refactor: change exceptions to more specific

2026-05-28 18:23:44 +03:00
parent b9e980db94
commit 48e917eece
16 changed files with 104 additions and 119 deletions
--- a/src/infrastructure/security/csrf.py
+++ b/src/infrastructure/security/csrf.py
@@ -3,7 +3,7 @@ import secrets
 from typing import Any, Optional, Mapping
 from itsdangerous import URLSafeTimedSerializer, SignatureExpired, BadSignature
 from src.application.contracts import ICsrfService
-from src.application.domain.exceptions import ApplicationException
+from src.application.domain.exceptions import ForbiddenException
 from src.infrastructure.config.settings import settings


@@ -42,21 +42,12 @@ class CsrfService(ICsrfService):
        try:
            data = self._serializer.loads(token, max_age=self.TTL_SECONDS)
        except SignatureExpired:
-            raise ApplicationException(
-                status_code=403,
-                message='CSRF token expired',
-            )
+            raise ForbiddenException(message='CSRF token expired')
        except BadSignature:
-            raise ApplicationException(
-                status_code=403,
-                message='CSRF token invalid',
-            )
+            raise ForbiddenException(message='CSRF token invalid')

        if expected_subject is not None and data.get('sub') != expected_subject:
-            raise ApplicationException(
-                status_code=403,
-                message='CSRF token subject mismatch',
-            )
+            raise ForbiddenException(message='CSRF token subject mismatch')

        return data

@@ -67,15 +58,9 @@ class CsrfService(ICsrfService):

    def verify_pair(self, cookie_token: Optional[str], header_token: Optional[str], expected_subject: Optional[str] = None) -> None:
        if not cookie_token or not header_token:
-            raise ApplicationException(
-                status_code=403,
-                message='CSRF token missing',
-            )
+            raise ForbiddenException(message='CSRF token missing')

        if not secrets.compare_digest(cookie_token, header_token):
-            raise ApplicationException(
-                status_code=403,
-                message='CSRF token mismatch',
-            )
+            raise ForbiddenException(message='CSRF token mismatch')

        self.verify(cookie_token, expected_subject=expected_subject)