diff --git a/commafeed-server/src/main/java/com/commafeed/ExceptionMappers.java b/commafeed-server/src/main/java/com/commafeed/ExceptionMappers.java index 68618094..4519743c 100644 --- a/commafeed-server/src/main/java/com/commafeed/ExceptionMappers.java +++ b/commafeed-server/src/main/java/com/commafeed/ExceptionMappers.java @@ -4,30 +4,46 @@ import org.jboss.resteasy.reactive.RestResponse; import org.jboss.resteasy.reactive.RestResponse.Status; import org.jboss.resteasy.reactive.server.ServerExceptionMapper; +import io.quarkus.runtime.annotations.RegisterForReflection; import io.quarkus.security.AuthenticationFailedException; +import io.quarkus.security.UnauthorizedException; import jakarta.annotation.Priority; import jakarta.validation.ValidationException; import jakarta.ws.rs.ext.Provider; +import lombok.RequiredArgsConstructor; +@RequiredArgsConstructor @Provider @Priority(1) public class ExceptionMappers { - // display a message when the user fails to authenticate + private final CommaFeedConfiguration config; + + @ServerExceptionMapper(UnauthorizedException.class) + public RestResponse unauthorized(UnauthorizedException e) { + return RestResponse.status(RestResponse.Status.UNAUTHORIZED, + new UnauthorizedResponse(e.getMessage(), config.users().allowRegistrations())); + } + @ServerExceptionMapper(AuthenticationFailedException.class) - public RestResponse authenticationFailed(AuthenticationFailedException e) { - return RestResponse.status(RestResponse.Status.UNAUTHORIZED, new AuthenticationExceptionInfo(e.getMessage())); + public RestResponse authenticationFailed(AuthenticationFailedException e) { + return RestResponse.status(RestResponse.Status.UNAUTHORIZED, new AuthenticationFailed(e.getMessage())); } - // display a message for validation errors @ServerExceptionMapper(ValidationException.class) - public RestResponse validationException(ValidationException e) { - return RestResponse.status(Status.BAD_REQUEST, new ValidationExceptionInfo(e.getMessage())); + public RestResponse validationFailed(ValidationException e) { + return RestResponse.status(Status.BAD_REQUEST, new ValidationFailed(e.getMessage())); } - public record AuthenticationExceptionInfo(String message) { + @RegisterForReflection + public record UnauthorizedResponse(String message, boolean allowRegistrations) { } - public record ValidationExceptionInfo(String message) { + @RegisterForReflection + public record AuthenticationFailed(String message) { + } + + @RegisterForReflection + public record ValidationFailed(String message) { } } diff --git a/commafeed-server/src/test/java/com/commafeed/integration/SecurityIT.java b/commafeed-server/src/test/java/com/commafeed/integration/SecurityIT.java index f2b1e124..171672e5 100644 --- a/commafeed-server/src/test/java/com/commafeed/integration/SecurityIT.java +++ b/commafeed-server/src/test/java/com/commafeed/integration/SecurityIT.java @@ -8,6 +8,7 @@ import org.apache.hc.core5.http.HttpStatus; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; +import com.commafeed.ExceptionMappers.UnauthorizedResponse; import com.commafeed.frontend.model.Entries; import com.commafeed.frontend.model.UserModel; import com.commafeed.frontend.model.request.MarkRequest; @@ -24,7 +25,13 @@ class SecurityIT extends BaseIT { @Test void notLoggedIn() { - RestAssured.given().get("rest/user/profile").then().statusCode(HttpStatus.SC_UNAUTHORIZED); + UnauthorizedResponse info = RestAssured.given() + .get("rest/user/profile") + .then() + .statusCode(HttpStatus.SC_UNAUTHORIZED) + .extract() + .as(UnauthorizedResponse.class); + Assertions.assertTrue(info.allowRegistrations()); } @Test