[9.x] Default 404 message on denyAsNotFound (#43901)

* default 404 message when denyAsNotFound

* fix test 404

* wording

* message parse on response class

* partial test fixing

* proposed message precedence change

* formatting

* code style

Co-authored-by: Tim MacDonald <[email protected]>

Author: guilledll

src/Illuminate/Foundation/Exceptions/Handler.php

@@ -378,7 +378,9 @@ protected function prepareException(Throwable $e)
         return match (true) {
             $e instanceof BackedEnumCaseNotFoundException => new NotFoundHttpException($e->getMessage(), $e),
             $e instanceof ModelNotFoundException => new NotFoundHttpException($e->getMessage(), $e),
-            $e instanceof AuthorizationException && $e->hasStatus() => new HttpException($e->status(), $e->getMessage(), $e),
+            $e instanceof AuthorizationException && $e->hasStatus() => new HttpException(
+                $e->status(), $e->response()?->message() ?: (Response::$statusTexts[$e->status()] ?? 'Whoops, looks like something went wrong.'), $e
+            ),
             $e instanceof AuthorizationException && ! $e->hasStatus() => new AccessDeniedHttpException($e->getMessage(), $e),
             $e instanceof TokenMismatchException => new HttpException(419, $e->getMessage(), $e),
             $e instanceof SuspiciousOperationException => new NotFoundHttpException('Bad hostname provided.', $e),

tests/Auth/AuthAccessResponseTest.php

@@ -43,6 +43,7 @@ public function testItSetsEmptyStatusOnExceptionWhenAuthorizing()
         } catch (AuthorizationException $e) {
             $this->assertNull($e->status());
             $this->assertFalse($e->hasStatus());
+            $this->assertSame('foo', $e->response()->message());
             $this->assertSame('foo', $e->getMessage());
             $this->assertSame(3, $e->getCode());
         }
@@ -56,6 +57,7 @@ public function testItSetsStatusOnExceptionWhenAuthorizing()
         } catch (AuthorizationException $e) {
             $this->assertSame(418, $e->status());
             $this->assertTrue($e->hasStatus());
+            $this->assertSame('foo', $e->response()->message());
             $this->assertSame('foo', $e->getMessage());
             $this->assertSame(3, $e->getCode());
         }
@@ -66,6 +68,7 @@ public function testItSetsStatusOnExceptionWhenAuthorizing()
         } catch (AuthorizationException $e) {
             $this->assertSame(404, $e->status());
             $this->assertTrue($e->hasStatus());
+            $this->assertSame('foo', $e->response()->message());
             $this->assertSame('foo', $e->getMessage());
             $this->assertSame(3, $e->getCode());
         }
@@ -76,6 +79,7 @@ public function testItSetsStatusOnExceptionWhenAuthorizing()
         } catch (AuthorizationException $e) {
             $this->assertSame(444, $e->status());
             $this->assertTrue($e->hasStatus());
+            $this->assertNull($e->response()->message());
             $this->assertSame('This action is unauthorized.', $e->getMessage());
             $this->assertSame(0, $e->getCode());
         }
@@ -86,6 +90,7 @@ public function testItSetsStatusOnExceptionWhenAuthorizing()
         } catch (AuthorizationException $e) {
             $this->assertSame(444, $e->status());
             $this->assertTrue($e->hasStatus());
+            $this->assertSame('foo', $e->response()->message());
             $this->assertSame('foo', $e->getMessage());
             $this->assertSame(3, $e->getCode());
         }
@@ -96,6 +101,7 @@ public function testItSetsStatusOnExceptionWhenAuthorizing()
         } catch (AuthorizationException $e) {
             $this->assertSame(404, $e->status());
             $this->assertTrue($e->hasStatus());
+            $this->assertNull($e->response()->message());
             $this->assertSame('This action is unauthorized.', $e->getMessage());
             $this->assertSame(0, $e->getCode());
         }
@@ -106,6 +112,7 @@ public function testItSetsStatusOnExceptionWhenAuthorizing()
         } catch (AuthorizationException $e) {
             $this->assertSame(404, $e->status());
             $this->assertTrue($e->hasStatus());
+            $this->assertSame('foo', $e->response()->message());
             $this->assertSame('foo', $e->getMessage());
             $this->assertSame(3, $e->getCode());
         }

tests/Integration/Foundation/ExceptionHandlerTest.php

@@ -2,6 +2,7 @@
 
 namespace Illuminate\Tests\Integration\Foundation;
 
+use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Auth\Access\Response;
 use Illuminate\Support\Facades\Route;
 use Orchestra\Testbench\TestCase;
@@ -41,4 +42,69 @@ public function testItRendersAuthorizationExceptionsWithCustomStatusCode()
                 'message' => 'expected message',
             ]);
     }
+
+    public function testItRendersAuthorizationExceptionsWithStatusCodeTextWhenNoMessageIsSet()
+    {
+        Route::get('test-route', fn () => Response::denyWithStatus(404)->authorize());
+
+        // HTTP request...
+        $this->get('test-route')
+            ->assertStatus(404)
+            ->assertSeeText('Not Found');
+
+        // JSON request...
+        $this->getJson('test-route')
+            ->assertStatus(404)
+            ->assertExactJson([
+                'message' => 'Not Found',
+            ]);
+
+        Route::get('test-route', fn () => Response::denyWithStatus(418)->authorize());
+
+        // HTTP request...
+        $this->get('test-route')
+            ->assertStatus(418)
+            ->assertSeeText("I'm a teapot", false);
+
+        // JSON request...
+        $this->getJson('test-route')
+            ->assertStatus(418)
+            ->assertExactJson([
+                'message' => "I'm a teapot",
+            ]);
+    }
+
+    public function testItRendersAuthorizationExceptionsWithStatusButWithoutResponse()
+    {
+        Route::get('test-route', fn () => throw (new AuthorizationException())->withStatus(418));
+
+        // HTTP request...
+        $this->get('test-route')
+            ->assertStatus(418)
+            ->assertSeeText("I'm a teapot", false);
+
+        // JSON request...
+        $this->getJson('test-route')
+            ->assertStatus(418)
+            ->assertExactJson([
+                'message' => "I'm a teapot",
+            ]);
+    }
+
+    public function testItHasFallbackErrorMessageForUnknownStatusCodes()
+    {
+        Route::get('test-route', fn () => throw (new AuthorizationException())->withStatus(399));
+
+        // HTTP request...
+        $this->get('test-route')
+            ->assertStatus(399)
+            ->assertSeeText('Whoops, looks like something went wrong.');
+
+        // JSON request...
+        $this->getJson('test-route')
+            ->assertStatus(399)
+            ->assertExactJson([
+                'message' => 'Whoops, looks like something went wrong.',
+            ]);
+    }
 }