handle access denied exception correctly and don't duplicate redirect to login...

Closes #6375

Merge request studip/studip!4836


(cherry picked from commit 431fda0deda433186c5ea5740e2a2b120d2c1a14)

2fb81ba6 handle access denied exception correctly and don't duplicate redirect to login...

Co-authored-by: Jan-Hendrik Willms <tleilax+studip@gmail.com>

1 files changed, 7 insertions, 15 deletions

diff --git a/lib/middleware/HandleAccessDeniedMiddleware.php b/lib/middleware/HandleAccessDeniedMiddleware.php
index 567eca8..829b516 100644
--- a/lib/middleware/HandleAccessDeniedMiddleware.php
+++ b/lib/middleware/HandleAccessDeniedMiddleware.php
@@ -2,33 +2,25 @@
 namespace Studip\Middleware;
 
 use AccessDeniedException;
+use LoginException;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\MiddlewareInterface;
 use Psr\Http\Server\RequestHandlerInterface;
-use Psr\Http\Message\ResponseFactoryInterface;
-use Request;
-use URLHelper;
+use User;
 
 final class HandleAccessDeniedMiddleware implements MiddlewareInterface
 {
-    public function __construct(
-        private readonly ResponseFactoryInterface $responseFactory
-    ) {
-    }
-
-    /**
-     * @SuppressWarnings(StaticAccess)
-     * @SuppressWarnings(SuperGlobals)
-     */
     public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
     {
         try {
             return $handler->handle($request);
         } catch (AccessDeniedException $ade) {
-            $_SESSION['redirect_after_login'] ??= Request::url();
-            return $this->responseFactory->createResponse(302)
-                ->withHeader('Location', URLHelper::getURL('dispatch.php/login'));
+            if (!User::findCurrent()) {
+                throw new LoginException();
+            }
+
+            throw $ade;
         }
     }
 }