From 639788bfebe87529b916d853482f9e5753e02af8 Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Fri, 17 Apr 2020 03:05:21 -0400 Subject: [PATCH 01/16] Initial support for multiple providers --- ...16_06_01_000004_create_oauth_clients_table.php | 1 + src/Bridge/Client.php | 5 ++++- src/Bridge/ClientRepository.php | 2 +- src/Bridge/UserRepository.php | 2 +- src/Client.php | 13 ++++++++++++- src/ClientRepository.php | 9 +++++---- src/Console/ClientCommand.php | 13 +++++++++++-- src/Console/InstallCommand.php | 2 +- src/Guards/TokenGuard.php | 15 +++++++++++++++ src/Http/Middleware/CheckCredentials.php | 2 +- 10 files changed, 52 insertions(+), 12 deletions(-) diff --git a/database/migrations/2016_06_01_000004_create_oauth_clients_table.php b/database/migrations/2016_06_01_000004_create_oauth_clients_table.php index 1dc541a31..f0884ee7b 100644 --- a/database/migrations/2016_06_01_000004_create_oauth_clients_table.php +++ b/database/migrations/2016_06_01_000004_create_oauth_clients_table.php @@ -18,6 +18,7 @@ public function up() $table->unsignedBigInteger('user_id')->nullable()->index(); $table->string('name'); $table->string('secret', 100)->nullable(); + $table->string('provider')->nullable(); $table->text('redirect'); $table->boolean('personal_access_client'); $table->boolean('password_client'); diff --git a/src/Bridge/Client.php b/src/Bridge/Client.php index 43eec2029..22298d3ab 100644 --- a/src/Bridge/Client.php +++ b/src/Bridge/Client.php @@ -16,6 +16,8 @@ class Client implements ClientEntityInterface */ protected $identifier; + public $provider; + /** * Create a new client instance. * @@ -25,13 +27,14 @@ class Client implements ClientEntityInterface * @param bool $isConfidential * @return void */ - public function __construct($identifier, $name, $redirectUri, $isConfidential = false) + public function __construct($identifier, $name, $redirectUri, $isConfidential = false, $provider = null) { $this->setIdentifier((string) $identifier); $this->name = $name; $this->isConfidential = $isConfidential; $this->redirectUri = explode(',', $redirectUri); + $this->provider = $provider; } /** diff --git a/src/Bridge/ClientRepository.php b/src/Bridge/ClientRepository.php index 9cd17762e..e9fb4b0d0 100644 --- a/src/Bridge/ClientRepository.php +++ b/src/Bridge/ClientRepository.php @@ -37,7 +37,7 @@ public function getClientEntity($clientIdentifier) } return new Client( - $clientIdentifier, $record->name, $record->redirect, $record->confidential() + $clientIdentifier, $record->name, $record->redirect, $record->confidential(), $record->provider ); } diff --git a/src/Bridge/UserRepository.php b/src/Bridge/UserRepository.php index 8b0f6237d..bd4706d53 100644 --- a/src/Bridge/UserRepository.php +++ b/src/Bridge/UserRepository.php @@ -32,7 +32,7 @@ public function __construct(HashManager $hasher) */ public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $clientEntity) { - $provider = config('auth.guards.api.provider'); + $provider = $clientEntity->provider ?: config('auth.guards.api.provider'); if (is_null($model = config('auth.providers.'.$provider.'.model'))) { throw new RuntimeException('Unable to determine authentication model from configuration.'); diff --git a/src/Client.php b/src/Client.php index 51b2b7013..7adca9993 100644 --- a/src/Client.php +++ b/src/Client.php @@ -3,6 +3,7 @@ namespace Laravel\Passport; use Illuminate\Database\Eloquent\Model; +use Illuminate\Support\Facades\Auth; class Client extends Model { @@ -49,7 +50,7 @@ class Client extends Model public function user() { return $this->belongsTo( - config('auth.providers.'.config('auth.guards.api.provider').'.model') + config('auth.providers.'.$this->provider ?: config('auth.guards.api.provider').'.model') ); } @@ -102,4 +103,14 @@ public function confidential() { return ! empty($this->secret); } + + /** + * Get the client's provider. + * + * @return mixed + */ + public function getProvider() + { + return $this->provider ? Auth::createUserProvider($this->provider) : null; + } } diff --git a/src/ClientRepository.php b/src/ClientRepository.php index a8b9431ef..398a71575 100644 --- a/src/ClientRepository.php +++ b/src/ClientRepository.php @@ -109,13 +109,14 @@ public function personalAccessClient() * @param bool $confidential * @return \Laravel\Passport\Client */ - public function create($userId, $name, $redirect, $personalAccess = false, $password = false, $confidential = true) + public function create($userId, $name, $redirect, $provider = null, $personalAccess = false, $password = false, $confidential = true) { $client = Passport::client()->forceFill([ 'user_id' => $userId, 'name' => $name, 'secret' => ($confidential || $personalAccess) ? Str::random(40) : null, 'redirect' => $redirect, + 'provider' => $provider, 'personal_access_client' => $personalAccess, 'password_client' => $password, 'revoked' => false, @@ -136,7 +137,7 @@ public function create($userId, $name, $redirect, $personalAccess = false, $pass */ public function createPersonalAccessClient($userId, $name, $redirect) { - return tap($this->create($userId, $name, $redirect, true), function ($client) { + return tap($this->create($userId, $name, $redirect, null, true), function ($client) { $accessClient = Passport::personalAccessClient(); $accessClient->client_id = $client->id; $accessClient->save(); @@ -151,9 +152,9 @@ public function createPersonalAccessClient($userId, $name, $redirect) * @param string $redirect * @return \Laravel\Passport\Client */ - public function createPasswordGrantClient($userId, $name, $redirect) + public function createPasswordGrantClient($userId, $name, $redirect, $provider = null) { - return $this->create($userId, $name, $redirect, false, true); + return $this->create($userId, $name, $redirect, $provider, false, true); } /** diff --git a/src/Console/ClientCommand.php b/src/Console/ClientCommand.php index 5ae9bd035..8771d1616 100644 --- a/src/Console/ClientCommand.php +++ b/src/Console/ClientCommand.php @@ -18,6 +18,7 @@ class ClientCommand extends Command {--password : Create a password grant client} {--client : Create a client credentials grant client} {--name= : The name of the client} + {--provider= : The name of the provider} {--redirect_uri= : The URI to redirect to after authorization } {--user_id= : The user ID the client should be assigned to } {--public : Create a public client (Auth code grant type only) }'; @@ -83,8 +84,16 @@ protected function createPasswordClient(ClientRepository $clients) config('app.name').' Password Grant Client' ); + $providers = array_keys(config('auth.providers')); + + $provider = $this->option('provider') ?: $this->choice( + 'What provider should be used?', + $providers, + $providers[0] + ); + $client = $clients->createPasswordGrantClient( - null, $name, 'http://localhost' + null, $name, 'http://localhost', $provider ); $this->info('Password grant client created successfully.'); @@ -136,7 +145,7 @@ protected function createAuthCodeClient(ClientRepository $clients) ); $client = $clients->create( - $userId, $name, $redirect, false, false, ! $this->option('public') + $userId, $name, $redirect, null, false, false, ! $this->option('public') ); $this->info('New client created successfully.'); diff --git a/src/Console/InstallCommand.php b/src/Console/InstallCommand.php index 89b80440d..9a40d2874 100644 --- a/src/Console/InstallCommand.php +++ b/src/Console/InstallCommand.php @@ -31,6 +31,6 @@ public function handle() { $this->call('passport:keys', ['--force' => $this->option('force'), '--length' => $this->option('length')]); $this->call('passport:client', ['--personal' => true, '--name' => config('app.name').' Personal Access Client']); - $this->call('passport:client', ['--password' => true, '--name' => config('app.name').' Password Grant Client']); + $this->call('passport:client', ['--password' => true, '--name' => config('app.name').' Password Grant Client', '--provider' => array_keys(config('auth.providers'))[0]]); } } diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php index 23244366a..4ebd237f4 100644 --- a/src/Guards/TokenGuard.php +++ b/src/Guards/TokenGuard.php @@ -82,6 +82,17 @@ public function __construct(ResourceServer $server, $this->encrypter = $encrypter; } + /** + * Determine if the requested provider matches the client's provider. + * + * @param \Illuminate\Http\Request $request + * @return bool + */ + protected function validateProvider(Request $request) + { + return $this->provider == $this->client($request)->getProvider(); + } + /** * Get the user for the incoming request. * @@ -90,6 +101,10 @@ public function __construct(ResourceServer $server, */ public function user(Request $request) { + if (!$this->validateProvider($request)) { + return; + } + if ($request->bearerToken()) { return $this->authenticateViaBearerToken($request); } elseif ($request->cookie(Passport::cookie())) { diff --git a/src/Http/Middleware/CheckCredentials.php b/src/Http/Middleware/CheckCredentials.php index 8c2323c0d..c2efdb8e5 100644 --- a/src/Http/Middleware/CheckCredentials.php +++ b/src/Http/Middleware/CheckCredentials.php @@ -101,7 +101,7 @@ protected function validate($psr, $scopes) abstract protected function validateCredentials($token); /** - * Validate token credentials. + * Validate token scopes. * * @param \Laravel\Passport\Token $token * @param array $scopes From 83dbcd3be1b491af623c7c289a74ec49ebd8e52e Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Fri, 17 Apr 2020 04:18:57 -0400 Subject: [PATCH 02/16] DocBlocks --- src/Bridge/Client.php | 15 ++++++++++----- src/ClientRepository.php | 20 +++++++++++--------- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/src/Bridge/Client.php b/src/Bridge/Client.php index 22298d3ab..9f2a05517 100644 --- a/src/Bridge/Client.php +++ b/src/Bridge/Client.php @@ -16,16 +16,21 @@ class Client implements ClientEntityInterface */ protected $identifier; + /** + * The client's provider. + * + * @var string + */ public $provider; /** * Create a new client instance. * - * @param string $identifier - * @param string $name - * @param string $redirectUri - * @param bool $isConfidential - * @return void + * @param string $identifier + * @param string $name + * @param string $redirectUri + * @param bool $isConfidential + * @param string|null $provider */ public function __construct($identifier, $name, $redirectUri, $isConfidential = false, $provider = null) { diff --git a/src/ClientRepository.php b/src/ClientRepository.php index 398a71575..8a825735b 100644 --- a/src/ClientRepository.php +++ b/src/ClientRepository.php @@ -101,12 +101,13 @@ public function personalAccessClient() /** * Store a new client. * - * @param int $userId - * @param string $name - * @param string $redirect - * @param bool $personalAccess - * @param bool $password - * @param bool $confidential + * @param int $userId + * @param string $name + * @param string $redirect + * @param string|null $provider + * @param bool $personalAccess + * @param bool $password + * @param bool $confidential * @return \Laravel\Passport\Client */ public function create($userId, $name, $redirect, $provider = null, $personalAccess = false, $password = false, $confidential = true) @@ -147,9 +148,10 @@ public function createPersonalAccessClient($userId, $name, $redirect) /** * Store a new password grant client. * - * @param int $userId - * @param string $name - * @param string $redirect + * @param int $userId + * @param string $name + * @param string $redirect + * @param string|null $provider * @return \Laravel\Passport\Client */ public function createPasswordGrantClient($userId, $name, $redirect, $provider = null) From edd3713991343d175647e6f4e2de026772c68ece Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Fri, 17 Apr 2020 04:19:27 -0400 Subject: [PATCH 03/16] Default provider to users if exists otherwise null --- src/Console/ClientCommand.php | 2 +- src/Console/InstallCommand.php | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Console/ClientCommand.php b/src/Console/ClientCommand.php index 8771d1616..5f46f9f0f 100644 --- a/src/Console/ClientCommand.php +++ b/src/Console/ClientCommand.php @@ -89,7 +89,7 @@ protected function createPasswordClient(ClientRepository $clients) $provider = $this->option('provider') ?: $this->choice( 'What provider should be used?', $providers, - $providers[0] + in_array('users', $providers) ? 