fix: should return null if received an invalid encrypted cookie token.

src/Http/Parser/Cookies.php

@@ -13,6 +13,7 @@
 
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Crypt;
+use Illuminate\Contracts\Encryption\DecryptException;
 use Tymon\JWTAuth\Contracts\Http\Parser as ParserContract;
 
 class Cookies implements ParserContract
@@ -41,7 +42,11 @@ public function __construct($decrypt = true)
     public function parse(Request $request)
     {
         if ($this->decrypt && $request->hasCookie($this->key)) {
-            return Crypt::decrypt($request->cookie($this->key));
+            try {
+                return Crypt::decrypt($request->cookie($this->key));
+            } catch (DecryptException $ex) {
+                return null;
+            }
         }
 
         return $request->cookie($this->key);

tests/Http/ParserTest.php

@@ -14,6 +14,7 @@
 use Illuminate\Http\Request;
 use Illuminate\Routing\Route;
 use Illuminate\Support\Facades\Crypt;
+use Illuminate\Contracts\Encryption\DecryptException;
 use Mockery;
 use Tymon\JWTAuth\Contracts\Http\Parser as ParserContract;
 use Tymon\JWTAuth\Http\Parser\AuthHeaders;
@@ -314,6 +315,28 @@ public function it_should_return_the_token_from_a_crypted_cookie()
         $this->assertTrue($parser->hasToken());
     }
 
+    /** @test */
+    public function it_should_has_no_token_from_a_invalid_encrypted_cookie()
+    {
+        $request = Request::create('foo', 'POST', [], ['token' => 'foobar']);
+
+        $parser = new Parser($request);
+        $parser->setChain([
+            new AuthHeaders,
+            new QueryString,
+            new InputSource,
+            new RouteParams,
+            new Cookies(true),
+        ]);
+
+        Crypt::shouldReceive('decrypt')
+            ->with('foobar')
+            ->andThrow(new DecryptException());
+
+        $this->assertSame($parser->parseToken(), null);
+        $this->assertTrue(!$parser->hasToken());
+    }
+
     /** @test */
     public function it_should_return_the_token_from_route()
     {