withStatus(401) in __invoke call

[doveraldo]

when token cannot be found or decoded or false is returned on callback the response code is forced to be 401 after calling the error function.

this gives the app no chance to redirect etc.
Be nice if withStatus(401) is called before the error function, giving it the option to override it

[tuupola]

The 3.x branch should not have this problem anymore.

[doveraldo]

Yeah I checked that out, but am stuck on older PHP version for now. Any chance a similar fix could be ported to the older 2.X version.

[tuupola]

Hmmh. Good point about PHP versions. I need to think a bit if changing this behavior is a BC break. I think it should be ok.

[doveraldo]

changes I propose....this works for me. I would do a pull request...but ...maybe tomorrow.

    /* If token cannot be found return with 401 Unauthorized. */
    if (false === $token = $this->fetchToken($request)) {
        return $this->error($request, $response->**withStatus(401)**, [
            "message" => $this->message
        ]);
    }

    /* If token cannot be decoded return with 401 Unauthorized. */
    if (false === $decoded = $this->decodeToken($token)) {
        return $this->error($request, $response->**withStatus(401)**, [
            "message" => $this->message,
            "token" => $token
        ]);
    }

    /* If callback returns false return with 401 Unauthorized. */
    if (is_callable($this->options["callback"])) {
        $params = ["decoded" => $decoded];
        if (false === $this->options["callback"]($request, $response, $params)) {
            return $this->error($request, $response->**withStatus(401)**, [
                "message" => $this->message ? $this->message : "Callback returned false"
            ]);
        }
    }

[doveraldo]

PR made #111

[tuupola]

Merged e6de664. Released as 2.4.0.