Fix handleInvalidData allowing possible return of the next request in…

… the middleware chain
nutgram · Sep 10, 2023 · 710545f · 710545f
1 parent 0adca00
commit 710545f
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/src/Middleware/ValidateWebAppData.php b/src/Middleware/ValidateWebAppData.php
@@ -13,7 +13,7 @@ public function __construct(protected Nutgram $bot)
     {
     }
 
-    public function handle(Request $request, Closure $next)
+    public function handle(Request $request, Closure $next): mixed
     {
         try {
             $initData = $request->input('initData', '');
@@ -22,11 +22,11 @@ public function handle(Request $request, Closure $next)
             $request->attributes->add(['webAppData' => $data]);
             return $next($request);
         } catch (InvalidDataException) {
-            $this->handleInvalidData($request, $next);
+            return $this->handleInvalidData($request, $next);
         }
     }
 
-    protected function handleInvalidData(Request $request, Closure $next): void
+    protected function handleInvalidData(Request $request, Closure $next): mixed
     {
         abort(403);
     }

diff --git a/tests/Feature/MiddlewareTest.php b/tests/Feature/MiddlewareTest.php
@@ -32,3 +32,17 @@
     $middleware->handle($this->request, function ($request) {
     });
 })->throws(HttpException::class);
+
+it('fails to validate web app data + custom action', function () {
+    $middleware = new class($this->bot) extends ValidateWebAppData {
+        protected function handleInvalidData(Request $request, Closure $next): mixed
+        {
+            $request->attributes->add(['webAppData' => null]);
+            return $next($request);
+        }
+    };
+
+    $middleware->handle($this->request, function ($request) {
+        expect($request->get('webAppData'))->toBeNull();
+    });
+});