Use custom unauthorized exception instead of config value

laravel · Aug 29, 2023 · c16e2ab · c16e2ab
1 parent 3572cdc
commit c16e2ab
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 68 deletions.
diff --git a/config/horizon.php b/config/horizon.php
@@ -59,21 +59,6 @@
         Str::slug(env('APP_NAME', 'laravel'), '_').'_horizon:'
     ),
 
-    /*
-    |--------------------------------------------------------------------------
-    | Horizon Unauthorized Status Code
-    |--------------------------------------------------------------------------
-    |
-    | This status code will be used when an unauthorized request has been made.
-    | For example, you may wish to return a 404 status code to hide that the
-    | application uses Horizon.
-    |
-    | Accepted Status Codes: 403, 404
-    |
-    */
-
-    'unauthorized_status' => 403,
-
     /*
     |--------------------------------------------------------------------------
     | Horizon Route Middleware

diff --git a/src/Exceptions/UnauthorizedException.php b/src/Exceptions/UnauthorizedException.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace Laravel\Horizon\Exceptions;
+
+use RuntimeException;
+
+class UnauthorizedException extends RuntimeException
+{
+    //
+}
diff --git a/src/Http/Middleware/Authenticate.php b/src/Http/Middleware/Authenticate.php
@@ -2,6 +2,7 @@
 
 namespace Laravel\Horizon\Http\Middleware;
 
+use Laravel\Horizon\Exceptions\UnauthorizedException;
 use Laravel\Horizon\Horizon;
 
 class Authenticate
@@ -16,25 +17,9 @@ class Authenticate
     public function handle($request, $next)
     {
         if (! Horizon::check($request)) {
-            abort($this->statusCode());
+            throw new UnauthorizedException();
         }
 
         return $next($request);
     }
-
-    /**
-     * Determine the status code returned for unauthorized requests.
-     *
-     * @return int
-     */
-    private function statusCode()
-    {
-        $code = config('horizon.unauthorized_status');
-
-        if (! in_array($code, [403, 404])) {
-            return 403;
-        }
-
-        return $code;
-    }
 }
diff --git a/tests/Feature/AuthTest.php b/tests/Feature/AuthTest.php
@@ -2,6 +2,7 @@
 
 namespace Laravel\Horizon\Tests\Feature;
 
+use Laravel\Horizon\Exceptions\UnauthorizedException;
 use Laravel\Horizon\Horizon;
 use Laravel\Horizon\Http\Middleware\Authenticate;
 use Laravel\Horizon\Tests\IntegrationTest;
@@ -42,9 +43,9 @@ function ($value) {
         $this->assertSame('response', $response);
     }
 
-    public function test_authentication_middleware_responds_with_403_on_failure()
+    public function test_authentication_middleware_throws_on_failure()
     {
-        $this->expectException(HttpException::class);
+        $this->expectException(UnauthorizedException::class);
 
         Horizon::auth(function () {
             return false;
@@ -60,38 +61,4 @@ function ($value) {
             }
         );
     }
-
-    public function test_authentication_middleware_responds_with_custom_status_code(): void
-    {
-        $this->expectException(NotFoundHttpException::class);
-
-        $this->app['config']->set('horizon.unauthorized_status', 404);
-
-        $middleware = new Authenticate;
-
-        $middleware->handle(
-            new class {
-            },
-            function ($value) {
-                return 'response';
-            }
-        );
-    }
-
-    public function test_authentication_middleware_defaults_unsupported_status_codes_to_403(): void
-    {
-        $this->expectException(HttpException::class);
-
-        $this->app['config']->set('horizon.unauthorized_status', 201);
-
-        $middleware = new Authenticate;
-
-        $middleware->handle(
-            new class {
-            },
-            function ($value) {
-                return 'response';
-            }
-        );
-    }
 }