'users' : null ); $client = $clients->createPasswordGrantClient( diff --git a/src/Console/InstallCommand.php b/src/Console/InstallCommand.php index 9a40d2874..dda3cd8f5 100644 --- a/src/Console/InstallCommand.php +++ b/src/Console/InstallCommand.php @@ -29,8 +29,9 @@ class InstallCommand extends Command */ public function handle() { + $provider = in_array('users', array_keys(config('auth.providers'))) ? 'users' : null; $this->call('passport:keys', ['--force' => $this->option('force'), '--length' => $this->option('length')]); $this->call('passport:client', ['--personal' => true, '--name' => config('app.name').' Personal Access Client']); - $this->call('passport:client', ['--password' => true, '--name' => config('app.name').' Password Grant Client', '--provider' => array_keys(config('auth.providers'))[0]]); + $this->call('passport:client', ['--password' => true, '--name' => config('app.name').' Password Grant Client', '--provider' => $provider]); } } From ff788805a012bb35f7b17b9e37e5f84ad66240a9 Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Fri, 17 Apr 2020 04:21:59 -0400 Subject: [PATCH 04/16] StyleCI suggestion Co-Authored-By: Dries Vints --- src/Guards/TokenGuard.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php index 4ebd237f4..89f4c3865 100644 --- a/src/Guards/TokenGuard.php +++ b/src/Guards/TokenGuard.php @@ -101,7 +101,7 @@ protected function validateProvider(Request $request) */ public function user(Request $request) { - if (!$this->validateProvider($request)) { + if (! $this->validateProvider($request)) { return; } From 687b12a76aac92df22f294f2133930e6732140f5 Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Fri, 17 Apr 2020 15:43:27 -0400 Subject: [PATCH 05/16] Check if client is set when validating --- src/Guards/TokenGuard.php | 2 +- tests/BridgeClientRepositoryTest.php | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php index 89f4c3865..0822a55a7 100644 --- a/src/Guards/TokenGuard.php +++ b/src/Guards/TokenGuard.php @@ -90,7 +90,7 @@ public function __construct(ResourceServer $server, */ protected function validateProvider(Request $request) { - return $this->provider == $this->client($request)->getProvider(); + return $this->client($request) && $this->client($request)->getProvider() == $this->provider; } /** diff --git a/tests/BridgeClientRepositoryTest.php b/tests/BridgeClientRepositoryTest.php index 94a014323..a2aa9ee2e 100644 --- a/tests/BridgeClientRepositoryTest.php +++ b/tests/BridgeClientRepositoryTest.php @@ -191,6 +191,8 @@ class BridgeClientRepositoryTestClientStub public $password_client = false; + public $provider = null; + public $grant_types; public function firstParty() From 339abf70d09c5501260db5259c7a265fd927b58d Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Sat, 18 Apr 2020 00:09:36 -0400 Subject: [PATCH 06/16] Fixed validation to fallback if provider is not defined --- src/Guards/TokenGuard.php | 9 ++++++++- tests/TokenGuardTest.php | 22 ++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php index 0822a55a7..e15e97a5a 100644 --- a/src/Guards/TokenGuard.php +++ b/src/Guards/TokenGuard.php @@ -90,7 +90,14 @@ public function __construct(ResourceServer $server, */ protected function validateProvider(Request $request) { - return $this->client($request) && $this->client($request)->getProvider() == $this->provider; + $client = $this->client($request); + + // If not client provider is defined, fallback to old behavior. + if ($client && empty($client->getProvider())) { + return true; + } + + return $client && $this->provider == $client->getProvider(); } /** diff --git a/tests/TokenGuardTest.php b/tests/TokenGuardTest.php index 3940c9a84..62431b6f8 100644 --- a/tests/TokenGuardTest.php +++ b/tests/TokenGuardTest.php @@ -47,6 +47,7 @@ public function test_user_can_be_pulled_via_bearer_token() $userProvider->shouldReceive('retrieveById')->with(1)->andReturn(new TokenGuardTestUser); $tokens->shouldReceive('find')->once()->with('token')->andReturn($token = m::mock()); $clients->shouldReceive('revoked')->with(1)->andReturn(false); + $clients->shouldReceive('findActive')->with(1)->andReturn(new TokenGuardTestClient); $user = $guard->user($request); @@ -90,6 +91,10 @@ public function test_null_is_returned_if_no_user_is_found() $clients = m::mock(ClientRepository::class); $encrypter = m::mock(Encrypter::class); + $clients->shouldReceive('findActive') + ->with(1) + ->andReturn(new TokenGuardTestClient); + $guard = new TokenGuard($resourceServer, $userProvider, $tokens, $clients, $encrypter); $request = Request::create('/'); @@ -97,6 +102,7 @@ public function test_null_is_returned_if_no_user_is_found() $resourceServer->shouldReceive('validateAuthenticatedRequest')->andReturn($psr = m::mock()); $psr->shouldReceive('getAttribute')->with('oauth_user_id')->andReturn(1); + $psr->shouldReceive('getAttribute')->with('oauth_client_id')->andReturn(1); $userProvider->shouldReceive('retrieveById')->with(1)->andReturn(null); $this->assertNull($guard->user($request)); @@ -110,6 +116,10 @@ public function test_users_may_be_retrieved_from_cookies_with_csrf_token_header( $clients = m::mock(ClientRepository::class); $encrypter = new Encrypter(str_repeat('a', 16)); + $clients->shouldReceive('findActive') + ->with(1) + ->andReturn(new TokenGuardTestClient); + $guard = new TokenGuard($resourceServer, $userProvider, $tokens, $clients, $encrypter); $request = Request::create('/'); @@ -138,6 +148,10 @@ public function test_users_may_be_retrieved_from_cookies_with_xsrf_token_header( $clients = m::mock(ClientRepository::class); $encrypter = new Encrypter(str_repeat('a', 16)); + $clients->shouldReceive('findActive') + ->with(1) + ->andReturn(new TokenGuardTestClient); + $guard = new TokenGuard($resourceServer, $userProvider, $tokens, $clients, $encrypter); $request = Request::create('/'); @@ -270,6 +284,10 @@ public function test_csrf_check_can_be_disabled() $clients = m::mock(ClientRepository::class); $encrypter = new Encrypter(str_repeat('a', 16)); + $clients->shouldReceive('findActive') + ->with(1) + ->andReturn(new TokenGuardTestClient); + $guard = new TokenGuard($resourceServer, $userProvider, $tokens, $clients, $encrypter); Passport::ignoreCsrfToken(); @@ -396,4 +414,8 @@ class TokenGuardTestUser class TokenGuardTestClient { + public function getProvider() + { + return null; + } } From 95eb3b354b0c571ffd46ee729c196c0abacc62c3 Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Sat, 18 Apr 2020 00:12:57 -0400 Subject: [PATCH 07/16] StyleCI suggestion --- tests/TokenGuardTest.php | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/TokenGuardTest.php b/tests/TokenGuardTest.php index 62431b6f8..a29f4a5a6 100644 --- a/tests/TokenGuardTest.php +++ b/tests/TokenGuardTest.php @@ -416,6 +416,5 @@ class TokenGuardTestClient { public function getProvider() { - return null; } } From e8b12f229b116c4b5332874c6f74ac32edf724c6 Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Mon, 20 Apr 2020 11:00:35 -0400 Subject: [PATCH 08/16] DocBlocks and formatting --- src/Bridge/Client.php | 11 ++++++----- src/Client.php | 6 ++++-- src/ClientRepository.php | 22 +++++++++++----------- src/Console/InstallCommand.php | 1 + src/Guards/TokenGuard.php | 6 +++--- 5 files changed, 25 insertions(+), 21 deletions(-) diff --git a/src/Bridge/Client.php b/src/Bridge/Client.php index 9f2a05517..70539ac80 100644 --- a/src/Bridge/Client.php +++ b/src/Bridge/Client.php @@ -26,11 +26,12 @@ class Client implements ClientEntityInterface /** * Create a new client instance. * - * @param string $identifier - * @param string $name - * @param string $redirectUri - * @param bool $isConfidential - * @param string|null $provider + * @param string $identifier + * @param string $name + * @param string $redirectUri + * @param bool $isConfidential + * @param string|null $provider + * @return void */ public function __construct($identifier, $name, $redirectUri, $isConfidential = false, $provider = null) { diff --git a/src/Client.php b/src/Client.php index 7adca9993..219297f40 100644 --- a/src/Client.php +++ b/src/Client.php @@ -49,8 +49,10 @@ class Client extends Model */ public function user() { + $provider = $this->provider ?: config('auth.guards.api.provider'); + return $this->belongsTo( - config('auth.providers.'.$this->provider ?: config('auth.guards.api.provider').'.model') + config("auth.providers.$provider.model") ); } @@ -107,7 +109,7 @@ public function confidential() /** * Get the client's provider. * - * @return mixed + * @return \Illuminate\Contracts\Auth\UserProvider|null */ public function getProvider() { diff --git a/src/ClientRepository.php b/src/ClientRepository.php index 8a825735b..119cb0812 100644 --- a/src/ClientRepository.php +++ b/src/ClientRepository.php @@ -101,13 +101,13 @@ public function personalAccessClient() /** * Store a new client. * - * @param int $userId - * @param string $name - * @param string $redirect - * @param string|null $provider - * @param bool $personalAccess - * @param bool $password - * @param bool $confidential + * @param int $userId + * @param string $name + * @param string $redirect + * @param string|null $provider + * @param bool $personalAccess + * @param bool $password + * @param bool $confidential * @return \Laravel\Passport\Client */ public function create($userId, $name, $redirect, $provider = null, $personalAccess = false, $password = false, $confidential = true) @@ -148,10 +148,10 @@ public function createPersonalAccessClient($userId, $name, $redirect) /** * Store a new password grant client. * - * @param int $userId - * @param string $name - * @param string $redirect - * @param string|null $provider + * @param int $userId + * @param string $name + * @param string $redirect + * @param string|null $provider * @return \Laravel\Passport\Client */ public function createPasswordGrantClient($userId, $name, $redirect, $provider = null) diff --git a/src/Console/InstallCommand.php b/src/Console/InstallCommand.php index dda3cd8f5..3498cb986 100644 --- a/src/Console/InstallCommand.php +++ b/src/Console/InstallCommand.php @@ -30,6 +30,7 @@ class InstallCommand extends Command public function handle() { $provider = in_array('users', array_keys(config('auth.providers'))) ? 