Replace authentication using model with element instead

riasvdv · riasvdv · commit 73dc14f8bb5e · 2025-12-08T11:12:07.000+01:00
diff --git a/routes/actions.php b/routes/actions.php
@@ -71,7 +71,7 @@
 Route::prefix(Cms::config()->actionTrigger)->group(function () {
     Route::post('migrate', MigrateController::class);
 
-    Route::middleware(['auth'])->group(function () {
+    Route::middleware(['auth:craft'])->group(function () {
         Route::post('entries/save-entry', StoreEntryController::class);
     });
 
@@ -115,7 +115,7 @@
     /**
      * Actions needing auth
      */
-    Route::middleware(['auth'])->group(function () {
+    Route::middleware(['auth:craft'])->group(function () {
         // Addresses
         Route::post('addresses/fields', [AddressesController::class, 'fields']);
         Route::middleware(RequireAdminChanges::class)->post('addresses/save-field-layout', [AddressesController::class, 'saveFieldLayout']);
diff --git a/routes/cp.php b/routes/cp.php
@@ -36,7 +36,7 @@
 /**
  * Admin requests that require a login
  */
-Route::middleware('auth')->group(function () {
+Route::middleware('auth:craft')->group(function () {
     Route::get('dashboard', DashboardController::class);
 
     Route::get('utilities', [UtilitiesController::class, 'index']);
diff --git a/src/Dashboard/Dashboard.php b/src/Dashboard/Dashboard.php
@@ -296,7 +296,7 @@ public function changeWidgetColspan(int $widgetId, int $colspan): bool
      */
     private function addDefaultUserWidgets(): void
     {
-        /** @var User $user */
+        /** @var ?\craft\elements\User $user */
         $user = Auth::user();
 
         // Recent Entries widget
@@ -321,9 +321,11 @@ private function addDefaultUserWidgets(): void
             ],
         ]));
 
-        $user->update([
+        User::where('id', $user->id)->update([
             'hasDashboard' => true,
         ]);
+
+        $user->hasDashboard = true;
     }
 
     private function getUserWidgetModelById(?int $widgetId = null): Models\Widget
diff --git a/src/Database/Migrations/0000_00_00_000001_add_remember_token_to_users.php b/src/Database/Migrations/0000_00_00_000001_add_remember_token_to_users.php
@@ -11,17 +11,17 @@
 {
     public function up(): void
     {
-        if (Schema::hasColumn(Table::USERS, 'remember_token')) {
+        if (Schema::hasColumn(Table::USERS, 'rememberToken')) {
             return;
         }
 
         Schema::table(Table::USERS, function (Blueprint $table) {
-            $table->rememberToken();
+            $table->string('rememberToken', 100)->nullable();
         });
     }
 
     public function down(): void
     {
-        Schema::dropColumns(Table::USERS, 'remember_token');
+        Schema::dropColumns(Table::USERS, 'rememberToken');
     }
 };
diff --git a/src/Database/Migrations/Install.php b/src/Database/Migrations/Install.php
@@ -774,7 +774,7 @@ public function createTables(): void
             $table->string('unverifiedEmail')->nullable();
             $table->boolean('passwordResetRequired')->default(false);
             $table->dateTime('lastPasswordChangeDate')->nullable();
-            $table->rememberToken();
+            $table->string('rememberToken', 100)->nullable();
             $table->dateTime('dateCreated');
             $table->dateTime('dateUpdated');
 
diff --git a/src/Database/Queries/UserQuery.php b/src/Database/Queries/UserQuery.php
@@ -59,6 +59,7 @@ public function __construct(array $config = [])
             'users.affiliatedSiteId as affiliatedSiteId',
             'users.active as active',
             'users.fullName as fullName',
+            'users.rememberToken as rememberToken',
         ]);
     }
 
diff --git a/src/Edition.php b/src/Edition.php
@@ -7,6 +7,7 @@
 use CraftCms\Cms\Edition\Events\EditionChanged;
 use CraftCms\Cms\Edition\Exceptions\WrongEditionException;
 use CraftCms\Cms\License\License;
+use CraftCms\Cms\Shared\Models\Info;
 use CraftCms\Cms\Support\Env;
 use CraftCms\Cms\Support\Facades\ProjectConfig;
 use Illuminate\Support\Facades\Auth;
@@ -125,7 +126,7 @@ public static function canTest(): bool
 
     public static function canUpgrade(): bool
     {
-        if (! Auth::getUser()?->isAdmin()) {
+        if (! Auth::user()?->isAdmin()) {
             return false;
         }
 
