search

vaizard / glued-skeleton-modular

Web application skeleton that uses the Slim4 Framework, PHP-DI, Nyholm PSR7 and Twig.
MIT License
1 stars 4 forks source link

Authorization with expired token should return different message than authorizing with no token #201

Open zelitomas opened 3 years ago

zelitomas commented 3 years ago 
$ echo $TOKEN
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpc3MiOiJsb2NhbGhvc3QiLCJpYXQiOjE2MTMwNjkxMDAsImV4cCI6MTYxMzA3MDkwMCwianRpIjoiNjAyNTdiMmMxOGJlMyIsInN1YiI6ImFkbWluQGEuY3oiLCJnX3VpZCI6MSwiZ19haWQiOjF9.pxTpsYAyygP_bsxvP_70u6SY-IiV4OrUL8BJdBPo1xe8XkmPQBrLTUCXJRsquDzchRX_11vUb0IHj7nQ8FPNpg

$ curl -k -H "Authorization: Bearer ${TOKEN}" -F 'actual_dir=fin' -F 'file[]=@./file1.txt' ${HOST}/api/stor/v1/upload
{
    "api": "core/auth/jwt",
    "version": "1",
    "response_ts": 1613090730,
    "response_id": "6025cfaac9495",
    "status": "Forbidden.",
    "message": "You must be signed in to do this, please provide a valid token.",
    "code": 403
}
killua-eu commented 3 years ago

TODO: On expired tokens, change code to 401, return relevant message.

killua-eu commented 3 years ago

Per https://github.com/vaizard/glued-skeleton/commit/318a5afe8822408e821a35df78e825d3b2f5652f#diff-bcc1e50439cf4f7a7e858a7ce8c473ee898c85d4a7549386ed47993bc9886d89R78 the behavior can now be modified. Still keeping to 403 error code, on expiry appending (expired) to the message. Suggestions on how to make this comfy as fuck?