'users' : null; + $this->call('passport:keys', ['--force' => $this->option('force'), '--length' => $this->option('length')]); $this->call('passport:client', ['--personal' => true, '--name' => config('app.name').' Personal Access Client']); $this->call('passport:client', ['--password' => true, '--name' => config('app.name').' Password Grant Client', '--provider' => $provider]); diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php index e15e97a5a..e4091e65d 100644 --- a/src/Guards/TokenGuard.php +++ b/src/Guards/TokenGuard.php @@ -88,11 +88,11 @@ public function __construct(ResourceServer $server, * @param \Illuminate\Http\Request $request * @return bool */ - protected function validateProvider(Request $request) + protected function hasValidProvider(Request $request) { $client = $this->client($request); - // If not client provider is defined, fallback to old behavior. + // If no client provider is defined, fallback to old behavior. if ($client && empty($client->getProvider())) { return true; } @@ -108,7 +108,7 @@ protected function validateProvider(Request $request) */ public function user(Request $request) { - if (! $this->validateProvider($request)) { + if (! $this->hasValidProvider($request)) { return; } From 06f6cbd855caa76c07e566c48bdc389a3d7b6424 Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Sun, 26 Apr 2020 23:39:22 -0400 Subject: [PATCH 09/16] Compare models directly on providers. --- src/Guards/TokenGuard.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php index e4091e65d..28e547952 100644 --- a/src/Guards/TokenGuard.php +++ b/src/Guards/TokenGuard.php @@ -97,7 +97,8 @@ protected function hasValidProvider(Request $request) return true; } - return $client && $this->provider == $client->getProvider(); + // Determine if the client's provider and the request's provider have matching models. + return $client && $client->getProvider()->getModel() === $this->provider->getModel(); } /** @@ -108,10 +109,6 @@ protected function hasValidProvider(Request $request) */ public function user(Request $request) { - if (! $this->hasValidProvider($request)) { - return; - } - if ($request->bearerToken()) { return $this->authenticateViaBearerToken($request); } elseif ($request->cookie(Passport::cookie())) { @@ -154,6 +151,13 @@ protected function authenticateViaBearerToken($request) return; } + $client = $this->client($request); + + if ($client && $model = class_exists(config('auth.providers'.$this->client($request)->provider.'.model'))) { + $this->provider->setModel($model); + } + + // If the access token is valid we will retrieve the user according to the user ID // associated with the token. We will use the provider implementation which may // be used to retrieve users from Eloquent. Next, we'll be ready to continue. From 834f9a5384163b2e98af1ec9de8e6b0d6f3e4eea Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Sun, 26 Apr 2020 23:43:33 -0400 Subject: [PATCH 10/16] Cleaned up returns, removed redundant code --- src/Guards/TokenGuard.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php index 28e547952..895bf1acb 100644 --- a/src/Guards/TokenGuard.php +++ b/src/Guards/TokenGuard.php @@ -98,7 +98,7 @@ protected function hasValidProvider(Request $request) } // Determine if the client's provider and the request's provider have matching models. - return $client && $client->getProvider()->getModel() === $this->provider->getModel(); + return $client->getProvider()->getModel() === $this->provider->getModel(); } /** @@ -151,13 +151,6 @@ protected function authenticateViaBearerToken($request) return; } - $client = $this->client($request); - - if ($client && $model = class_exists(config('auth.providers'.$this->client($request)->provider.'.model'))) { - $this->provider->setModel($model); - } - - // If the access token is valid we will retrieve the user according to the user ID // associated with the token. We will use the provider implementation which may // be used to retrieve users from Eloquent. Next, we'll be ready to continue. From 7904a36f4001a1b308200bf0c0f123213c8e348e Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Sun, 26 Apr 2020 23:47:54 -0400 Subject: [PATCH 11/16] Call the validation... --- src/Guards/TokenGuard.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php index 895bf1acb..cb2634da3 100644 --- a/src/Guards/TokenGuard.php +++ b/src/Guards/TokenGuard.php @@ -98,7 +98,7 @@ protected function hasValidProvider(Request $request) } // Determine if the client's provider and the request's provider have matching models. - return $client->getProvider()->getModel() === $this->provider->getModel(); + return $client && $client->getProvider()->getModel() === $this->provider->getModel(); } /** @@ -109,6 +109,10 @@ protected function hasValidProvider(Request $request) */ public function user(Request $request) { + if (! $this->hasValidProvider($request)) { + return; + } + if ($request->bearerToken()) { return $this->authenticateViaBearerToken($request); } elseif ($request->cookie(Passport::cookie())) { From 10d09fe63bc582115e247d32a8fed5ceaca25b12 Mon Sep 17 00:00:00 2001 From: Dries Vints Date: Mon, 27 Apr 2020 10:23:05 +0200 Subject: [PATCH 12/16] Decorate UserProvider with custom class --- src/Client.php | 10 ---- src/Guards/TokenGuard.php | 24 ++++----- src/PassportServiceProvider.php | 2 +- src/PassportUserProvider.php | 86 +++++++++++++++++++++++++++++++++ tests/TokenGuardTest.php | 3 -- 5 files changed, 99 insertions(+), 26 deletions(-) create mode 100644 src/PassportUserProvider.php diff --git a/src/Client.php b/src/Client.php index 219297f40..22643638b 100644 --- a/src/Client.php +++ b/src/Client.php @@ -105,14 +105,4 @@ public function confidential() { return ! empty($this->secret); } - - /** - * Get the client's provider. - * - * @return \Illuminate\Contracts\Auth\UserProvider|null - */ - public function getProvider() - { - return $this->provider ? Auth::createUserProvider($this->provider) : null; - } } diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php index cb2634da3..147b75b14 100644 --- a/src/Guards/TokenGuard.php +++ b/src/Guards/TokenGuard.php @@ -5,7 +5,6 @@ use Exception; use Firebase\JWT\JWT; use Illuminate\Container\Container; -use Illuminate\Contracts\Auth\UserProvider; use Illuminate\Contracts\Debug\ExceptionHandler; use Illuminate\Contracts\Encryption\Encrypter; use