Created
December 10, 2017 06:00
-
-
Save simonhamp/ecccd585f159768abc5b01d5a0521824 to your computer and use it in GitHub Desktop.
Laravel Testing: Ensure your controllers enforce authorization
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Using Laravel's built-in Authorization (Gates/Policies) is a simple and excellent way to secure your application. One of the tricks when it's deployed is that, without the presence of an authenticated user, your rules will all fail (as you'd expect) and Laravel adds a
403 Forbidden
header to the response.If you use a common base controller that handles all of your authorization rules, when overriding any of the methods it's all too easy to forget to add the authorization call back in. This test should help you spot those cases where you miss it.