[5.x] Throws Laravel\Horizon\Exceptions\ForbiddenException on unaut…

…horized access (#1308) * Allow overriding the status code for unauthorized requests via config * Update tests * Use custom unauthorized exception instead of config value * Remove unused imports * Use custom exception * Use original error code and rename exception * wip Signed-off-by: Mior Muhammad Zaki <[email protected]> * wip Signed-off-by: Mior Muhammad Zaki <[email protected]> * formatting --------- Signed-off-by: Mior Muhammad Zaki <[email protected]> Co-authored-by: Joel Butcher <> Co-authored-by: Mior Muhammad Zaki <[email protected]> Co-authored-by: Taylor Otwell <[email protected]>
laravel · Aug 30, 2023 · 2fc2ba7 · 2fc2ba7
1 parent 0c3d961
commit 2fc2ba7
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 4 deletions.
diff --git a/src/Exceptions/ForbiddenException.php b/src/Exceptions/ForbiddenException.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace Laravel\Horizon\Exceptions;
+
+use Symfony\Component\HttpKernel\Exception\HttpException;
+
+class ForbiddenException extends HttpException
+{
+    /**
+     * Create a new exception instance.
+     *
+     * @return static
+     */
+    public static function make()
+    {
+        return new static(403);
+    }
+}
diff --git a/src/Http/Middleware/Authenticate.php b/src/Http/Middleware/Authenticate.php
@@ -2,6 +2,7 @@
 
 namespace Laravel\Horizon\Http\Middleware;
 
+use Laravel\Horizon\Exceptions\ForbiddenException;
 use Laravel\Horizon\Horizon;
 
 class Authenticate
@@ -15,6 +16,10 @@ class Authenticate
      */
     public function handle($request, $next)
     {
-        return Horizon::check($request) ? $next($request) : abort(403);
+        if (! Horizon::check($request)) {
+            throw ForbiddenException::make();
+        }
+
+        return $next($request);
     }
 }
diff --git a/tests/Feature/AuthTest.php b/tests/Feature/AuthTest.php
@@ -2,10 +2,10 @@
 
 namespace Laravel\Horizon\Tests\Feature;
 
+use Laravel\Horizon\Exceptions\ForbiddenException;
 use Laravel\Horizon\Horizon;
 use Laravel\Horizon\Http\Middleware\Authenticate;
 use Laravel\Horizon\Tests\IntegrationTest;
-use Symfony\Component\HttpKernel\Exception\HttpException;
 
 class AuthTest extends IntegrationTest
 {
@@ -41,9 +41,9 @@ function ($value) {
         $this->assertSame('response', $response);
     }
 
-    public function test_authentication_middleware_responds_with_403_on_failure()
+    public function test_authentication_middleware_throws_on_failure()
     {
-        $this->expectException(HttpException::class);
+        $this->expectException(ForbiddenException::class);
 
         Horizon::auth(function () {
             return false;