summaryrefslogtreecommitdiff
path: root/src/Middleware
diff options
context:
space:
mode:
authorIgor Scheller <igor.scheller@igorshp.de>2018-11-27 13:34:55 +0100
committermsquare <msquare@notrademark.de>2018-12-02 12:53:31 +0100
commit55beca95cd8d6ecfe610daea304c8374a10485af (patch)
treee84ca6064c3d3b6315e9c026b0a808f8e594d16a /src/Middleware
parent9788c5095a67a45fe3545ae0fc747b8e629ea4fd (diff)
Refactoring: Throw HttpAuthExpired on csrf token mismatch
Diffstat (limited to 'src/Middleware')
-rw-r--r--src/Middleware/VerifyCsrfToken.php13
1 files changed, 2 insertions, 11 deletions
diff --git a/src/Middleware/VerifyCsrfToken.php b/src/Middleware/VerifyCsrfToken.php
index cc0c1fbc..0623fa72 100644
--- a/src/Middleware/VerifyCsrfToken.php
+++ b/src/Middleware/VerifyCsrfToken.php
@@ -2,6 +2,7 @@
namespace Engelsystem\Middleware;
+use Engelsystem\Http\Exceptions\HttpAuthExpired;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
@@ -37,7 +38,7 @@ class VerifyCsrfToken implements MiddlewareInterface
return $handler->handle($request);
}
- return $this->notAuthorizedResponse();
+ throw new HttpAuthExpired('Authentication Token Mismatch');
}
/**
@@ -77,14 +78,4 @@ class VerifyCsrfToken implements MiddlewareInterface
&& is_string($sessionToken)
&& hash_equals($sessionToken, $token);
}
-
- /**
- * @return ResponseInterface
- * @codeCoverageIgnore
- */
- protected function notAuthorizedResponse(): ResponseInterface
- {
- // The 419 code is used as "Page Expired" to differentiate from a 401 (not authorized)
- return response()->withStatus(419, 'Authentication Token Mismatch');
- }
}