Resthandler permission exception

gunnar.lieb · February 19, 2021, 11:44am

Can we have a permission exception coldbox.system.resthandler?

So e.g. if a user can’t access a resource, we would throw a permissionDenied exception which would be treated in the rest handler.

What do you think? If it makes sense we can prepare a pull request

lmajano · February 19, 2021, 2:44pm

Hi @gunnar.lieb we do have two actions already to address: unauthenticated and unauthorized:

github.com

ColdBox/coldbox-platform/blob/development/system/RestHandler.cfc#L440


	 * call it a-la-carte.
	 *
	 * It also monitors cbsecurity convention of validator results for setting error messages into the data packet
	 *
	 * @event The request context
	 * @rc The rc reference
	 * @prc The prc reference
	 *
	 * @return 403
	 */
	function onAuthenticationFailure(
		event = getRequestContext(),
		rc    = getRequestCollection(),
		prc   = getRequestCollection( private = true ),
		abort = false
	){
		// case when the a jwt token was valid, but expired
		if (
			!isNull( arguments.prc.cbSecurity_validatorResults ) &&
			arguments.prc.cbSecurity_validatorResults.messages CONTAINS "expired"
		) {

github.com

ColdBox/coldbox-platform/blob/development/system/RestHandler.cfc#L479


	 * Action that can be used for authorization failures. You can point to this action from cbsecurity, cbauth, etc or
	 * call it a-la-carte.
	 *
	 * It will check for cbsecurity validation results and set the appropriate error messages
	 *
	 * @event The request context
	 * @rc The rc reference
	 * @prc The prc reference
	 * @abort Hard abort the request if passed, defaults to false
	 */
	function onAuthorizationFailure(
		event = getRequestContext(),
		rc    = getRequestCollection(),
		prc   = getRequestCollection( private = true ),
		abort = false
	){
		arguments.event
			.getResponse()
			.setError( true )
			.setStatusCode( arguments.event.STATUS.NOT_AUTHORIZED )
			.setStatusText( "Unauthorized Resource" )

Is this what you are talking about?

gunnar.lieb · February 19, 2021, 2:52pm

Ok, thanks, so onAuthorizationFailure would the right!

gunnar.lieb · February 19, 2021, 3:34pm

Shouldn’t it have an according catch in the resthandler.aroundhandler()?

gunnar.lieb · February 22, 2021, 8:45am

@lmajano I made a pull request: Update RestHandler.cfc, added catch for onAuthorizationFailure by GunnarLieb · Pull Request #472 · ColdBox/coldbox-platform · GitHub

Resthandler permission exception

Latest Ortus News

GIVING BACK

HARVESTING IN SPANISH

WOODSEDGE