New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[8.x] Adds attempt with callbacks #37030
[8.x] Adds attempt with callbacks #37030
Conversation
Yeah. If someone is extending the class it will be terrible. 9.x it is. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems ok to me.
Since it's for 9.x, why just change the contract? This would mean interoperability between all guards (included and custom ones). |
It is in theory possible to solve this on 8.x by passing a reserved key in the Auth::attemptSomeMethodName(array $arrayOfCallbacks, array $credentials, etc...)
{
$credentials['__callbacks'] = $arrayOfCallbacks;
return $this->attempt($credentials, etc...);
} |
I really would prefer using callables because I can just reference an static method from somewhere. I think that reserving a key it's kind of hassle because there is no guarantee the developer is not using it somewhere (I've seen some sh*t). It could be that just adding a new method that accepts an array of callbacks could work for 8.x. Auth::attemptAnd($credentials, fn($user) => $user->isCool()); This could work only for the Session Guard, but on 9.x, a contract could force adding the new method to allow interoperability, but I wouldn't mind if everyone voted against. |
If you add a new method, I'm not sure you have a way to get those callbacks called at the correct time during the authentication process without a breaking change? Unless I'm missing something? |
I'm also missing something. Why it wouldn't be called at the correct time? The idea is to work on the validated user itself. Wrapping it up:
This is intended to work like an "AfterValidated" hook because, before validation, its pretty much like a black box. |
Well - if you think you can add a new method in such a way that is not breaking feel free to adjust this PR to do that and I'll take a look. |
Im on it. ~~‘attemptAnd()’~~ will be my choice.
Italo Baeza C.
… El 22-04-2021, a la(s) 09:48, Taylor Otwell ***@***.***> escribió:
Well - if you think you can add a new method in such a way that is not breaking feel free to adjust this PR to do that and I'll take a look.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Callback now includes Guard instance.
…/attempt-callback
I think it has more "semantic sense" to use You can now do this: Auth::attemptWith($credentials, $remember, function ($user, $guard) {
return $user->isCool() && $guard instanceof SessionGuard::class;
}); No BC, 8.x compatible. |
Can you resubmit this to 8.x? |
Lol, of course. |
This PR expands on the discussion here about adding callbacks the
attempt()
authentication mechanisms.Problem
There is no way to add additional checks at runtime when using
attempt()
. Any addition forces the developer to create a new Guard, or use nonchalantlyvalidate()
andgetLastAttempted()
, and fireAttempting
manually.Solution
This PR allows the
SessionGuard::attempt()
method to the receive a third argument that receives one or multiple callbacks. Each of these receive the validated User, and if one returns false, the whole attempt fails.Since there are
callables
, the developer can add its own checks, or use checks made by external packages, all while controlling manually the flow and order of these.How it works
The change adds an internal function
shouldLogin()
that executes each callback and returnsfalse
if one of them "fails". This is called after the user is properly validated:Breaking changes: extending the Session Guard
The above change is simple and non-breaking, since it doesn't changes the interface signature, but as a precaution I'm pushing it into the next version... unless it gets approved for 8.x. And this also includes an additional test.