Make this a non breaking-change

src/Exceptions/ExpiredSignatureException.php

@@ -3,17 +3,12 @@
 
 namespace Grosv\LaravelPasswordlessLogin\Exceptions;
 
-use Exception;
+use Symfony\Component\HttpKernel\Exception\HttpException as Exception;
 
 class ExpiredSignatureException extends Exception
 {
- /**
- * Report the exception.
- *
- * @return void
- */
- public function report()
+ public function __construct()
  {
- abort(401, config('laravel-passwordless-login.invalid_signature_message'));
+ parent::__construct(401, 'Invalid signature.');
  }
 }

src/Exceptions/InvalidSignatureException.php

@@ -0,0 +1,14 @@
+<?php
+
+
+namespace Grosv\LaravelPasswordlessLogin\Exceptions;
+
+use Symfony\Component\HttpKernel\Exception\HttpException as Exception;
+
+class InvalidSignatureException extends Exception
+{
+ public function __construct()
+ {
+ parent::__construct(401, 'Invalid signature.');
+ }
+}

src/LaravelPasswordlessLoginController.php

@@ -2,10 +2,10 @@
 
 namespace Grosv\LaravelPasswordlessLogin;
 
+use Grosv\LaravelPasswordlessLogin\Exceptions\InvalidSignatureException;
 use Grosv\LaravelPasswordlessLogin\Exceptions\ExpiredSignatureException;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller;
-use Illuminate\Routing\Exceptions\InvalidSignatureException;
 use Illuminate\Routing\UrlGenerator;
 use Illuminate\Support\Facades\Auth;
 
@@ -42,15 +42,12 @@ public function __construct(PasswordlessLoginService $passwordlessLoginService,
  */
  public function login(Request $request)
  {
- if (!$this->urlGenerator->hasCorrectSignature($request)) {
+ if (!$this->urlGenerator->hasCorrectSignature($request) ||
+ ($this->urlGenerator->signatureHasNotExpired($request) && !$this->passwordlessLoginService->requestIsNew())) {
  throw new InvalidSignatureException();
- }
- if (!$this->urlGenerator->signatureHasNotExpired($request)) {
+ } else if (!$this->urlGenerator->signatureHasNotExpired($request)) {
  throw new ExpiredSignatureException();
  }
- if (!$this->passwordlessLoginService->requestIsNew()) {
- abort(401, config('laravel-passwordless-login.invalid_signature_message'));
- }
 
  $this->passwordlessLoginService->cacheRequest($request);
 

tests/SignedUrlTest.php

@@ -4,11 +4,11 @@
 
 use Carbon\Carbon;
 use Faker\Factory as Faker;
+use Grosv\LaravelPasswordlessLogin\Exceptions\InvalidSignatureException;
 use Grosv\LaravelPasswordlessLogin\Exceptions\ExpiredSignatureException;
 use Grosv\LaravelPasswordlessLogin\LoginUrl;
 use Grosv\LaravelPasswordlessLogin\Models\Models\User as ModelUser;
 use Grosv\LaravelPasswordlessLogin\Models\User;
-use Illuminate\Routing\Exceptions\InvalidSignatureException;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Str;
 
@@ -87,7 +87,13 @@ public function an_unsigned_request_will_not_log_user_in()
  /** @test */
  public function an_invalid_signature_request_will_not_log_user_in()
  {
+ // Check 401 is returned
  $this->assertGuest();
+ $response = $this->get($this->url.'tampered');
+ $response->assertStatus(401);
+ $this->assertGuest();
+
+ // Check correct exception is thrown
  $this->withoutExceptionHandling();
  $this->expectException(InvalidSignatureException::class);
  $this->get($this->url.'tampered');