@@ -146,7 +147,7 @@ public static function require(Edition|int $edition, bool $orBetter = true): voi
             $edition = self::from($edition);
         }
 
-        if (! \Craft::$app->getIsInstalled()) {
+        if (! Info::isInstalled()) {
             return;
         }
 
diff --git a/src/Element/ElementSources.php b/src/Element/ElementSources.php
@@ -330,7 +330,7 @@ private function showCustomSource(array $source): bool
         }
 
         return array_any(
-            $user->getGroups()->all(),
+            $user->getGroups(),
             fn ($group) => in_array($group->uid, $source['userGroups'], true)
         );
     }
diff --git a/src/Http/Controllers/Users/EditUserTrait.php b/src/Http/Controllers/Users/EditUserTrait.php
@@ -77,7 +77,7 @@ protected function asEditUserScreen(User $user, string $screen): CpScreenRespons
 
         $screens[self::SCREEN_ADDRESSES] = ['label' => t('Addresses')];
 
-        $currentUser = Auth::user()->asElement();
+        $currentUser = Auth::user();
 
         if (Event::hasListeners(DefineEditUserScreens::class)) {
             Event::dispatch($event = new DefineEditUserScreens($currentUser, $user, $screens));
@@ -162,7 +162,7 @@ function (CpScreenResponse $response) use ($user, $pageName) {
 
     private function showPermissionsScreen(): bool
     {
-        $currentUser = Auth::user()->asElement();
+        $currentUser = Auth::user();
 
         return
             Edition::get()->value >= Edition::Team->value &&
diff --git a/src/Http/Controllers/Users/ImpersonationController.php b/src/Http/Controllers/Users/ImpersonationController.php
@@ -10,7 +10,6 @@
 use CraftCms\Cms\Http\RespondsWithFlash;
 use CraftCms\Cms\Support\Flash;
 use CraftCms\Cms\User\Actions\GetImpersonationUrlAction;
-use CraftCms\Cms\User\Models\User as UserModel;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
@@ -48,7 +47,7 @@ public function impersonate(): Response
         Craft::$app->getUser()->setImpersonatorId($this->request->user()->id);
 
         try {
-            Auth::login(UserModel::findOrFail($userId));
+            Auth::login($user);
         } catch (Throwable) {
             Flash::fail(t('There was a problem impersonating this user.'));
 
@@ -76,7 +75,7 @@ public function getUrl(GetImpersonationUrlAction $getImpersonationUrlAction): Js
 
         $this->enforceImpersonatePermission($user);
 
-        $url = $getImpersonationUrlAction(UserModel::findOrFail($user->id));
+        $url = $getImpersonationUrlAction($user);
 
         abort_if($url === false, 500, 'Unable to generate impersonation URL.');
 
@@ -93,19 +92,20 @@ public function withToken(): Response
         $userId = $this->request->integer('userId');
         $prevUserId = $this->request->integer('prevUserId');
 
-        $user = UserModel::findOrFail($userId);
+        /** @var User $user */
+        $user = Craft::$app->getUsers()->getUserById($userId);
 
         Craft::$app->getUser()->setImpersonatorId($prevUserId);
 
         try {
-            Auth::login(UserModel::findOrFail($userId));
+            Auth::login($user);
         } catch (Throwable) {
             Flash::fail(t('There was a problem impersonating this user.'));
 
             return back();
         }
 
-        return $this->handleSuccessfulLogin(Craft::$app->getUsers()->getUserById($user->id));
+        return $this->handleSuccessfulLogin($user);
     }
 
     private function handleSuccessfulLogin(User $user): Response
@@ -132,10 +132,11 @@ private function handleSuccessfulLogin(User $user): Response
 
