From 55beca95cd8d6ecfe610daea304c8374a10485af Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Tue, 27 Nov 2018 13:34:55 +0100
Subject: Refactoring: Throw HttpAuthExpired on csrf token mismatch

---
 src/Middleware/VerifyCsrfToken.php | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

(limited to 'src/Middleware/VerifyCsrfToken.php')

diff --git a/src/Middleware/VerifyCsrfToken.php b/src/Middleware/VerifyCsrfToken.php
index cc0c1fbc..0623fa72 100644
--- a/src/Middleware/VerifyCsrfToken.php
+++ b/src/Middleware/VerifyCsrfToken.php
@@ -2,6 +2,7 @@
 
 namespace Engelsystem\Middleware;
 
+use Engelsystem\Http\Exceptions\HttpAuthExpired;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\MiddlewareInterface;
@@ -37,7 +38,7 @@ class VerifyCsrfToken implements MiddlewareInterface
             return $handler->handle($request);
         }
 
-        return $this->notAuthorizedResponse();
+        throw new HttpAuthExpired('Authentication Token Mismatch');
     }
 
     /**
@@ -77,14 +78,4 @@ class VerifyCsrfToken implements MiddlewareInterface
             && is_string($sessionToken)
             && hash_equals($sessionToken, $token);
     }
-
-    /**
-     * @return ResponseInterface
-     * @codeCoverageIgnore
-     */
-    protected function notAuthorizedResponse(): ResponseInterface
-    {
-        // The 419 code is used as "Page Expired" to differentiate from a 401 (not authorized)
-        return response()->withStatus(419, 'Authentication Token Mismatch');
-    }
 }
-- 
cgit v1.2.3-54-g00ecf