Merge branch '2.x'

# Conflicts: # CHANGELOG.md
laravel · Nov 24, 2020 · caf221a · caf221a
2 parents 2d50bf7 + 331bd65
commit caf221a
Show file tree

Hide file tree

Showing 4 changed files with 88 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,18 @@
 # Release Notes
 
-## [Unreleased](https://github.com/laravel/airlock/compare/v2.8.0...master)
+## [Unreleased](https://github.com/laravel/airlock/compare/v2.8.2...master)
+
+
+## [v2.8.2 (2020-11-24)](https://github.com/laravel/sanctum/compare/v2.8.1...v2.8.2)
+
+### Fixed
+- Fix user provider in `sanctum` guard ([#225](https://github.com/laravel/sanctum/pull/225))
+
+
+## [v2.8.1 (2020-11-17)](https://github.com/laravel/sanctum/compare/v2.8.0...v2.8.1)
+
+### Changed
+- Add default nextjs address to stateful ([e86d3e0](https://github.com/laravel/sanctum/commit/e86d3e01ade3325438fe1e64ddd64ec53f828dc4))
 
 
 ## [v2.8.0 (2020-11-03)](https://github.com/laravel/sanctum/compare/v2.7.0...v2.8.0)

diff --git a/config/sanctum.php b/config/sanctum.php
@@ -13,7 +13,10 @@
     |
     */
 
-    'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', 'localhost,127.0.0.1,127.0.0.1:8000,::1')),
+    'stateful' => explode(',', env(
+        'SANCTUM_STATEFUL_DOMAINS',
+        'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1'
+    )),
 
     /*
     |--------------------------------------------------------------------------

diff --git a/src/SanctumServiceProvider.php b/src/SanctumServiceProvider.php
@@ -114,7 +114,7 @@ protected function createGuard($auth, $config)
         return new RequestGuard(
             new Guard($auth, config('sanctum.expiration'), $config['provider']),
             $this->app['request'],
-            $auth->createUserProvider()
+            $auth->createUserProvider($config['provider'] ?? null)
         );
     }
 

diff --git a/tests/GuardTest.php b/tests/GuardTest.php
@@ -3,6 +3,7 @@
 namespace Laravel\Sanctum\Tests;
 
 use DateTimeInterface;
+use Illuminate\Auth\EloquentUserProvider;
 use Illuminate\Contracts\Auth\Factory as AuthFactory;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Http\Request;
@@ -51,7 +52,7 @@ public function test_authentication_is_attempted_with_web_middleware()
 
         $user = $guard->__invoke(Request::create('/', 'GET'));
 
-        $this->assertTrue($user === $fakeUser);
+        $this->assertSame($user, $fakeUser);
         $this->assertTrue($user->tokenCan('foo'));
     }
 
@@ -160,6 +161,74 @@ public function test_authentication_is_successful_with_token_if_no_session_prese
         $this->assertInstanceOf(DateTimeInterface::class, $returnedUser->currentAccessToken()->last_used_at);
     }
 
+    public function test_authentication_with_token_fails_if_user_provider_is_invalid()
+    {
+        $this->loadLaravelMigrations(['--database' => 'testbench']);
+        $this->artisan('migrate', ['--database' => 'testbench'])->run();
+
+        config(['auth.guards.sanctum.provider' => 'users']);
+        config(['auth.providers.users.model' => 'App\Models\User']);
+
+        $factory = $this->app->make(AuthFactory::class);
+        $requestGuard = $factory->guard('sanctum');
+
+        $request = Request::create('/', 'GET');
+        $request->headers->set('Authorization', 'Bearer test');
+
+        $user = User::forceCreate([
+            'name' => 'Taylor Otwell',
+            'email' => 'taylor@laravel.com',
+            'password' => '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi',
+            'remember_token' => Str::random(10),
+        ]);
+
+        $token = PersonalAccessToken::forceCreate([
+            'tokenable_id' => $user->id,
+            'tokenable_type' => get_class($user),
+            'name' => 'Test',
+            'token' => hash('sha256', 'test'),
+        ]);
+
+        $returnedUser = $requestGuard->setRequest($request)->user();
+
+        $this->assertNull($returnedUser);
+        $this->assertInstanceOf(EloquentUserProvider::class, $requestGuard->getProvider());
+    }
+
+    public function test_authentication_is_successful_with_token_if_user_provider_is_valid()
+    {
+        $this->loadLaravelMigrations(['--database' => 'testbench']);
+        $this->artisan('migrate', ['--database' => 'testbench'])->run();
+
+        config(['auth.guards.sanctum.provider' => 'users']);
+        config(['auth.providers.users.model' => User::class]);
+
+        $factory = $this->app->make(AuthFactory::class);
+        $requestGuard = $factory->guard('sanctum');
+
+        $request = Request::create('/', 'GET');
+        $request->headers->set('Authorization', 'Bearer test');
+
+        $user = User::forceCreate([
+            'name' => 'Taylor Otwell',
+            'email' => 'taylor@laravel.com',
+            'password' => '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi',
+            'remember_token' => Str::random(10),
+        ]);
+
+        $token = PersonalAccessToken::forceCreate([
+            'tokenable_id' => $user->id,
+            'tokenable_type' => get_class($user),
+            'name' => 'Test',
+            'token' => hash('sha256', 'test'),
+        ]);
+
+        $returnedUser = $requestGuard->setRequest($request)->user();
+
+        $this->assertEquals($user->id, $returnedUser->id);
+        $this->assertInstanceOf(EloquentUserProvider::class, $requestGuard->getProvider());
+    }
+
     protected function getPackageProviders($app)
     {
         return [SanctumServiceProvider::class];