app/Service/EventSubscriber/KernelErrorSubscriber.php line 91

Open in your IDE?
  1. <?php
  3. namespace Sq\Service\EventSubscriber;
  5. use GraphQL\Server\RequestError as GraphQLRequestError;
  6. use Psr\Container\ContainerInterface;
  7. use Psr\Log\LoggerInterface;
  8. use Psr\Log\LogLevel;
  9. use Sq\Event\Kernel\InitialiseContainerEvent;
  10. use Sq\Exception\Controller\AdminAccessDeniedException;
  11. use Sq\Exception\Controller\MemberAccessDeniedException;
  12. use Sq\Exception\Controller\MFARequiredException;
  13. use Sq\Exception\Controller\MFAVerificationException;
  14. use Sq\Service\Environment;
  15. use Sq\Service\FeatureChecker;
  16. use Sq\Service\ReactApp;
  17. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  18. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  19. use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
  20. use Symfony\Component\HttpFoundation\JsonResponse;
  21. use Symfony\Component\HttpFoundation\RedirectResponse;
  22. use Symfony\Component\HttpFoundation\Request;
  23. use Symfony\Component\HttpFoundation\Response;
  24. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  25. use Symfony\Component\HttpKernel\EventListener\ErrorListener as SymfonyErrorListener;
  26. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  27. use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
  28. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  29. use Symfony\Component\HttpKernel\KernelEvents;
  30. use Symfony\Component\Routing\Exception\InvalidParameterException;
  31. use Symfony\Component\Routing\Exception\MethodNotAllowedException;
  32. use Symfony\Component\Routing\Exception\ResourceNotFoundException;
  34. class KernelErrorSubscriber implements EventSubscriberInterface
  35. {
  36.     /** @var Environment */
  37.     protected $environment;
  39.     /** @var EventDispatcherInterface */
  40.     protected $dispatcher;
  42.     /** @var LoggerInterface */
  43.     protected $logger;
  45.     /** @var FeatureChecker */
  46.     protected $featureChecker;
  48.     /** @var ContainerInterface */
  49.     protected $container;
  51.     /** @var ReactApp */
  52.     private $reactApp;
  54.     /** @var string[] */
  55.     protected $exceptionLogLevels = [
  56.         SuspiciousOperationException::class => LogLevel::ERROR,
  57.         MethodNotAllowedException::class => LogLevel::ERROR,
  58.         InvalidParameterException::class => LogLevel::ERROR,
  59.         BadRequestHttpException::class => LogLevel::ERROR,
  60.         ResourceNotFoundException::class => LogLevel::ERROR,
  61.     ];
  63.     public function __construct(
  64.         Environment $environment,
  65.         EventDispatcherInterface $dispatcher,
  66.         LoggerInterface $logger,
  67.         FeatureChecker $featureChecker,
  68.         ContainerInterface $container,
  69.         ReactApp $reactApp
  70.     ) {
  71.         $this->environment $environment;
  72.         $this->dispatcher $dispatcher;
  73.         $this->logger $logger;
  74.         $this->featureChecker $featureChecker;
  75.         $this->container $container;
  76.         $this->reactApp $reactApp;
  77.     }
  79.     public static function getSubscribedEvents()
  80.     {
  81.         return [
  82.             KernelEvents::EXCEPTION => ['onKernelException'],
  83.             InitialiseContainerEvent::class => ['onKernelInitialiseContainer']
  84.         ];
  85.     }
  87.     /**
  88.      * Removes the logKernelException listener as we do our own logging.
  89.      * For Symfony 5.x we will need to update this to remove the SymfonyExceptionListener.
  90.      */
  91.     public function onKernelInitialiseContainer()
  92.     {
  93.         $dispatcher $this->dispatcher;
  94.         $listeners $dispatcher->getListeners("kernel.exception");
  95.         foreach ($listeners as $listener)
  96.         {
  97.             if (is_array($listener)
  98.                 && ($listener[0] instanceof SymfonyErrorListener)
  99.                 && $listener[1] == "logKernelException"
  100.             ) {
  101.                 $dispatcher->removeListener("kernel.exception"$listener);
  102.                 break;
  103.             }
  104.         }
  105.     }
  107.     /**
  108.      * Handles kernel exceptions we want to (e.g. 404, 500, access denied).
