Merge pull request #3783 from JosephSilber/authenticate

[5.3] Make the Authenticate middleware throw an AuthenticationException

Merge pull request #3783 from JosephSilber/authenticate
[5.3] Make the Authenticate middleware throw an AuthenticationException
3ddaf3f9 · Taylor Otwell · c332ad95 · d26314de · 3ddaf3f9 · 3ddaf3f9
Commit 3ddaf3f9 authored May 26, 2016 by Taylor Otwell
Show whitespace changes
Inline Side-by-side

Showing with 33 additions and 16 deletions

Handler.php app/Exceptions/Handler.php +18 -0

Authenticate.php app/Http/Middleware/Authenticate.php +15 -16

No files found.
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -3,6 +3,7 @@
 namespace App\Exceptions;

 use Exception;
+use Illuminate\Auth\AuthenticationException;
 use Illuminate\Validation\ValidationException;
 use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
@@ -17,12 +18,29 @@ class Handler extends ExceptionHandler
     * @var array
     */
    protected $dontReport = [
+        AuthenticationException::class,
        AuthorizationException::class,
        HttpException::class,
        ModelNotFoundException::class,
        ValidationException::class,
    ];

+    /**
+     * Convert an authentication exception into an unauthenticated response.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Illuminate\Auth\AuthenticationException  $e
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
+    protected function unauthenticated($request, AuthenticationException $e)
+    {
+        if ($request->ajax() || $request->wantsJson()) {
+            return response('Unauthorized.', 401);
+        } else {
+            return redirect()->guest('login');
+        }
+    }
+
    /**
     * Report or log an exception.
     *

--- a/app/Http/Middleware/Authenticate.php
+++ b/app/Http/Middleware/Authenticate.php
@@ -4,6 +4,7 @@ namespace App\Http\Middleware;

 use Closure;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Auth\AuthenticationException;

 class Authenticate
 {
@@ -14,40 +15,38 @@ class Authenticate
     * @param  \Closure  $next
     * @param  string  ...$guards
     * @return mixed
+     *
+     * @throws \Illuminate\Auth\AuthenticationException
     */
    public function handle($request, Closure $next, ...$guards)
    {
-        if ($this->check($guards)) {
-            return $next($request);
-        }
+        $this->authenticate($guards);

-        if ($request->ajax() || $request->wantsJson()) {
-            return response('Unauthorized.', 401);
-        } else {
-            return redirect()->guest('login');
-        }
+        return $next($request);
    }

    /**
     * Determine if the user is logged in to any of the given guards.
     *
     * @param  array  $guards
-     * @return bool
+     * @return void
+     *
+     * @throws \Illuminate\Auth\AuthenticationException
     */
-    protected function check(array $guards)
+    protected function authenticate(array $guards)
    {
-        if (empty($guards)) {
-            return Auth::check();
+        if (count($guards) <= 1) {
+            Auth::guard(array_first($guards))->authenticate();
+
+            return Auth::shouldUse($guard);
        }

        foreach ($guards as $guard) {
            if (Auth::guard($guard)->check()) {
-                Auth::shouldUse($guard);
-
-                return true;
+                return Auth::shouldUse($guard);
            }
        }

-        return false;
+        throw new AuthenticationException;
    }
 }