Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[11.x] use Auth::userResolver when resolving the authenticated user #54382

Merged
merged 1 commit into from
Jan 28, 2025
Merged

[11.x] use Auth::userResolver when resolving the authenticated user #54382

merged 1 commit into from
Jan 28, 2025

Conversation

rodrigopedra
Copy link
Contributor

@rodrigopedra rodrigopedra commented Jan 27, 2025
edited
Loading

Laravel 11 introduced Contextual Attributes, which allows a developer to resolve dependencies from the container using PHP's Attributes to annotate parameters.

The Illuminate\Container\Attributes\Authenticated Attribute resolves the current authenticated user and injects it to the parameter annotated with it.

The Authentication component allows a developer to provide a custom user resolver closure with a custom logic on how to resolve the current authenticated user.

This resolver is then bound to the container, to the Gate component and to the Request object.

But the Illuminate\Container\Attributes\Authenticated Attribute did not use this resolver.

In projects which provide a custom resolver, this could result in the wrong user instance -- or no instance at all (aka null) -- being resolved, instead of using the custom logic as intended by the developer.

This PR:

  • Fixes the Illuminate\Container\Attributes\Authenticated Attribute to use the Authentication component user resolver
  • Changed the test case to account for the additional call on the AuthManager mock object

Note

I used the same logic as the resolver used in the request to allow the Attribute's guard parameter to be used:

framework/src/Illuminate/Auth/AuthServiceProvider.php

Lines 85 to 92 in 2d10f2a

protected function registerRequestRebindHandler()
{
$this->app->rebinding('request', function ($app, $request) {
$request->setUserResolver(function ($guard = null) use ($app) {
return call_user_func($app['auth']->userResolver(), $guard);
});
});
}

@taylorotwell
Copy link
Member

Don't we need to check if a custom user resolver has even been defined?

@taylorotwell taylorotwell marked this pull request as draft January 28, 2025 15:19
@rodrigopedra
Copy link
Contributor Author

rodrigopedra commented Jan 28, 2025
edited
Loading

@taylorotwell no, the AuthManager class defines a default one on its constructor:

framework/src/Illuminate/Auth/AuthManager.php

Lines 53 to 58 in 8509637

public function __construct($app)
{
$this->app = $app;
$this->userResolver = fn ($guard = null) => $this->guard($guard)->user();
}

And it is precisely the old implementation of the Authenticated attribute, so if no custom user resolver is set, then the behavior is still the same as before.

@rodrigopedra rodrigopedra marked this pull request as ready for review January 28, 2025 18:22
@taylorotwell taylorotwell merged commit 95adbb7 into laravel:11.x Jan 28, 2025
40 checks passed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rodrigopedra @taylorotwell