From 532cecfcad43f929dcc97bba8ece02c16a22cbe6 Mon Sep 17 00:00:00 2001
From: Dave M <info@mcnd.ca>
Date: Wed, 12 Oct 2022 18:19:41 +0000
Subject: [PATCH] - Secured the unauthorized route if nothing was provided

---
 src/SecurityHandler.php | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/SecurityHandler.php b/src/SecurityHandler.php
index c084a61..5b73792 100644
--- a/src/SecurityHandler.php
+++ b/src/SecurityHandler.php
@@ -13,7 +13,7 @@ class SecurityHandler {
 
     protected ResponseInterface $redirectResponse;
 
-    protected \Closure $unauthorizeResponse;
+    protected ? \Closure $unauthorizeResponse;
 
     protected ? Taxus $taxus;
 
@@ -36,13 +36,18 @@ class SecurityHandler {
     public function taxus(string $className, string $methodName, object $user = null) : ? ResponseInterface
     {
         if ($taxus = $this->getClassAnnotations(Annotation\Taxus::class, $className, $methodName)) {
-            foreach($taxus as $item) {
-                if ( !isset($item->privilege) || $this->taxus->granted($item->privilege, $user, $item) ) {
-                    return null;
+            if ($this->unauthorizeResponse) {
+                foreach ($taxus as $item) {
+                    if (!isset($item->privilege) || $this->taxus->granted($item->privilege, $user, $item)) {
+                        return null;
+                    }
                 }
-            }
 
-            return call_user_func_array($this->unauthorizeResponse, [ $user, $taxus, $className, $methodName ] );
+                return call_user_func_array($this->unauthorizeResponse, [ $user, $taxus, $className, $methodName ]);
+            }
+            else {
+                throw new \ErrorException("Unauthorized response given.");
+            }
         }
 
         return null;