Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-22784

Error 500 on POST /user/sessions if the user does not have access to the siteaccess

    XMLWordPrintable

Details

    Description

      The create session resource sends an error 500 when trying to create a session for a user that does not have access to the matched siteaccess. It's not detailed in the REST specifications, but it should rather sends a 403.

      Step to reproduce:

      1. create a user that does not have access to the default siteaccess
      2. create a session for this user with the REST API

      $ curl 'http://ezpublish5.loc/api/ezp/v2/user/sessions' -H 'Content-Type: application/vnd.ez.api.SessionInput+json' -H 'Accept: application/vnd.ez.api.Session+json' --data-binary '{"SessionInput":{"login":"test1","password":"test1"}}'
{
    "ErrorMessage": {
        "_media-type": "application\/vnd.ez.api.ErrorMessage+json",
        "errorCode": 500,
        "errorMessage": "Internal Server Error",
        "errorDescription": "User 'test1' doesn't have user\/login permission to SiteAccess 'ezdemo_site_user'",
        "trace": "#0 \/home\/dp\/dev\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/Security\/Http\/Firewall\/ExceptionListener.php(88): Symfony\\Component\\Security\\Http\\Firewall\\ExceptionListener->handleAccessDeniedException(Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent), Object(eZ\\Publish\\Core\\MVC\\Symfony\\Security\\Exception\\UnauthorizedSiteAccessException))\n#1 [internal function]: Symfony\\Component\\Security\\Http\\Firewall\\ExceptionListener->onKernelException(Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent))\n#2 \/home\/dp\/dev\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/Debug\/TraceableEventDispatcher.php(447): call_user_func(Array, Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent))\n#3 [internal function]: Symfony\\Component\\HttpKernel\\Debug\\TraceableEventDispatcher->Symfony\\Component\\HttpKernel\\Debug\\{closure}(Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent))\n#4 \/home\/dp\/dev\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/EventDispatcher\/EventDispatcher.php(164): call_user_func(Object(Closure), Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent))\n#5 \/home\/dp\/dev\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/EventDispatcher\/EventDispatcher.php(53): Symfony\\Component\\EventDispatcher\\EventDispatcher->doDispatch(Array, 'kernel.exceptio...', Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent))\n#6 \/home\/dp\/dev\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/EventDispatcher\/ContainerAwareEventDispatcher.php(167): Symfony\\Component\\EventDispatcher\\EventDispatcher->dispatch('kernel.exceptio...', Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent))\n#7 \/home\/dp\/dev\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/Debug\/TraceableEventDispatcher.php(139): Symfony\\Component\\EventDispatcher\\ContainerAwareEventDispatcher->dispatch('kernel.exceptio...', Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent))\n#8 \/home\/dp\/dev\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php(176): Symfony\\Component\\HttpKernel\\Debug\\TraceableEventDispatcher->dispatch('kernel.exceptio...', Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent))\n#9 \/home\/dp\/dev\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php(67): Symfony\\Component\\HttpKernel\\HttpKernel->handleException(Object(eZ\\Publish\\Core\\MVC\\Symfony\\Security\\Exception\\UnauthorizedSiteAccessException), Object(Symfony\\Component\\HttpFoundation\\Request), 1)\n#10 \/home\/dp\/dev\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/DependencyInjection\/ContainerAwareHttpKernel.php(62): Symfony\\Component\\HttpKernel\\HttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#11 \/home\/dp\/dev\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/Kernel.php(187): Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#12 \/home\/dp\/dev\/ezpublish-kernel\/eZ\/Bundle\/EzPublishCoreBundle\/Kernel.php(67): Symfony\\Component\\HttpKernel\\Kernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#13 \/home\/dp\/dev\/ezpublish-community\/web\/index.php(77): eZ\\Bundle\\EzPublishCoreBundle\\Kernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request))\n#14 {main}",
        "file": "\/home\/dp\/dev\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/Security\/Http\/Firewall\/ExceptionListener.php",
        "line": 110
    }
}

      Attachments

        Activity

          People

            Unassigned Unassigned
            damien.pobel-obsolete@ez.no Damien Pobel (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 7 hours
                7h