     private function enforceImpersonatePermission(User $user): void
     {
-        $yiiCurrentUser = Craft::$app->getUsers()->getUserById($this->request->user()->id);
+        /** @var ?\craft\elements\User $currentUser */
+        $currentUser = $this->request->user();
 
         abort_unless(
-            Craft::$app->getUsers()->canImpersonate($yiiCurrentUser, $user),
+            Craft::$app->getUsers()->canImpersonate($currentUser, $user),
             403,
             t('You do not have sufficient permissions to impersonate this user'),
         );
diff --git a/src/Http/Controllers/Users/PermissionsController.php b/src/Http/Controllers/Users/PermissionsController.php
@@ -5,6 +5,7 @@
 namespace CraftCms\Cms\Http\Controllers\Users;
 
 use Craft;
+use craft\elements\User as UserElement;
 use craft\errors\InvalidElementException;
 use CraftCms\Cms\Database\Table;
 use CraftCms\Cms\Edition;
@@ -15,7 +16,6 @@
 use CraftCms\Cms\Support\Facades\UserPermissions;
 use CraftCms\Cms\Support\Flash;
 use CraftCms\Cms\Support\Html;
-use CraftCms\Cms\User\Elements\User as UserElement;
 use CraftCms\Cms\User\Events\AssigningGroupsAndPermissions;
 use CraftCms\Cms\User\Events\GroupsAndPermissionsAssigned;
 use CraftCms\Cms\User\Models\User;
@@ -65,7 +65,7 @@ public function store(Request $request): Response
             'sendActivationMail' => ['nullable', 'boolean'],
         ]);
 
-        $currentUser = $request->user()->asElement();
+        $currentUser = $request->user();
         $user = $this->editedUser($request->integer('userId'));
 
         // Is their admin status changing?
diff --git a/src/Http/Middleware/SetCraftGuard.php b/src/Http/Middleware/SetCraftGuard.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace CraftCms\Cms\Http\Middleware;
+
+use Closure;
+use Illuminate\Config\Repository;
+use Illuminate\Http\Request;
+
+final readonly class SetCraftGuard
+{
+    public function __construct(
+        private Repository $config,
+    ) {}
+
+    public function handle(Request $request, Closure $next): mixed
+    {
+        $this->config->set('auth.defaults.guard', 'craft');
+
+        return $next($request);
+    }
+}
diff --git a/src/Http/Middleware/UpdateLocale.php b/src/Http/Middleware/UpdateLocale.php
@@ -5,6 +5,7 @@
 namespace CraftCms\Cms\Http\Middleware;
 
 use Closure;
+use Craft;
 use CraftCms\Cms\Config\GeneralConfig;
 use CraftCms\Cms\Shared\Models\Info;
 use CraftCms\Cms\Support\Facades\Sites;
@@ -45,12 +46,12 @@ private function getTargetLocale(Request $request): string
             return Sites::getCurrentSite()->getLanguage();
         }
 
-        /** @var ?\CraftCms\Cms\User\Models\User $user */
+        /** @var ?\craft\elements\User $user */
         $user = $this->auth->user();
 
         if (
             $user?->getAuthIdentifier() &&
-            ($language = \Craft::$app->getUsers()->getUserPreference($user->getAuthIdentifier(), 'language')) !== null &&
+            ($language = Craft::$app->getUsers()->getUserPreference($user->getAuthIdentifier(), 'language')) !== null &&
             $this->i18N->validateAppLocaleId($language)
         ) {
             return $language;
diff --git a/src/License/License.php b/src/License/License.php
@@ -5,6 +5,7 @@
 namespace CraftCms\Cms\License;
 
