Merge pull request #32 from robertpustulka/fix-handler

markstory · web-flow · commit ce5ad65fc87f · 2018-02-01T21:11:01.000-05:00
Fix unauthorized handler with authorization check.
diff --git a/src/Middleware/AuthorizationMiddleware.php b/src/Middleware/AuthorizationMiddleware.php
@@ -111,13 +111,13 @@ public function __invoke(ServerRequestInterface $request, ResponseInterface $res
 
         try {
             $response = $next($request, $response);
+            if ($this->getConfig('requireAuthorizationCheck') && !$service->authorizationChecked()) {
+                throw new AuthorizationRequiredException(['url' => $request->getRequestTarget()]);
+            }
         } catch (Exception $exception) {
             $handler = $this->getHandler();
             $response = $handler->handle($exception, $request, $response, (array)$this->getConfig('unauthorizedHandler'));
         }
-        if ($this->getConfig('requireAuthorizationCheck') && !$service->authorizationChecked()) {
-            throw new AuthorizationRequiredException(['url' => $request->getRequestTarget()]);
-        }
 
         return $response;
     }
diff --git a/tests/TestCase/Middleware/AuthorizationMiddlewareTest.php b/tests/TestCase/Middleware/AuthorizationMiddlewareTest.php
@@ -63,16 +63,16 @@ public function testInvokeAuthorizationRequiredError()
 
         $request = (new ServerRequest())->withAttribute('identity', ['id' => 1]);
         $response = new Response();
-        $next = function ($request) {
+        $next = function ($request, $response) {
             // Don't call any auth methods.
-            return $request;
+            return $response;
         };
 
         $middleware = new AuthorizationMiddleware($service, ['requireAuthorizationCheck' => true]);
         $result = $middleware($request, $response, $next);
 
-        $this->assertInstanceOf(RequestInterface::class, $result);
-        $this->assertSame($service, $result->getAttribute('authorization'));
+        $this->assertInstanceOf(ResponseInterface::class, $result);
+        $this->assertSame($service, $request->getAttribute('authorization'));
     }
 
     public function testInvokeApp()
@@ -343,4 +343,22 @@ public function testUnauthorizedHandlerSuppress()
         $result = $middleware($request, $response, $next);
         $this->assertSame($response, $result);
     }
+
+    public function testUnauthorizedHandlerRequireAuthz()
+    {
+        $service = $this->createMock(AuthorizationServiceInterface::class);
+        $request = new ServerRequest();
+        $response = new Response();
+        $next = function () {
+            throw new Exception();
+        };
+
+        $middleware = new AuthorizationMiddleware($service, [
+            'requireAuthorizationCheck' => true,
+            'unauthorizedHandler' => 'Suppress',
+        ]);
+
+        $result = $middleware($request, $response, $next);
+        $this->assertSame($response, $result);
+    }
 }
