diff options
author | Igor Scheller <igor.scheller@igorshp.de> | 2018-11-27 13:34:55 +0100 |
---|---|---|
committer | msquare <msquare@notrademark.de> | 2018-12-02 12:53:31 +0100 |
commit | 55beca95cd8d6ecfe610daea304c8374a10485af (patch) | |
tree | e84ca6064c3d3b6315e9c026b0a808f8e594d16a /src/Middleware | |
parent | 9788c5095a67a45fe3545ae0fc747b8e629ea4fd (diff) |
Refactoring: Throw HttpAuthExpired on csrf token mismatch
Diffstat (limited to 'src/Middleware')
-rw-r--r-- | src/Middleware/VerifyCsrfToken.php | 13 |
1 files changed, 2 insertions, 11 deletions
diff --git a/src/Middleware/VerifyCsrfToken.php b/src/Middleware/VerifyCsrfToken.php index cc0c1fbc..0623fa72 100644 --- a/src/Middleware/VerifyCsrfToken.php +++ b/src/Middleware/VerifyCsrfToken.php @@ -2,6 +2,7 @@ namespace Engelsystem\Middleware; +use Engelsystem\Http\Exceptions\HttpAuthExpired; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\MiddlewareInterface; @@ -37,7 +38,7 @@ class VerifyCsrfToken implements MiddlewareInterface return $handler->handle($request); } - return $this->notAuthorizedResponse(); + throw new HttpAuthExpired('Authentication Token Mismatch'); } /** @@ -77,14 +78,4 @@ class VerifyCsrfToken implements MiddlewareInterface && is_string($sessionToken) && hash_equals($sessionToken, $token); } - - /** - * @return ResponseInterface - * @codeCoverageIgnore - */ - protected function notAuthorizedResponse(): ResponseInterface - { - // The 419 code is used as "Page Expired" to differentiate from a 401 (not authorized) - return response()->withStatus(419, 'Authentication Token Mismatch'); - } } |