 use Craft;
+use craft\elements\User;
 use craft\helpers\UrlHelper;
 use CraftCms\Aliases\Aliases;
 use CraftCms\Cms\Config\GeneralConfig;
@@ -18,7 +19,6 @@
 use CraftCms\Cms\Support\Json as JsonHelper;
 use CraftCms\Cms\Support\Str;
 use CraftCms\Cms\Updates\Updates;
-use CraftCms\Cms\User\Models\User;
 use Illuminate\Auth\AuthManager;
 use Illuminate\Container\Attributes\Singleton;
 use Illuminate\Support\Facades\Cache;
diff --git a/src/Providers/AppServiceProvider.php b/src/Providers/AppServiceProvider.php
@@ -14,7 +14,6 @@
 use CraftCms\Cms\Shared\Models\Info;
 use CraftCms\Cms\Support\Env;
 use CraftCms\Cms\Support\Facades\Updates;
-use CraftCms\Cms\User\Models\User;
 use GuzzleHttp\Utils;
 use Illuminate\Auth\Middleware\Authenticate;
 use Illuminate\Contracts\Config\Repository as ConfigRepository;
@@ -47,16 +46,6 @@ public function register(): void
     {
         $this->registerMacros();
 
-        /**
-         * Make sure we're using Craft's User model
-         *
-         * @var class-string<\Illuminate\Contracts\Auth\Authenticatable> $model
-         */
-        $model = Config::get('auth.providers.users.model');
-        if (! class_exists($model) || ! is_a($model, User::class, true)) {
-            Config::set('auth.providers.users.model', User::class);
-        }
-
         Authenticate::redirectUsing(function () {
             if (\request()->isCpRequest()) {
                 return Cms::config()->cpTrigger.'/login';
diff --git a/src/Route/RouteServiceProvider.php b/src/Route/RouteServiceProvider.php
@@ -13,6 +13,7 @@
 use CraftCms\Cms\Http\Middleware\HandleTokenRequest;
 use CraftCms\Cms\Http\Middleware\RequireCpRequest;
 use CraftCms\Cms\Http\Middleware\SendPoweredByHeader;
+use CraftCms\Cms\Http\Middleware\SetCraftGuard;
 use CraftCms\Cms\Http\Middleware\UpdateLocale;
 use CraftCms\Cms\Route\Data\Route;
 use CraftCms\Cms\Shared\Models\Info;
@@ -22,10 +23,11 @@
 use Illuminate\Routing\Router;
 use Illuminate\Support\Facades\Event;
 use Illuminate\Support\ServiceProvider;
+use Override;
 
 final class RouteServiceProvider extends ServiceProvider
 {
-    #[\Override]
+    #[Override]
     public function register(): void
     {
         /**
@@ -70,6 +72,7 @@ public function boot(Router $router, Routes $routes): void
     private function bootMiddleware(Router $router): void
     {
         collect([
+            SetCraftGuard::class,
             UpdateLocale::class,
             CheckSchemaVersion::class,
             CheckForUpdates::class,
diff --git a/src/User/Actions/GetImpersonationUrlAction.php b/src/User/Actions/GetImpersonationUrlAction.php
@@ -4,9 +4,9 @@
 
 namespace CraftCms\Cms\User\Actions;
 
+use craft\elements\User;
 use craft\helpers\UrlHelper;
 use CraftCms\Cms\RouteToken\RouteTokens;
-use CraftCms\Cms\User\Models\User;
 use Illuminate\Support\Facades\Auth;
 
 use function CraftCms\Cms\action_url;
diff --git a/src/User/Commands/ImpersonateCommand.php b/src/User/Commands/ImpersonateCommand.php
@@ -6,7 +6,6 @@
 
 use CraftCms\Cms\Console\CraftCommand;
 use CraftCms\Cms\User\Actions\GetImpersonationUrlAction;
-use CraftCms\Cms\User\Models\User;
 use Illuminate\Console\Command;
 use Illuminate\Contracts\Console\PromptsForMissingInput;
 use Laravel\Prompts\Concerns\Colors;
@@ -31,7 +30,7 @@ public function handle(GetImpersonationUrlAction $getImpersonationUrlAction): in
             return self::FAILURE;
         }
 
-        $url = $getImpersonationUrlAction(User::findOrFail($user->id));
+        $url = $getImpersonationUrlAction($user);
 
         if ($url === false) {
             $this->components->error('Unable to create the impersonation token.');
diff --git a/src/User/Events/DefineEditUserScreens.php b/src/User/Events/DefineEditUserScreens.php
@@ -4,7 +4,7 @@
 
 namespace CraftCms\Cms\User\Events;
 
-use CraftCms\Cms\User\Elements\User;
+use craft\elements\User;
 