Illuminate\Cookie\Middleware\EncryptCookies; @@ -16,6 +15,7 @@ use Laminas\Diactoros\UploadedFileFactory; use Laravel\Passport\ClientRepository; use Laravel\Passport\Passport; +use Laravel\Passport\PassportUserProvider; use Laravel\Passport\TokenRepository; use Laravel\Passport\TransientToken; use League\OAuth2\Server\Exception\OAuthServerException; @@ -34,7 +34,7 @@ class TokenGuard /** * The user provider implementation. * - * @var \Illuminate\Contracts\Auth\UserProvider + * @var \Laravel\Passport\PassportUserProvider */ protected $provider; @@ -63,18 +63,19 @@ class TokenGuard * Create a new token guard instance. * * @param \League\OAuth2\Server\ResourceServer $server - * @param \Illuminate\Contracts\Auth\UserProvider $provider + * @param \Laravel\Passport\PassportUserProvider $provider * @param \Laravel\Passport\TokenRepository $tokens * @param \Laravel\Passport\ClientRepository $clients * @param \Illuminate\Contracts\Encryption\Encrypter $encrypter * @return void */ - public function __construct(ResourceServer $server, - UserProvider $provider, - TokenRepository $tokens, - ClientRepository $clients, - Encrypter $encrypter) - { + public function __construct( + ResourceServer $server, + PassportUserProvider $provider, + TokenRepository $tokens, + ClientRepository $clients, + Encrypter $encrypter + ) { $this->server = $server; $this->tokens = $tokens; $this->clients = $clients; @@ -93,12 +94,11 @@ protected function hasValidProvider(Request $request) $client = $this->client($request); // If no client provider is defined, fallback to old behavior. - if ($client && empty($client->getProvider())) { + if ($client && ! is_null($client->provider)) { return true; } - // Determine if the client's provider and the request's provider have matching models. - return $client && $client->getProvider()->getModel() === $this->provider->getModel(); + return $client && $client->provider === $this->provider->getProviderName(); } /** diff --git a/src/PassportServiceProvider.php b/src/PassportServiceProvider.php index 1f3bd4040..4f1b34dc5 100644 --- a/src/PassportServiceProvider.php +++ b/src/PassportServiceProvider.php @@ -276,7 +276,7 @@ protected function makeGuard(array $config) return new RequestGuard(function ($request) use ($config) { return (new TokenGuard( $this->app->make(ResourceServer::class), - Auth::createUserProvider($config['provider']), + new PassportUserProvider(Auth::createUserProvider($config['provider']), $config['provider']), $this->app->make(TokenRepository::class), $this->app->make(ClientRepository::class), $this->app->make('encrypter') diff --git a/src/PassportUserProvider.php b/src/PassportUserProvider.php new file mode 100644 index 000000000..ccde8dc38 --- /dev/null +++ b/src/PassportUserProvider.php @@ -0,0 +1,86 @@ +provider = $provider; + $this->providerName = $providerName; + } + + /** + * Get the UserProvider name. + * + * @return string + */ + public function getProviderName() + { + return $this->providerName; + } + + /** + * {@inheritDoc} + */ + public function retrieveById($identifier) + { + return $this->provider->retrieveById($identifier); + } + + /** + * {@inheritDoc} + */ + public function retrieveByToken($identifier, $token) + { + return $this->provider->retrieveByToken($identifier, $token); + } + + /** + * {@inheritDoc} + */ + public function updateRememberToken(Authenticatable $user, $token) + { + $this->provider->updateRememberToken($user, $token); + } + + /** + * {@inheritDoc} + */ + public function retrieveByCredentials(array $credentials) + { + return $this->provider->retrieveByCredentials($credentials); + } + + /** + * {@inheritDoc} + */ + public function validateCredentials(Authenticatable $user, array $credentials) + { + return $this->provider->validateCredentials($user, $credentials); + } +} diff --git a/tests/TokenGuardTest.php b/tests/TokenGuardTest.php index a29f4a5a6..9d8f9327d 100644 --- a/tests/TokenGuardTest.php +++ b/tests/TokenGuardTest.php @@ -414,7 +414,4 @@ class TokenGuardTestUser class TokenGuardTestClient { - public function getProvider() - { - } } From 7569525d6da44402148359cc0329d2397f9d3195 Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Mon, 27 Apr 2020 06:14:05 -0400 Subject: [PATCH 13/16] Fixed tests --- tests/TokenGuardTest.php | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/tests/TokenGuardTest.php b/tests/TokenGuardTest.php index 9d8f9327d..2b679a558 100644 --- a/tests/TokenGuardTest.php +++ b/tests/TokenGuardTest.php @@ -5,7 +5,6 @@ use Carbon\Carbon; use Firebase\JWT\JWT; use Illuminate\Container\Container; -use Illuminate\Contracts\Auth\UserProvider; use Illuminate\Contracts\Debug\ExceptionHandler; use Illuminate\Encryption\Encrypter; use Illuminate\Http\Request; @@ -13,6 +12,7 @@ use Laravel\Passport\Guards\TokenGuard; use Laravel\Passport\HasApiTokens; use Laravel\Passport\Passport; +use Laravel\Passport\PassportUserProvider; use Laravel\Passport\TokenRepository; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\ResourceServer; @@ -30,7 +30,7 @@ protected function tearDown(): void public function test_user_can_be_pulled_via_bearer_token() { $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = m::mock(Encrypter::class); @@ -45,6 +45,7 @@ public function test_user_can_be_pulled_via_bearer_token() $psr->shouldReceive('getAttribute')->with('oauth_client_id')->andReturn(1); $psr->shouldReceive('getAttribute')->with('oauth_access_token_id')->andReturn('token'); $userProvider->shouldReceive('retrieveById')->with(1)->andReturn(new TokenGuardTestUser); + $userProvider->shouldReceive('getProviderName')->andReturn(null); $tokens->shouldReceive('find')->once()->with('token')->andReturn($token = m::mock()); $clients->shouldReceive('revoked')->with(1)->andReturn(false); $clients->shouldReceive('findActive')->with(1)->andReturn(new