Fixed exception being always instantiated

Steveb-p · Steveb-p · commit 065bbf3868c1 · 2023-03-21T15:04:38.000+01:00
Exception was always created regardless if an error was actually there. What's more, it was created in one place, so it was impossible to determine which of the two code paths was taken.
diff --git a/src/lib/Server/Controller/SessionController.php b/src/lib/Server/Controller/SessionController.php
@@ -217,13 +217,8 @@ private function checkCsrfToken(Request $request)
             return;
         }
 
-        $exception = new UnauthorizedException(
-            'Missing or invalid CSRF token',
-            $request->getMethod() . ' ' . $request->getPathInfo()
-        );
-
         if (!$request->headers->has('X-CSRF-Token')) {
-            throw $exception;
+            throw $this->createInvalidCsrfTokenException($request);
         }
 
         $csrfToken = new CsrfToken(
@@ -232,7 +227,7 @@ private function checkCsrfToken(Request $request)
         );
 
         if (!$this->csrfTokenManager->isTokenValid($csrfToken)) {
-            throw $exception;
+            throw $this->createInvalidCsrfTokenException($request);
         }
     }
 
@@ -263,6 +258,14 @@ private function getAuthenticator(): ?AuthenticatorInterface
 
         return $this->authenticator;
     }
+
+    private function createInvalidCsrfTokenException(Request $request): UnauthorizedException
+    {
+        return new UnauthorizedException(
+            'Missing or invalid CSRF token',
+            $request->getMethod() . ' ' . $request->getPathInfo()
+        );
+    }
 }
 
 class_alias(SessionController::class, 'EzSystems\EzPlatformRest\Server\Controller\SessionController');

Original file line number	Diff line number	Diff line change
`@@ -217,13 +217,8 @@ private function checkCsrfToken(Request $request)`
`217`	`217`	`return;`
`218`	`218`	`}`
`219`	`219`
`220`		`- $exception = new UnauthorizedException(`
`221`		`- 'Missing or invalid CSRF token',`
`222`		`- $request->getMethod() . ' ' . $request->getPathInfo()`
`223`		`- );`
`224`		`-`
`225`	`220`	`if (!$request->headers->has('X-CSRF-Token')) {`
`226`		`- throw $exception;`
	`221`	`+ throw $this->createInvalidCsrfTokenException($request);`
`227`	`222`	`}`
`228`	`223`
`229`	`224`	`$csrfToken = new CsrfToken(`
`@@ -232,7 +227,7 @@ private function checkCsrfToken(Request $request)`
`232`	`227`	`);`
`233`	`228`
`234`	`229`	`if (!$this->csrfTokenManager->isTokenValid($csrfToken)) {`
`235`		`- throw $exception;`
	`230`	`+ throw $this->createInvalidCsrfTokenException($request);`
`236`	`231`	`}`
`237`	`232`	`}`
`238`	`233`
`@@ -263,6 +258,14 @@ private function getAuthenticator(): ?AuthenticatorInterface`
`263`	`258`
`264`	`259`	`return $this->authenticator;`
`265`	`260`	`}`
	`261`	`+`
	`262`	`+ private function createInvalidCsrfTokenException(Request $request): UnauthorizedException`
	`263`	`+ {`
	`264`	`+ return new UnauthorizedException(`
	`265`	`+ 'Missing or invalid CSRF token',`
	`266`	`+ $request->getMethod() . ' ' . $request->getPathInfo()`
	`267`	`+ );`
	`268`	`+ }`
`266`	`269`	`}`
`267`	`270`
`268`	`271`	`class_alias(SessionController::class, 'EzSystems\EzPlatformRest\Server\Controller\SessionController');`