Modify auth and secure methods with new exceptions

src/Controller/Component/SecurityComponent.php

@@ -16,6 +16,7 @@ namespace Cake\Controller\Component;
 
 use Cake\Controller\Component;
 use Cake\Controller\Controller;
+use Cake\Controller\Exception\AuthSecurityException;
 use Cake\Controller\Exception\SecurityException;
 use Cake\Event\Event;
 use Cake\Network\Exception\BadRequestException;
@@ -102,8 +103,17 @@ class SecurityComponent extends Component
         $controller = $event->subject();
         $this->session = $this->request->session();
         $this->_action = $this->request->params['action'];
-        $this->_secureRequired($controller);
-        $this->_authRequired($controller);
+        try {
+            $this->_secureRequired($controller);
+        } catch (SecurityException $se) {
+            $this->blackHole($controller, $se->getType(), $se);
+        }
+        try {
+            $this->_authRequired($controller);
+        } catch (AuthSecurityException $ase) {
+            $this->blackHole($controller, $ase->getType(), $ase);
+        }
+
 
         $hasData = !empty($this->request->data);
         $isNotRequestAction = (
@@ -121,8 +131,8 @@ class SecurityComponent extends Component
             if ($this->_config['validatePost']) {
                 try {
                     $this->_validatePost($controller);
-                } catch (SecurityException $ex) {
-                    return $this->blackHole($controller, 'auth', $ex);
+                } catch (SecurityException $se) {
+                    return $this->blackHole($controller, $se->getType(), $ex);
                 }
             }
         }
@@ -223,9 +233,9 @@ class SecurityComponent extends Component
 
             if (in_array($this->_action, $requireSecure) || $requireSecure === ['*']) {
                 if (!$this->request->is('ssl')) {
-                    if (!$this->blackHole($controller, 'secure')) {
-                        return null;
-                    }
+                    throw new SecurityException(
+                        'Request is not SSL and the action is required to be secure'
+                    );
                 }
             }
         }
@@ -249,27 +259,33 @@ class SecurityComponent extends Component
 
             if (in_array($this->request->params['action'], $requireAuth) || $requireAuth == ['*']) {
                 if (!isset($controller->request->data['_Token'])) {
-                    if (!$this->blackHole($controller, 'auth')) {
-                        return false;
-                    }
+                    throw new AuthSecurityException(sprintf('%s was not found in request data.', '_Token'));
                 }
 
                 if ($this->session->check('_Token')) {
                     $tData = $this->session->read('_Token');
 
                     if (!empty($tData['allowedControllers']) &&
-                        !in_array($this->request->params['controller'], $tData['allowedControllers']) ||
-                        !empty($tData['allowedActions']) &&
+                        !in_array($this->request->params['controller'], $tData['allowedControllers'])) {
+                        throw new AuthSecurityException(
+                            sprintf('Controller %s was not found in allowed controllers: %s.',
+                                $this->request->params['controller'],
+                                implode(', ', (array)$tData['allowedControllers'])
+                            )
+                        );
+                    }
+                    if (!empty($tData['allowedActions']) &&
                         !in_array($this->request->params['action'], $tData['allowedActions'])
                     ) {
-                        if (!$this->blackHole($controller, 'auth')) {
-                            return false;
-                        }
+                        throw new AuthSecurityException(
+                            sprintf('Controller %s was not found in allowed controllers: %s.',
+                                $this->request->params['action'],
+                                implode(', ', (array)$tData['allowedActions'])
+                            )
+                        );
                     }
                 } else {
-                    if (!$this->blackHole($controller, 'auth')) {
-                        return false;
-                    }
+                    throw new AuthSecurityException(sprintf('%s was not found in session.', '_Token'));
                 }
             }
         }
@@ -291,13 +307,13 @@ class SecurityComponent extends Component
 
         $message = '%s was not found in request data.';
         if (!isset($check['_Token'])) {
-            throw new SecurityException(sprintf($message, '_Token'));
+            throw new AuthSecurityException(sprintf($message, '_Token'));
         }
         if (!isset($check['_Token']['fields'])) {
-            throw new SecurityException(sprintf($message, '_Token.fields'));
+            throw new AuthSecurityException(sprintf($message, '_Token.fields'));
         }
         if (!isset($check['_Token']['unlocked'])) {
-            throw new SecurityException(sprintf($message, '_Token.unlocked'));
+            throw new AuthSecurityException(sprintf($message, '_Token.unlocked'));
         }
 
         $locked = '';
@@ -369,7 +385,7 @@ class SecurityComponent extends Component
 
         $check = Security::hash(implode('', $hashParts), 'sha1');
         if ($token !== $check) {
-            throw new SecurityException(sprintf(
+            throw new AuthSecurityException(sprintf(
                 'Security hash check was not valid for url: "%s", fields: "%s", secured fields: "%s", unlocked fields: "%s"',
                 $controller->request->here(),
                 implode(', ', (array)$fieldKeys),

src/Controller/Exception/SecurityException.php

@@ -19,4 +19,17 @@ use Cake\Network\Exception\BadRequestException;
  */
 class SecurityException extends BadRequestException
 {
+    /**
+     * Security Exception type
+     * @var string
+     */
+    protected $_type = 'secure';
+
+    /**
+     * Getter for type
+     * @return string
+     */
+    public function getType() {
+        return $this->_type;
+    }
 }