TokenGuardTestClient); @@ -63,7 +64,7 @@ public function test_no_user_is_returned_when_oauth_throws_exception() $handler->shouldReceive('report')->once()->with(m::type(OAuthServerException::class)); $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = m::mock(Encrypter::class); @@ -86,7 +87,7 @@ public function test_no_user_is_returned_when_oauth_throws_exception() public function test_null_is_returned_if_no_user_is_found() { $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = m::mock(Encrypter::class); @@ -104,6 +105,7 @@ public function test_null_is_returned_if_no_user_is_found() $psr->shouldReceive('getAttribute')->with('oauth_user_id')->andReturn(1); $psr->shouldReceive('getAttribute')->with('oauth_client_id')->andReturn(1); $userProvider->shouldReceive('retrieveById')->with(1)->andReturn(null); + $userProvider->shouldReceive('getProviderName')->andReturn(null); $this->assertNull($guard->user($request)); } @@ -111,7 +113,7 @@ public function test_null_is_returned_if_no_user_is_found() public function test_users_may_be_retrieved_from_cookies_with_csrf_token_header() { $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = new Encrypter(str_repeat('a', 16)); @@ -134,6 +136,7 @@ public function test_users_may_be_retrieved_from_cookies_with_csrf_token_header( ); $userProvider->shouldReceive('retrieveById')->with(1)->andReturn($expectedUser = new TokenGuardTestUser); + $userProvider->shouldReceive('getProviderName')->andReturn(null); $user = $guard->user($request); @@ -143,7 +146,7 @@ public function test_users_may_be_retrieved_from_cookies_with_csrf_token_header( public function test_users_may_be_retrieved_from_cookies_with_xsrf_token_header() { $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = new Encrypter(str_repeat('a', 16)); @@ -166,6 +169,7 @@ public function test_users_may_be_retrieved_from_cookies_with_xsrf_token_header( ); $userProvider->shouldReceive('retrieveById')->with(1)->andReturn($expectedUser = new TokenGuardTestUser); + $userProvider->shouldReceive('getProviderName')->andReturn(null); $user = $guard->user($request); @@ -175,7 +179,7 @@ public function test_users_may_be_retrieved_from_cookies_with_xsrf_token_header( public function test_cookie_xsrf_is_verified_against_csrf_token_header() { $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = new Encrypter(str_repeat('a', 16)); @@ -201,7 +205,7 @@ public function test_cookie_xsrf_is_verified_against_csrf_token_header() public function test_cookie_xsrf_is_verified_against_xsrf_token_header() { $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = new Encrypter(str_repeat('a', 16)); @@ -227,7 +231,7 @@ public function test_cookie_xsrf_is_verified_against_xsrf_token_header() public function test_xsrf_token_cookie_without_a_token_header_is_not_accepted() { $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = new Encrypter(str_repeat('a', 16)); @@ -253,7 +257,7 @@ public function test_xsrf_token_cookie_without_a_token_header_is_not_accepted() public function test_expired_cookies_may_not_be_used() { $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = new Encrypter(str_repeat('a', 16)); @@ -279,7 +283,7 @@ public function test_expired_cookies_may_not_be_used() public function test_csrf_check_can_be_disabled() { $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = new Encrypter(str_repeat('a', 16)); @@ -302,6 +306,7 @@ public function test_csrf_check_can_be_disabled() ); $userProvider->shouldReceive('retrieveById')->with(1)->andReturn($expectedUser = new TokenGuardTestUser); + $userProvider->shouldReceive('getProviderName')->andReturn(null); $user = $guard->user($request); @@ -311,7 +316,7 @@ public function test_csrf_check_can_be_disabled() public function test_client_can_be_pulled_via_bearer_token() { $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = m::mock(Encrypter::class); @@ -338,7 +343,7 @@ public function test_no_client_is_returned_when_oauth_throws_exception() $handler->shouldReceive('report')->once()->with(m::type(OAuthServerException::class)); $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = m::mock(Encrypter::class); @@ -361,7 +366,7 @@ public function test_no_client_is_returned_when_oauth_throws_exception() public function test_null_is_returned_if_no_client_is_found() { $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = m::mock(Encrypter::class); @@ -381,7 +386,7 @@ public function test_null_is_returned_if_no_client_is_found() public function test_clients_may_be_retrieved_from_cookies() { $resourceServer = m::mock(ResourceServer::class); - $userProvider = m::mock(UserProvider::class); + $userProvider = m::mock(PassportUserProvider::class); $tokens = m::mock(TokenRepository::class); $clients = m::mock(ClientRepository::class); $encrypter = new Encrypter(str_repeat('a', 16)); @@ -414,4 +419,5 @@ class TokenGuardTestUser class TokenGuardTestClient { + public $provider; } From 3e46d5918c871adda54842bc359fcf42d7550856 Mon Sep 17 00:00:00 2001 From: Bill Riess Date: Mon, 27 Apr 2020 06:19:37 -0400 Subject: [PATCH 14/16] StyleCI + validation tweak --- src/Client.php | 1 - src/Guards/TokenGuard.php | 2 +- src/PassportUserProvider.php | 10 +++++----- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/Client.php b/src/Client.php index 22643638b..0039115d8 100644 --- a/src/Client.php +++ b/src/Client.php @@ -3,7 +3,6 @@ namespace Laravel\Passport; use Illuminate\Database\Eloquent\Model; -use Illuminate\Support\Facades\Auth; class Client extends Model { diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php index 147b75b14..b81b13fcf 100644 --- a/src/Guards/TokenGuard.php +++ b/src/Guards/TokenGuard.php @@ -94,7 +94,7 @@ protected function hasValidProvider(Request $request) $client = $this->client($request); // If no client provider is defined, fallback to old behavior. - if ($client && ! is_null($client->provider)) { + if ($client && ! $client->provider) { return true; } diff --git a/src/PassportUserProvider.php b/src/PassportUserProvider.php index ccde8dc38..c62768d6c 100644 --- a/src/PassportUserProvider.php +++ b/src/PassportUserProvider.php @@ -45,7 +45,7 @@ public function getProviderName() } /** - * {@inheritDoc} + * {@inheritdoc} */ public function retrieveById($identifier) { @@ -53,7 +53,7 @@ public function retrieveById($identifier) } /** - * {@inheritDoc} + * {@inheritdoc} */ public function retrieveByToken($identifier, $token) { @@ -61,7 +61,7 @@ public function retrieveByToken($identifier, $token) } /** - * {@inheritDoc} + * {@inheritdoc} */ public function updateRememberToken(Authenticatable $user, $token) { @@ -69,7 +69,7 @@ public function updateRememberToken(Authenticatable $user, $token) } /** - * {@inheritDoc} + * {@inheritdoc} */ public function retrieveByCredentials(array $credentials) { @@ -77,7 +77,7 @@ public function retrieveByCredentials(array $credentials) } /** - * {@inheritDoc} + * {@inheritdoc} */ public function validateCredentials(Authenticatable $user, array $credentials) { From e52ceba1d3e9791d387935c2cd57e3eb7be10cee Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Tue, 28 Apr 2020 15:14:30 -0500 Subject: [PATCH 15/16] Update Client.php --- src/Client.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Client.php b/src/Client.php index 0039115d8..6952d5783 100644 --- a/src/Client.php +++ b/src/Client.php @@ -51,7 +51,7 @@ public function user() $provider = $this->provider ?: config('auth.guards.api.provider'); return $this->belongsTo( - config("auth.providers.$provider.model") + config("auth.providers.{$provider}.model") ); } From cdc37f06b592e4349fcf4c473e2c6b2ef91c5abc Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Tue, 28 Apr 2020 16:06:28 -0500 Subject: [PATCH 16/16] formatting --- src/Bridge/ClientRepository.php | 6 +++++- src/ClientRepository.php | 2 +- src/Console/ClientCommand.php | 4 ++-- src/Guards/TokenGuard.php | 1 - src/PassportUserProvider.php | 24 ++++++++++++------------ 5 files changed, 20 insertions(+), 17 deletions(-) diff --git a/src/Bridge/ClientRepository.php b/src/Bridge/ClientRepository.php index e9fb4b0d0..35168731e 100644 --- a/src/Bridge/ClientRepository.php +++ b/src/Bridge/ClientRepository.php @@ -37,7 +37,11 @@ public function getClientEntity($clientIdentifier) } return new Client( - $clientIdentifier, $record->name, $record->redirect, $record->confidential(), $record->provider + $clientIdentifier, + $record->name, + $record->redirect, + $record->confidential(), + $record->provider ); } diff --git a/src/ClientRepository.php b/src/ClientRepository.php index 119cb0812..e04dfc0d8 100644 --- a/src/ClientRepository.php +++ b/src/ClientRepository.php @@ -116,8 +116,8 @@ public function create($userId, $name, $redirect, $provider = null, $personalAcc 'user_id' => $userId, 'name' => $name, 'secret' => ($confidential || $personalAccess) ? Str::random(40) : null, - 'redirect' => $redirect, 'provider' => $provider, + 'redirect' => $redirect, 'personal_access_client' => $personalAccess, 'password_client' => $password, 'revoked' => false, diff --git a/src/Console/ClientCommand.php b/src/Console/ClientCommand.php index 5f46f9f0f..a312a401e 100644 --- a/src/Console/ClientCommand.php +++ b/src/Console/ClientCommand.php @@ -18,7 +18,7 @@ class ClientCommand extends Command {--password : Create a password grant client} {--client : Create a client credentials grant client} {--name= : The name of the client} - {--provider= : The name of the provider} + {--provider= : The name of the user provider} {--redirect_uri= : The URI to redirect to after authorization } {--user_id= : The user ID the client should be assigned to } {--public : Create a public client (Auth code grant type only) }'; @@ -87,7 +87,7 @@ protected function createPasswordClient(ClientRepository $clients) $providers = array_keys(config('auth.providers')); $provider = $this->option('provider') ?: $this->choice( - 'What provider should be used?', + 'Which user provider should this client use to retrieve users?', $providers, in_array('users', $providers) ? 'users' : null ); diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php index b81b13fcf..f30468310 100644 --- a/src/Guards/TokenGuard.php +++ b/src/Guards/TokenGuard.php @@ -93,7 +93,6 @@ protected function hasValidProvider(Request $request) { $client = $this->client($request); - // If no client provider is defined, fallback to old behavior. if ($client && ! $client->provider) { return true; } diff --git a/src/PassportUserProvider.php b/src/PassportUserProvider.php index c62768d6c..b94d82fa0 100644 --- a/src/PassportUserProvider.php +++ b/src/PassportUserProvider.php @@ -8,14 +8,14 @@ class PassportUserProvider implements UserProvider { /** - * The Application UserProvider instance. + * The user provider instance. * * @var \Illuminate\Contracts\Auth\UserProvider */ protected $provider; /** - * The Application UserProvider name. + * The user provider name. * * @var string */ @@ -34,16 +34,6 @@ public function __construct(UserProvider $provider, $providerName) $this->providerName = $providerName; } - /** - * Get the UserProvider name. - * - * @return string - */ - public function getProviderName() - { - return $this->providerName; - } - /** * {@inheritdoc} */ @@ -83,4 +73,14 @@ public function validateCredentials(Authenticatable $user, array $credentials) { return $this->provider->validateCredentials($user, $credentials); } + + /** + * Get the name of the user provider. + * + * @return string + */ + public function getProviderName() + { + return $this->providerName; + } }