Improve handling of BasicAuth errors.

2015-05-22 18:29:09 +01:00
parent fd18b0ae07
commit 6803f8e4a8
1 changed files with 18 additions and 9 deletions
--- a/app/Http/Middleware/ApiAuthenticate.php
+++ b/app/Http/Middleware/ApiAuthenticate.php
@@ -53,20 +53,29 @@ class ApiAuthenticate

                $this->auth->onceUsingId($user->id);
            } catch (ModelNotFoundException $e) {
-                return response()->json([
-                    'message'     => 'The API token you provided was not correct.',
-                    'status_code' => 401,
-                ], 401);
+                return $this->handleError();
            }
        } elseif ($user = $request->getUser()) {
-            $this->auth->onceBasic();
+            if ($this->auth->onceBasic() !== null) {
+                return $this->handleError();
+            }
        } else {
-            return response()->json([
-                'message'     => 'You are not authorized to view this content.',
-                'status_code' => 401,
-            ], 401);
+            return $this->handleError();
        }

        return $next($request);
    }
+
+    /**
+     * Common method for returning an unauthorized error.
+     *
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
+    protected function handleError()
+    {
+        return response()->json([
+            'message'     => 'You are not authorized to view this content.',
+            'status_code' => 401,
+        ], 401);
+    }
 }