[2.x] Fix user provider in sanctum guard
#225
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These tests prove that the `sanctum` guard is not properly configured:
The `Laravel\Sanctum\Guard` callable accepts the specified provider in the constructor from the configuration, and validates if the provider model matches the authenticated model. This part is working correctly.
In the service provider, the actual guard `Illuminate\Auth\RequestGuard` is constructed with the default application provider which is `null`, instead of the specified provider in the configuration.
So, calling `Auth::guard('sanctum')->user()` or `Auth::guard('sanctum')->validate()` will succeed because it's using the user provider configured in the service provider.
But `Auth::guard('sanctum')->getProvider()` returns `null`.
This provides the specified user provider to the `sanctum` guard. Without that, the `Illuminate\Auth\RequestGuard` is constructed without a user provider by default, which is inconsistent with the `Laravel\Sanctum\Guard` callable which accepts the specified user provider.
driesvints
changed the title
sanctum guardsanctum guard
|
@taylorotwell thanks for merging this. IMHO the multiple provider feature (#149) is a bit flaky. Right now the Also only the I think in this should be refactored. Would you accept a PR in 2.x or should I wait for 3.x? |
|
I dunno. I don't really put a lot of thought into using things outside of Eloquent 🤷 If something needs to be refactored feel free to submit a PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR provides the specified user provider to the
sanctumguard.Without that, the
Illuminate\Auth\RequestGuardis constructed without a user provider by default, which is inconsistent with theLaravel\Sanctum\Guardcallable which accepts the specified user provider.I've added tests to prove that the
sanctumguard is not properly configured:The
Laravel\Sanctum\Guardcallable accepts the specified provider in the constructor from the configuration, and validates if the provider model matches the authenticated model. This part is working correctly.In the service provider, the actual guard
Illuminate\Auth\RequestGuardis constructed with the default application provider which isnull, instead of the specified provider in the configuration.So, calling
Auth::guard('sanctum')->user()orAuth::guard('sanctum')->validate()will succeed because it's using the user provider configured in the service provider.But
Auth::guard('sanctum')->getProvider()will returnnull. With this fix it will return the correct user provider.