From c16e2ab0ecdd9b041c37d4c210759c334ea69dea Mon Sep 17 00:00:00 2001 From: Joel Butcher <> Date: Tue, 29 Aug 2023 14:44:55 +0100 Subject: [PATCH] Use custom unauthorized exception instead of config value --- config/horizon.php | 15 --------- src/Exceptions/UnauthorizedException.php | 10 ++++++ src/Http/Middleware/Authenticate.php | 19 ++---------- tests/Feature/AuthTest.php | 39 ++---------------------- 4 files changed, 15 insertions(+), 68 deletions(-) create mode 100644 src/Exceptions/UnauthorizedException.php diff --git a/config/horizon.php b/config/horizon.php index 51089f6f..5101f6f0 100644 --- a/config/horizon.php +++ b/config/horizon.php @@ -59,21 +59,6 @@ Str::slug(env('APP_NAME', 'laravel'), '_').'_horizon:' ), - /* - |-------------------------------------------------------------------------- - | Horizon Unauthorized Status Code - |-------------------------------------------------------------------------- - | - | This status code will be used when an unauthorized request has been made. - | For example, you may wish to return a 404 status code to hide that the - | application uses Horizon. - | - | Accepted Status Codes: 403, 404 - | - */ - - 'unauthorized_status' => 403, - /* |-------------------------------------------------------------------------- | Horizon Route Middleware diff --git a/src/Exceptions/UnauthorizedException.php b/src/Exceptions/UnauthorizedException.php new file mode 100644 index 00000000..67bc624e --- /dev/null +++ b/src/Exceptions/UnauthorizedException.php @@ -0,0 +1,10 @@ +statusCode()); + throw new UnauthorizedException(); } return $next($request); } - - /** - * Determine the status code returned for unauthorized requests. - * - * @return int - */ - private function statusCode() - { - $code = config('horizon.unauthorized_status'); - - if (! in_array($code, [403, 404])) { - return 403; - } - - return $code; - } } diff --git a/tests/Feature/AuthTest.php b/tests/Feature/AuthTest.php index 5a0cf34a..f1ee0e5c 100644 --- a/tests/Feature/AuthTest.php +++ b/tests/Feature/AuthTest.php @@ -2,6 +2,7 @@ namespace Laravel\Horizon\Tests\Feature; +use Laravel\Horizon\Exceptions\UnauthorizedException; use Laravel\Horizon\Horizon; use Laravel\Horizon\Http\Middleware\Authenticate; use Laravel\Horizon\Tests\IntegrationTest; @@ -42,9 +43,9 @@ function ($value) { $this->assertSame('response', $response); } - public function test_authentication_middleware_responds_with_403_on_failure() + public function test_authentication_middleware_throws_on_failure() { - $this->expectException(HttpException::class); + $this->expectException(UnauthorizedException::class); Horizon::auth(function () { return false; @@ -60,38 +61,4 @@ function ($value) { } ); } - - public function test_authentication_middleware_responds_with_custom_status_code(): void - { - $this->expectException(NotFoundHttpException::class); - - $this->app['config']->set('horizon.unauthorized_status', 404); - - $middleware = new Authenticate; - - $middleware->handle( - new class { - }, - function ($value) { - return 'response'; - } - ); - } - - public function test_authentication_middleware_defaults_unsupported_status_codes_to_403(): void - { - $this->expectException(HttpException::class); - - $this->app['config']->set('horizon.unauthorized_status', 201); - - $middleware = new Authenticate; - - $middleware->handle( - new class { - }, - function ($value) { - return 'response'; - } - ); - } }