  109.      *
  110.      * @param ExceptionEvent $event
  111.      *
  112.      * @throws \Exception
  113.      */
  114.     public function onKernelException(ExceptionEvent $event)
  115.     {
  116.         // You get the exception object from the received event
  117.         $throwable $event->getThrowable();
  118.         $response null;
  120.         switch (get_class($throwable))
  121.         {
  122.             case MFARequiredException::class:
  123.                 $response $this->handleMFARequired($event->getRequest());
  124.                 break;
  125.             case MFAVerificationException::class:
  126.                 $response $this->handleMFAVerification($event->getRequest());
  127.                 break;
  128.             case AdminAccessDeniedException::class:
  129.                 $response $this->handleAdminAccessDenied($event->getRequest());
  130.                 break;
  131.             case MemberAccessDeniedException::class:
  132.                 $response $this->handleMemberAccessDenied($event->getRequest());
  133.                 break;
  134.             case NotFoundHttpException::class:
  135.                 if ($this->reactApp->shouldUseReactForRequest())
  136.                 {
  137.                     try
  138.                     {
  139.                         $response $this->reactApp->renderReactApp();
  140.                         $event->allowCustomResponseCode();
  141.                     }
  142.                     catch (\Throwable $e)
  143.                     {
  144.                         $event->setThrowable($e);
  145.                     }
  146.                 }
  147.                 break;
  148.         }
  150.         $this->logError($throwable);
  152.         // Send the modified response object to the event
  153.         if ($response instanceof Response)
  154.         {
  155.             $event->setResponse($response);
  156.         }
  157.     }
  159.     /**
  160.      * Logs the error to the appropriate level.
  161.      *
  162.      * @param \Throwable $throwable
  163.      */
  164.     protected function logError(\Throwable $throwable)
  165.     {
  166.         $logLevel LogLevel::CRITICAL;
  168.         if ($throwable instanceof NotFoundHttpException || $throwable instanceof ResourceNotFoundException)
  169.         {
  170.             return;
  171.         }
  173.         if (($throwable instanceof HttpExceptionInterface && $throwable->getStatusCode() < 500) ||
  174.             $throwable instanceof MFARequiredException ||
  175.             $throwable instanceof MFAVerificationException ||
  176.             $throwable instanceof AdminAccessDeniedException ||
  177.             $throwable instanceof MemberAccessDeniedException ||
  178.             $throwable instanceof \RuntimeException && str_contains($throwable->getMessage(), 'Invalid JSON received in POST body') ||
  179.             $throwable instanceof GraphQLRequestError && str_contains($throwable->getMessage(), 'HTTP Method') && str_contains($throwable->getMessage(), 'is not supported')
  180.         ) {
  181.             $logLevel LogLevel::ERROR;
  182.         }
  183.         if (array_key_exists(get_class($throwable), $this->exceptionLogLevels))
  184.         {
  185.             $logLevel $this->exceptionLogLevels[get_class($throwable)];
  186.         }
  188.         $this->logger->log($logLevel"{exception}", ['exception' => $throwable]);
  189.     }
  191.     /**
  192.      * Handle MFA required for this page.
  193.      * Public method, as it's used in admin_only.inc.php for legacy pages.
  194.      *
  195.      * @param Request $request
  196.      *
  197.      * @return Response|null
  198.      */
  199.     public function handleMFARequired(Request $request)
  200.     {
  201.         if ($request->isXmlHttpRequest())
  202.         {
  203.             return new JsonResponse(["status" => "ERROR""msg" => "MFA is required for this page"], 401);
  204.         }
  206.         return new RedirectResponse("/mfa/required?uri=" urlencode($request->getRequestUri()));
  207.     }
  209.     /**
  210.      * Handle MFA verification required for this page.
  211.      * Public method, as it's used in admin_only.inc.php for legacy pages.
  212.      *
  213.      * @param Request $request
  214.      *
  215.      * @return Response|null
  216.      */
  217.     public function handleMFAVerification(Request $request)
  218.     {
  219.         if ($request->isXmlHttpRequest())
  220.         {
  221.             return new JsonResponse(["status" => "ERROR""msg" => "MFA verification is required for this page"], 401);
  222.         }
  224.         return new RedirectResponse("/mfa/verify?r=" urlencode($request->getRequestUri()));
  225.     }
  227.     /**
  228.      * Handle denied attempt to a member page.
  229.      * Public method, as it's used in admin_only.inc.php for legacy pages.
  230.      *
  231.      * @param Request $request
  232.      *
  233.      * @return Response|null
  234.      */
  235.     public function handleAdminAccessDenied(Request $request)
  236.     {
  237.         if ($request->isXmlHttpRequest())
  238.         {
  239.             return new JsonResponse(["status" => "ERROR""msg" => "You must be logged in as an administrator"], 401);
  240.         }
  242.         return new RedirectResponse($request->getSchemeAndHttpHost());
  243.     }
  245.     /**
  246.      * Handle denied attempt to a member page.
  247.      * Public method, as it's used in members_only.inc.php for legacy pages.
  248.      *
  249.      * @param Request $request
  250.      *
  251.      * @return Response|null
  252.      */
  253.     public function handleMemberAccessDenied(Request $request)
  254.     {
  255.         if ($request->isXmlHttpRequest())
  256.         {
  257.             return new JsonResponse(["status" => "ERROR""msg" => "You are no longer logged in"], 401);
  258.         }
  260.         return new RedirectResponse($request->getSchemeAndHttpHost() . "/login?r=" urlencode(ltrim($request->getRequestUri(), "/")));
  261.     }
  262. }