From f9e477afaf85f28a1a37f1f5bbf2f326436b1759 Mon Sep 17 00:00:00 2001 From: Ely Deckers Date: Wed, 26 Mar 2014 11:47:23 +0100 Subject: [PATCH 1/2] * Invalid token returns 401 Unauthorized, instead of 403 Forbidden, as defined in section 3.1 Error Codes of https://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-23 --- src/LucaDegasperi/OAuth2Server/Filters/OAuthFilter.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/LucaDegasperi/OAuth2Server/Filters/OAuthFilter.php b/src/LucaDegasperi/OAuth2Server/Filters/OAuthFilter.php index fd40dfcf..dcee9df9 100644 --- a/src/LucaDegasperi/OAuth2Server/Filters/OAuthFilter.php +++ b/src/LucaDegasperi/OAuth2Server/Filters/OAuthFilter.php @@ -21,10 +21,10 @@ public function filter() ResourceServer::isValid(Config::get('lucadegasperi/oauth2-server-laravel::oauth2.http_headers_only')); } catch (\League\OAuth2\Server\Exception\InvalidAccessTokenException $e) { return Response::json(array( - 'status' => 403, - 'error' => 'forbidden', + 'status' => 401, + 'error' => 'unauthorized', 'error_message' => $e->getMessage(), - ), 403); + ), 401); } if (func_num_args() > 2) { From f030e754035668d661af6a65e8d78b10698f2784 Mon Sep 17 00:00:00 2001 From: Luca Degasperi Date: Wed, 26 Mar 2014 13:34:19 +0100 Subject: [PATCH 2/2] Updated tests to reflect changes in code --- tests/OAuthFilterTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/OAuthFilterTest.php b/tests/OAuthFilterTest.php index e8907d94..eb8c7958 100644 --- a/tests/OAuthFilterTest.php +++ b/tests/OAuthFilterTest.php @@ -26,7 +26,7 @@ public function test_invalid_filter_with_no_scope() $response = $this->getFilter()->filter('', ''); $this->assertTrue($response instanceof Illuminate\Http\JsonResponse); - $this->assertTrue($response->isForbidden()); + $this->assertEquals('401', $response->getStatusCode()); }