 /**
  * @event DefineEditUserScreens The event that is triggered when defining the screens that should be
diff --git a/src/User/Models/User.php b/src/User/Models/User.php
diff --git a/src/User/UserGroups.php b/src/User/UserGroups.php
diff --git a/src/User/UserPermissions.php b/src/User/UserPermissions.php
diff --git a/src/User/UserProvider.php b/src/User/UserProvider.php
diff --git a/src/User/UserServiceProvider.php b/src/User/UserServiceProvider.php
diff --git a/src/Utility/Utilities.php b/src/Utility/Utilities.php
diff --git a/tests/Announcement/AnnouncementsTest.php b/tests/Announcement/AnnouncementsTest.php
diff --git a/yii2-adapter/legacy/elements/User.php b/yii2-adapter/legacy/elements/User.php
diff --git a/yii2-adapter/legacy/elements/db/UserQuery.php b/yii2-adapter/legacy/elements/db/UserQuery.php

Original file line number	Diff line number	Diff line change
`@@ -11,17 +11,17 @@`
`11`	`11`	`{`
`12`	`12`	`public function up(): void`
`13`	`13`	`{`
`14`		`- if (Schema::hasColumn(Table::USERS, 'remember_token')) {`
	`14`	`+ if (Schema::hasColumn(Table::USERS, 'rememberToken')) {`
`15`	`15`	`return;`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`Schema::table(Table::USERS, function (Blueprint $table) {`
`19`		`- $table->rememberToken();`
	`19`	`+ $table->string('rememberToken', 100)->nullable();`
`20`	`20`	`});`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`public function down(): void`
`24`	`24`	`{`
`25`		`- Schema::dropColumns(Table::USERS, 'remember_token');`
	`25`	`+ Schema::dropColumns(Table::USERS, 'rememberToken');`
`26`	`26`	`}`
`27`	`27`	`};`
Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,7 @@ public function __construct(array $config = [])`
`59`	`59`	`'users.affiliatedSiteId as affiliatedSiteId',`
`60`	`60`	`'users.active as active',`
`61`	`61`	`'users.fullName as fullName',`
	`62`	`+ 'users.rememberToken as rememberToken',`
`62`	`63`	`]);`
`63`	`64`	`}`
`64`	`65`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@`
`7`	`7`	`use CraftCms\Cms\Edition\Events\EditionChanged;`
`8`	`8`	`use CraftCms\Cms\Edition\Exceptions\WrongEditionException;`
`9`	`9`	`use CraftCms\Cms\License\License;`
	`10`	`+use CraftCms\Cms\Shared\Models\Info;`
`10`	`11`	`use CraftCms\Cms\Support\Env;`
`11`	`12`	`use CraftCms\Cms\Support\Facades\ProjectConfig;`
`12`	`13`	`use Illuminate\Support\Facades\Auth;`
`@@ -125,7 +126,7 @@ public static function canTest(): bool`
`125`	`126`
`126`	`127`	`public static function canUpgrade(): bool`
`127`	`128`	`{`
`128`		`- if (! Auth::getUser()?->isAdmin()) {`
	`129`	`+ if (! Auth::user()?->isAdmin()) {`
`129`	`130`	`return false;`
`130`	`131`	`}`
`131`	`132`
`@@ -146,7 +147,7 @@ public static function require(Edition\|int $edition, bool $orBetter = true): voi`
`146`	`147`	`$edition = self::from($edition);`
`147`	`148`	`}`
`148`	`149`
`149`		`- if (! \Craft::$app->getIsInstalled()) {`
	`150`	`+ if (! Info::isInstalled()) {`
`150`	`151`	`return;`
`151`	`152`	`}`
`152`	`153`
Original file line number	Diff line number	Diff line change
`@@ -330,7 +330,7 @@ private function showCustomSource(array $source): bool`
`330`	`330`	`}`
`331`	`331`
`332`	`332`	`return array_any(`
`333`		`- $user->getGroups()->all(),`
	`333`	`+ $user->getGroups(),`
`334`	`334`	`fn ($group) => in_array($group->uid, $source['userGroups'], true)`
`335`	`335`	`);`
`336`	`336`	`}`