[6.x] Split hasValidSignature method #30208
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Maybe we should introduce an ExpiredSinatureException which extends the InvalidSignatureException? |
|
@netpok I was actually ready to put a PR together that was exactly like that, but felt that implementation may have been a little too heavy. This PR was a simpler compromise. https://github.com/laravel/framework/compare/6.x...dwightwatson:signature-expiry?expand=1 |
|
Could you do this PR? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This splits up the functionality of the
hasValidSignaturemethod into two separate checks - whether the signature matches the given path/URL, and whether the expires timestamp has since passed or not.The benefit of providing access to these separately is it allows apps to handle these cases differently. It would allow you to catch
InvalidSignatureExceptionand then provide a better user experience when a signature was actually correct, but has just since expired.My use case is that some emails we send include signed URLs that will automatically log our users in and then redirect them to the page the user intended to go to. In the case that the URL has expired I would still like redirect them to the intended page, but just skip the automatic login.