Merge pull request #16 from ristekusdi/add-http-code-to-error-response

add http code to error responses
ristekusdi · Jul 31, 2023 · fe83c2c · fe83c2c
2 parents c1eda60 + 755f0ad
commit fe83c2c
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/src/Auth/AccessToken.php b/src/Auth/AccessToken.php
@@ -105,7 +105,7 @@ public function validateIdToken($claims)
     {
         $token = $this->parseIdToken();
         if (empty($token)) {
-            throw new Exception('ID Token is invalid.');
+            throw new Exception('ID Token is invalid.', 401);
         }
 
         $default = array(
@@ -119,26 +119,26 @@ public function validateIdToken($claims)
 
         // Validate expiration
         if (time() >= (int) $token['exp']) {
-            throw new Exception('ID Token already expired.');
+            throw new Exception('ID Token already expired.', 401);
         }
 
         // Validate issuer
         if (empty($claims['iss']) || $claims['iss'] !== $token['iss']) {
-            throw new Exception('Access Token has a wrong issuer: must contain issuer from OpenId.');
+            throw new Exception('Access Token has a wrong issuer: must contain issuer from OpenId.', 422);
         }
 
         // Validate audience
         $audience = (array) $token['aud'];
         if (empty($claims['aud']) || ! in_array($claims['aud'], $audience, true)) {
-            throw new Exception('Access Token has a wrong audience: must contain clientId.');
+            throw new Exception('Access Token has a wrong audience: must contain clientId.', 422);
         }
 
         if (count($audience) > 1 && empty($token['azp'])) {
-            throw new Exception('Access Token has a wrong audience: must contain azp claim.');
+            throw new Exception('Access Token has a wrong audience: must contain azp claim.', 422);
         }
 
         if (! empty($token['azp']) && $claims['aud'] !== $token['azp']) {
-            throw new Exception('Access Token has a wrong audience: has azp but is not the clientId.');
+            throw new Exception('Access Token has a wrong audience: has azp but is not the clientId.', 422);
         }
     }
 

diff --git a/src/Services/SSOService.php b/src/Services/SSOService.php
@@ -586,7 +586,7 @@ public function impersonateRequest($credentials = array(), $username)
             $response = (new \GuzzleHttp\Client())->request('POST', $url, ['headers' => $headers, 'form_params' => $form_params]);
 
             if ($response->getStatusCode() !== 200) {
-                throw new Exception('User not allowed to impersonate');
+                throw new Exception('User not allowed to impersonate', 403);
             }
 
             $response_body = $response->getBody()->getContents();

diff --git a/src/Support/OpenIDConfig.php b/src/Support/OpenIDConfig.php
@@ -69,7 +69,7 @@ protected function config()
         $response = (new \GuzzleHttp\Client())->request('GET', $url);
 
         if ($response->getStatusCode() !== 200) {
-            throw new Exception('[SSO Error] It was not possible to load OpenId configuration: ' . $response->throw());
+            throw new Exception('[SSO Error] It was not possible to load OpenId configuration: ' . $response->getStatusCode());
         }
 
         $configuration = json_decode($response->getBody()->getContents(), true);