Skip to content

Commit 7534e87

Browse files
NeoIsRecursiveNeoIsRecursive
committed
Fix catch JsonDecode exception aswell
1 parent f689745 commit 7534e87

File tree

2 files changed

+15
-1
lines changed

2 files changed

+15
-1
lines changed

packages/http/src/Session/VerifyCsrfMiddleware.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
use Tempest\Http\Session\Session;
1818
use Tempest\Router\HttpMiddleware;
1919
use Tempest\Router\HttpMiddlewareCallable;
20+
use Tempest\Support\Json\Exception\JsonCouldNotBeDecoded;
2021
use Tempest\Support\Str;
2122

2223
#[Priority(Priority::FRAMEWORK)]
@@ -77,7 +78,7 @@ private function ensureTokenMatches(Request $request): void
7778
$tokenFromRequest = $this->encrypter->decrypt(
7879
urldecode($request->headers->get(self::CSRF_HEADER_KEY)),
7980
);
80-
} catch (EncryptionException) {
81+
} catch (EncryptionException|JsonCouldNotBeDecoded) {
8182
throw new CsrfTokenDidNotMatch();
8283
}
8384
}

tests/Integration/Http/CsrfTest.php

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,19 @@ public function test_matches_from_header_when_encrypted(): void
101101
->assertOk();
102102
}
103103

104+
public function test_throws_csrf_exception_when_header_is_non_serialized_hash(): void
105+
{
106+
$this->expectException(CsrfTokenDidNotMatch::class);
107+
$this->container->get(AppConfig::class)->environment = Environment::PRODUCTION;
108+
$session = $this->container->get(Session::class);
109+
110+
// simulate a non-serialized hash
111+
$sessionCookieValue = 'i-am-not-correct';
112+
113+
$this->http
114+
->post('/test', headers: [VerifyCsrfMiddleware::CSRF_HEADER_KEY => $sessionCookieValue]);
115+
}
116+
104117
public function test_csrf_component(): void
105118
{
106119
$session = $this->container->get(Session::class);

0 commit comments

Comments
 (0)