigControllerTest.php | 18 ++++++------ tests/Controller/EntryControllerTest.php | 2 +- tests/Controller/SettingsControllerTest.php | 2 +- .../SiteCredentialControllerTest.php | 2 +- 8 files changed, 46 insertions(+), 16 deletions(-) create mode 100644 src/Event/Subscriber/AccessDeniedToNotFoundSubscriber.php diff --git a/CHANGELOG.md b/CHANGELOG.md index e6ea39762..cd0ed4c88 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## Upcoming changes +* **[BC BREAK]** Convert 403 errors to 404 errors by @yguedidi in https://github.com/wallabag/wallabag/pull/8075 * `wallassets/` folder renamed to `build/` ## [2.6.10](https://github.com/wallabag/wallabag/tree/2.6.10) diff --git a/src/Event/Subscriber/AccessDeniedToNotFoundSubscriber.php b/src/Event/Subscriber/AccessDeniedToNotFoundSubscriber.php new file mode 100644 index 000000000..c0e3126e2 --- /dev/null +++ b/src/Event/Subscriber/AccessDeniedToNotFoundSubscriber.php @@ -0,0 +1,29 @@ + 'onKernelException', + ]; + } + + public function onKernelException(ExceptionEvent $event): void + { + $exception = $event->getThrowable(); + + if ($exception instanceof AccessDeniedHttpException) { + $notFoundException = new NotFoundHttpException('', $exception); + $event->setThrowable($notFoundException); + } + } +} diff --git a/tests/Controller/Api/DeveloperControllerTest.php b/tests/Controller/Api/DeveloperControllerTest.php index 4fa29d4e1..f37923121 100644 --- a/tests/Controller/Api/DeveloperControllerTest.php +++ b/tests/Controller/Api/DeveloperControllerTest.php @@ -105,7 +105,7 @@ class DeveloperControllerTest extends WallabagTestCase $this->logInAs('bob'); $client->request('POST', '/developer/client/delete/' . $adminApiClient->getId()); - $this->assertSame(403, $client->getResponse()->getStatusCode()); + $this->assertSame(404, $client->getResponse()->getStatusCode()); // Try to remove the admin's client with the good user $this->logInAs('admin'); diff --git a/tests/Controller/Api/EntryRestControllerTest.php b/tests/Controller/Api/EntryRestControllerTest.php index e148d0c08..1dc95c331 100644 --- a/tests/Controller/Api/EntryRestControllerTest.php +++ b/tests/Controller/Api/EntryRestControllerTest.php @@ -110,7 +110,7 @@ class EntryRestControllerTest extends WallabagApiTestCase $this->client->request('GET', '/api/entries/' . $entry->getId() . '.json'); - $this->assertSame(403, $this->client->getResponse()->getStatusCode()); + $this->assertSame(404, $this->client->getResponse()->getStatusCode()); } public function testGetEntries() @@ -1260,14 +1260,14 @@ class EntryRestControllerTest extends WallabagApiTestCase { $this->client->request('GET', '/api/entries/exists?url='); - $this->assertSame(403, $this->client->getResponse()->getStatusCode()); + $this->assertSame(404, $this->client->getResponse()->getStatusCode()); } public function testGetEntriesExistsWithNoHashedUrl() { $this->client->request('GET', '/api/entries/exists?hashed_url='); - $this->assertSame(403, $this->client->getResponse()->getStatusCode()); + $this->assertSame(404, $this->client->getResponse()->getStatusCode()); } public function testReloadEntryErrorWhileFetching() diff --git a/tests/Controller/ConfigControllerTest.php b/tests/Controller/ConfigControllerTest.php index 922f8b28c..4596418a0 100644 --- a/tests/Controller/ConfigControllerTest.php +++ b/tests/Controller/ConfigControllerTest.php @@ -577,9 +577,9 @@ class ConfigControllerTest extends WallabagTestCase $crawler = $client->request('GET', '/tagging-rule/delete/' . $rule->getId()); - $this->assertSame(403, $client->getResponse()->getStatusCode()); + $this->assertSame(404, $client->getResponse()->getStatusCode()); $this->assertGreaterThan(1, $body = $crawler->filter('body')->extract(['_text'])); - $this->assertStringContainsString('You can not access this rule', $body[0]); + $this->assertStringContainsString('404: Not Found', $body[0]); } public function testEditingTaggingRuleFromAnOtherUser() @@ -593,9 +593,9 @@ class ConfigControllerTest extends WallabagTestCase $crawler = $client->request('GET', '/tagging-rule/edit/' . $rule->getId()); - $this->assertSame(403, $client->getResponse()->getStatusCode()); + $this->assertSame(404, $client->getResponse()->getStatusCode()); $this->assertGreaterThan(1, $body = $crawler->filter('body')->extract(['_text'])); - $this->assertStringContainsString('You can not access this rule', $body[0]); + $this->assertStringContainsString('404: Not Found', $body[0]); } public function testIgnoreOriginRuleCreation() @@ -714,9 +714,9 @@ class ConfigControllerTest extends WallabagTestCase $crawler = $client->request('GET', '/ignore-origin-user-rule/edit/' . $rule->getId()); - $this->assertSame(403, $client->getResponse()->getStatusCode()); + $this->assertSame(404, $client->getResponse()->getStatusCode()); $this->assertGreaterThan(1, $body = $crawler->filter('body')->extract(['_text'])); - $this->assertStringContainsString('You can not access this rule', $body[0]); + $this->assertStringContainsString('404: Not Found', $body[0]); } public function testEditingIgnoreOriginRuleFromAnOtherUser() @@ -730,9 +730,9 @@ class ConfigControllerTest extends WallabagTestCase $crawler = $client->request('GET', '/ignore-origin-user-rule/edit/' . $rule->getId()); - $this->assertSame(403, $client->getResponse()->getStatusCode()); + $this->assertSame(404, $client->getResponse()->getStatusCode()); $this->assertGreaterThan(1, $body = $crawler->filter('body')->extract(['_text'])); - $this->assertStringContainsString('You can not access this rule', $body[0]); + $this->assertStringContainsString('404: Not Found', $body[0]); } public function testDeleteUserButtonVisibility() @@ -767,7 +767,7 @@ class ConfigControllerTest extends WallabagTestCase $this->assertStringNotContainsString('config.form_user.delete.button', $body[0]); $client->request('POST', '/account/delete'); - $this->assertSame(403, $client->getResponse()->getStatusCode()); + $this->assertSame(404, $client->getResponse()->getStatusCode()); $user = $em ->getRepository(User::class) diff --git a/tests/Controller/EntryControllerTest.php b/tests/Controller/EntryControllerTest.php index c5249c44b..d9a1e4539 100644 --- a/tests/Controller/EntryControllerTest.php +++ b/tests/Controller/EntryControllerTest.php @@ -781,7 +781,7 @@ class EntryControllerTest extends WallabagTestCase $client->request('GET', '/view/' . $content->getId()); - $this->assertSame(403, $client->getResponse()->getStatusCode()); + $this->assertSame(404, $client->getResponse()->getStatusCode()); } public function testFilterOnReadingTime() diff --git a/tests/Controller/SettingsControllerTest.php b/tests/Controller/SettingsControllerTest.php index 189f90888..480d1b5ea 100644 --- a/tests/Controller/SettingsControllerTest.php +++ b/tests/Controller/SettingsControllerTest.php @@ -27,6 +27,6 @@ class SettingsControllerTest extends WallabagTestCase $crawler = $client->request('GET', '/settings'); - $this->assertSame(403, $client->getResponse()->getStatusCode()); + $this->assertSame(404, $client->getResponse()->getStatusCode()); } } diff --git a/tests/Controller/SiteCredentialControllerTest.php b/tests/Controller/SiteCredentialControllerTest.php index 73ddaac7a..41a6cbd70 100644 --- a/tests/Controller/SiteCredentialControllerTest.php +++ b/tests/Controller/SiteCredentialControllerTest.php @@ -114,7 +114,7 @@ class SiteCredentialControllerTest extends WallabagTestCase $client->request('GET', '/site-credentials/' . $credential->getId() . '/edit'); - $this->assertSame(403, $client->getResponse()->getStatusCode()); + $this->assertSame(404, $client->getResponse()->getStatusCode()); } public function testDeleteSiteCredential()