diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/Http/Exceptions/HttpAuthExpired.php | 24 | ||||
-rw-r--r-- | src/Middleware/VerifyCsrfToken.php | 13 |
2 files changed, 26 insertions, 11 deletions
diff --git a/src/Http/Exceptions/HttpAuthExpired.php b/src/Http/Exceptions/HttpAuthExpired.php new file mode 100644 index 00000000..83ca240f --- /dev/null +++ b/src/Http/Exceptions/HttpAuthExpired.php @@ -0,0 +1,24 @@ +<?php + +namespace Engelsystem\Http\Exceptions; + +use Throwable; + +class HttpAuthExpired extends HttpException +{ + /** + * @param string $message + * @param array $headers + * @param int $code + * @param Throwable|null $previous + */ + public function __construct( + string $message = 'Authentication Expired', + array $headers = [], + int $code = 0, + Throwable $previous = null + ) { + // The 419 code is used as "Page Expired" to differentiate from a 401 (not authorized) + parent::__construct(419, $message, $headers, $code, $previous); + } +} diff --git a/src/Middleware/VerifyCsrfToken.php b/src/Middleware/VerifyCsrfToken.php index cc0c1fbc..0623fa72 100644 --- a/src/Middleware/VerifyCsrfToken.php +++ b/src/Middleware/VerifyCsrfToken.php @@ -2,6 +2,7 @@ namespace Engelsystem\Middleware; +use Engelsystem\Http\Exceptions\HttpAuthExpired; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\MiddlewareInterface; @@ -37,7 +38,7 @@ class VerifyCsrfToken implements MiddlewareInterface return $handler->handle($request); } - return $this->notAuthorizedResponse(); + throw new HttpAuthExpired('Authentication Token Mismatch'); } /** @@ -77,14 +78,4 @@ class VerifyCsrfToken implements MiddlewareInterface && is_string($sessionToken) && hash_equals($sessionToken, $token); } - - /** - * @return ResponseInterface - * @codeCoverageIgnore - */ - protected function notAuthorizedResponse(): ResponseInterface - { - // The 419 code is used as "Page Expired" to differentiate from a 401 (not authorized) - return response()->withStatus(419, 'Authentication Token Mismatch'); - } } |