Respond with the correct responses on error

This commit is contained in:
Graham Campbell
2015-06-17 14:06:18 +01:00
parent 0acc419bab
commit 8c4653c18c
16 changed files with 10 additions and 342 deletions
+6 -20
View File
@@ -15,6 +15,7 @@ use CachetHQ\Cachet\Models\User;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
class ApiAuthenticate
{
@@ -48,34 +49,19 @@ class ApiAuthenticate
if ($this->auth->guest()) {
if ($apiToken = $request->header('X-Cachet-Token')) {
try {
$user = User::findByApiToken($apiToken);
$this->auth->onceUsingId($user->id);
$this->auth->onceUsingId(User::findByApiToken($apiToken)->id);
} catch (ModelNotFoundException $e) {
return $this->handleError();
throw new UnauthorizedHttpException();
}
} elseif ($user = $request->getUser()) {
} elseif ($request->getUser()) {
if ($this->auth->onceBasic() !== null) {
return $this->handleError();
throw new AccessDeniedHttpException();
}
} else {
return $this->handleError();
throw new AccessDeniedHttpException();
}
}
return $next($request);
}
/**
* Common method for returning an unauthorized error.
*
* @return \Symfony\Component\HttpFoundation\Response
*/
protected function handleError()
{
return response()->json([
'message' => 'You are not authorized to view this content.',
'status_code' => 401,
], 401);
}
}