diff options
author | Igor Scheller <igor.scheller@igorshp.de> | 2018-11-27 13:34:55 +0100 |
---|---|---|
committer | msquare <msquare@notrademark.de> | 2018-12-02 12:53:31 +0100 |
commit | 55beca95cd8d6ecfe610daea304c8374a10485af (patch) | |
tree | e84ca6064c3d3b6315e9c026b0a808f8e594d16a /src | |
parent | 9788c5095a67a45fe3545ae0fc747b8e629ea4fd (diff) |
Refactoring: Throw HttpAuthExpired on csrf token mismatch
Diffstat (limited to 'src')
-rw-r--r-- | src/Http/Exceptions/HttpAuthExpired.php | 24 | ||||
-rw-r--r-- | src/Middleware/VerifyCsrfToken.php | 13 |
2 files changed, 26 insertions, 11 deletions
diff --git a/src/Http/Exceptions/HttpAuthExpired.php b/src/Http/Exceptions/HttpAuthExpired.php new file mode 100644 index 00000000..83ca240f --- /dev/null +++ b/src/Http/Exceptions/HttpAuthExpired.php @@ -0,0 +1,24 @@ +<?php + +namespace Engelsystem\Http\Exceptions; + +use Throwable; + +class HttpAuthExpired extends HttpException +{ + /** + * @param string $message + * @param array $headers + * @param int $code + * @param Throwable|null $previous + */ + public function __construct( + string $message = 'Authentication Expired', + array $headers = [], + int $code = 0, + Throwable $previous = null + ) { + // The 419 code is used as "Page Expired" to differentiate from a 401 (not authorized) + parent::__construct(419, $message, $headers, $code, $previous); + } +} diff --git a/src/Middleware/VerifyCsrfToken.php b/src/Middleware/VerifyCsrfToken.php index cc0c1fbc..0623fa72 100644 --- a/src/Middleware/VerifyCsrfToken.php +++ b/src/Middleware/VerifyCsrfToken.php @@ -2,6 +2,7 @@ namespace Engelsystem\Middleware; +use Engelsystem\Http\Exceptions\HttpAuthExpired; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\MiddlewareInterface; @@ -37,7 +38,7 @@ class VerifyCsrfToken implements MiddlewareInterface return $handler->handle($request); } - return $this->notAuthorizedResponse(); + throw new HttpAuthExpired('Authentication Token Mismatch'); } /** @@ -77,14 +78,4 @@ class VerifyCsrfToken implements MiddlewareInterface && is_string($sessionToken) && hash_equals($sessionToken, $token); } - - /** - * @return ResponseInterface - * @codeCoverageIgnore - */ - protected function notAuthorizedResponse(): ResponseInterface - { - // The 419 code is used as "Page Expired" to differentiate from a 401 (not authorized) - return response()->withStatus(419, 'Authentication Token Mismatch'); - } } |