From 4c059d14529cd7843a6af33c1c5c2d63ac573854 Mon Sep 17 00:00:00 2001
From: Evgeny Kuchuk <spideragent@sa-sec.org>
Date: Tue, 5 May 2020 23:45:15 +0300
Subject: [PATCH] fix

---
 src/Exceptions/InvalidClaimException.php | 2 +-
 src/Exceptions/TokenInvalidException.php | 2 +-
 src/JWTAuth.php                          | 2 +-
 src/Middleware/GetUserFromToken.php      | 2 +-
 src/Validators/PayloadValidator.php      | 4 ++--
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Exceptions/InvalidClaimException.php b/src/Exceptions/InvalidClaimException.php
index b164672..4c27e24 100644
--- a/src/Exceptions/InvalidClaimException.php
+++ b/src/Exceptions/InvalidClaimException.php
@@ -16,5 +16,5 @@ class InvalidClaimException extends JWTException
     /**
      * @var int
      */
-    protected $statusCode = 400;
+    protected $statusCode = 401;
 }
diff --git a/src/Exceptions/TokenInvalidException.php b/src/Exceptions/TokenInvalidException.php
index 6740d59..415da65 100644
--- a/src/Exceptions/TokenInvalidException.php
+++ b/src/Exceptions/TokenInvalidException.php
@@ -16,5 +16,5 @@ class TokenInvalidException extends JWTException
     /**
      * @var int
      */
-    protected $statusCode = 400;
+    protected $statusCode = 401;
 }
diff --git a/src/JWTAuth.php b/src/JWTAuth.php
index 9e8b627..c1d89f9 100644
--- a/src/JWTAuth.php
+++ b/src/JWTAuth.php
@@ -201,7 +201,7 @@ class JWTAuth
     {
         if (! $token = $this->parseAuthHeader($header, $method)) {
             if (! $token = $this->request->query($query, false)) {
-                throw new JWTException('The token could not be parsed from the request', 400);
+                throw new JWTException('The token could not be parsed from the request', 401);
             }
         }
 
diff --git a/src/Middleware/GetUserFromToken.php b/src/Middleware/GetUserFromToken.php
index af3b21c..a70fb5d 100644
--- a/src/Middleware/GetUserFromToken.php
+++ b/src/Middleware/GetUserFromToken.php
@@ -26,7 +26,7 @@ class GetUserFromToken extends BaseMiddleware
     public function handle($request, \Closure $next)
     {
         if (! $token = $this->auth->setRequest($request)->getToken()) {
-            return $this->respond('tymon.jwt.absent', 'token_not_provided', 400);
+            return $this->respond('tymon.jwt.absent', 'token_not_provided', 401);
         }
 
         try {
diff --git a/src/Validators/PayloadValidator.php b/src/Validators/PayloadValidator.php
index 80e1a86..cc11d23 100644
--- a/src/Validators/PayloadValidator.php
+++ b/src/Validators/PayloadValidator.php
@@ -72,11 +72,11 @@ class PayloadValidator extends AbstractValidator
     protected function validateTimestamps(array $payload)
     {
         if (isset($payload['nbf']) && Utils::timestamp($payload['nbf'])->isFuture()) {
-            throw new TokenInvalidException('Not Before (nbf) timestamp cannot be in the future', 400);
+            throw new TokenInvalidException('Not Before (nbf) timestamp cannot be in the future', 401);
         }
 
         if (isset($payload['iat']) && Utils::timestamp($payload['iat'])->isFuture()) {
-            throw new TokenInvalidException('Issued At (iat) timestamp cannot be in the future', 400);
+            throw new TokenInvalidException('Issued At (iat) timestamp cannot be in the future', 401);
         }
 
         if (Utils::timestamp($payload['exp'])->isPast()) {