Appropriate HTTP status code #9696

Ecodev · Jul 24, 2023 · 5311a4c · 5311a4c
1 parent 30ab2e5
commit 5311a4c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/src/Middleware/SignedQueryMiddleware.php b/src/Middleware/SignedQueryMiddleware.php
@@ -50,7 +50,7 @@ private function verify(ServerRequestInterface $request): void
     {
         $autorization = $request->getHeader('authorization')[0] ?? '';
         if (!$autorization) {
-            throw new Exception('Missing `Authorization` HTTP header in signed query');
+            throw new Exception('Missing `Authorization` HTTP header in signed query', 403);
         }
 
         if (preg_match('~^v1\.(?<timestamp>\d{10})\.(?<hash>[0-9a-f]{64})$~', $autorization, $m)) {
@@ -60,7 +60,7 @@ private function verify(ServerRequestInterface $request): void
             $this->verifyTimestamp($timestamp);
             $this->verifyHash($request, $timestamp, $hash);
         } else {
-            throw new Exception('Invalid `Authorization` HTTP header in signed query');
+            throw new Exception('Invalid `Authorization` HTTP header in signed query', 403);
         }
     }
 
@@ -71,7 +71,7 @@ private function verifyTimestamp(string $timestamp): void
         $past = $now - $leeway;
         $future = $now + $leeway;
         if ($timestamp < $past || $timestamp > $future) {
-            throw new Exception('Signed query is expired');
+            throw new Exception('Signed query is expired', 403);
         }
     }
 
@@ -87,7 +87,7 @@ private function verifyHash(ServerRequestInterface $request, string $timestamp,
             }
         }
 
-        throw new Exception('Invalid signed query');
+        throw new Exception('Invalid signed query', 403);
     }
 
     private function getOperations(ServerRequestInterface $request): mixed
@@ -105,6 +105,6 @@ private function getOperations(ServerRequestInterface $request): mixed
             }
         }
 
-        throw new Exception('Could not find GraphQL operations in request');
+        throw new Exception('Could not find GraphQL operations in request', 403);
     }
 }
diff --git a/tests/Middleware/SignedQueryMiddlewareTest.php b/tests/Middleware/SignedQueryMiddlewareTest.php
@@ -43,6 +43,7 @@ public function testNonRequiredSignedQuery(array $keys, string $body, null|array
     public function testThrowIfNoKeys(): void
     {
         $this->expectExceptionMessage('Signed queries are required, but no keys are configured');
+        $this->expectExceptionCode(0);
         new SignedQueryMiddleware([]);
     }
 
@@ -64,6 +65,7 @@ private function process(array $keys, bool $required, string $body, null|array $
 
         if ($expectExceptionMessage) {
             $this->expectExceptionMessage($expectExceptionMessage);
+            $this->expectExceptionCode(403);
         }
 
         $middleware->process($request, $handler);