[Security] made code easier to understand, added some missing unit tests

Author: fabpot

Firewall/ExceptionListener.php

@@ -81,100 +81,83 @@ public function onKernelException(GetResponseForExceptionEvent $event)
         $event->getDispatcher()->removeListener(KernelEvents::EXCEPTION, array($this, 'onKernelException'));
 
         $exception = $event->getException();
-        $request = $event->getRequest();
-
-        while (null !== $exception) {
+        do {
             if ($exception instanceof AuthenticationException) {
-                if (null !== $this->logger) {
-                    $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage()));
-                }
-
-                try {
-                    $response = $this->startAuthentication($request, $exception);
-
-                    break;
-                } catch (\Exception $e) {
-                    $event->setException($e);
-
-                    return;
-                }
+                return $this->handleAuthenticationException($event, $exception);
+            } elseif ($exception instanceof AccessDeniedException) {
+                return $this->handleAccessDeniedException($event, $exception);
+            } elseif ($exception instanceof LogoutException) {
+                return $this->handleLogoutException($event, $exception);
             }
+        } while (null !== $exception = $exception->getPrevious());
+    }
 
-            if ($exception instanceof AccessDeniedException) {
-                $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
-
-                $token = $this->context->getToken();
-                if (!$this->authenticationTrustResolver->isFullFledged($token)) {
-                    if (null !== $this->logger) {
-                        $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine()));
-                    }
-
-                    try {
-                        $insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception);
-                        $insufficientAuthenticationException->setToken($token);
-                        $response = $this->startAuthentication($request, $insufficientAuthenticationException);
-
-                        break;
-                    } catch (\Exception $e) {
-                        $event->setException($e);
-
-                        return;
-                    }
-                } else {
-                    if (null !== $this->logger) {
-                        $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine()));
-                    }
-
-                    try {
-                        if (null !== $this->accessDeniedHandler) {
-                            $response = $this->accessDeniedHandler->handle($request, $exception);
-
-                            if (!$response instanceof Response) {
-                                return;
-                            }
+    private function handleAuthenticationException(GetResponseForExceptionEvent $event, AuthenticationException $exception)
+    {
+        if (null !== $this->logger) {
+            $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage()));
+        }
 
-                            break;
-                        }
+        try {
+            $event->setResponse($this->startAuthentication($event->getRequest(), $exception));
+        } catch (\Exception $e) {
+            $event->setException($e);
+        }
+    }
 
-                       if (null !== $this->errorPage) {
-                            $subRequest = $this->httpUtils->createRequest($request, $this->errorPage);
-                            $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception);
+    private function handleAccessDeniedException(GetResponseForExceptionEvent $event, AccessDeniedException $exception)
+    {
+        $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
 
-                            $response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);
+        $token = $this->context->getToken();
+        if (!$this->authenticationTrustResolver->isFullFledged($token)) {
+            if (null !== $this->logger) {
+                $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine()));
+            }
 
-                            break;
-                       }
+            try {
+                $insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception);
+                $insufficientAuthenticationException->setToken($token);
 
-                       return;
+                $event->setResponse($this->startAuthentication($event->getRequest(), $insufficientAuthenticationException));
+            } catch (\Exception $e) {
+                $event->setException($e);
+            }
 
-                    } catch (\Exception $e) {
-                        if (null !== $this->logger) {
-                            $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage()));
-                        }
+            return;
+        }
 
-                        $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e));
+        if (null !== $this->logger) {
+            $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine()));
+        }
 
-                        return;
-                    }
-                }
-            }
+        try {
+            if (null !== $this->accessDeniedHandler) {
+                $response = $this->accessDeniedHandler->handle($event->getRequest(), $exception);
 
-            if ($exception instanceof LogoutException) {
-                if (null !== $this->logger) {
-                    $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
+                if ($response instanceof Response) {
+                    $event->setResponse($response);
                 }
+            } elseif (null !== $this->errorPage) {
+                $subRequest = $this->httpUtils->createRequest($event->getRequest(), $this->errorPage);
+                $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception);
 
-                return;
+                $event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true));
             }
-
-            if (null === $exception->getPrevious()) {
-                return;
+        } catch (\Exception $e) {
+            if (null !== $this->logger) {
+                $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage()));
             }
 
-            $exception = $exception->getPrevious();
+            $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e));
         }
+    }
 
-        $event->setResponse($response);
+    private function handleLogoutException(GetResponseForExceptionEvent $event, LogoutException $exception)
+    {
+        if (null !== $this->logger) {
+            $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
+        }
     }
 
     /**