Merge pull request #18147 from craftcms/feature/login-as-element

[6.x] Authentication with Element instead of Eloquent Model

Author: brandonkelly

routes/actions.php

@@ -71,7 +71,7 @@
 Route::prefix(Cms::config()->actionTrigger)->group(function () {
     Route::post('migrate', MigrateController::class);
 
-    Route::middleware(['auth'])->group(function () {
+    Route::middleware(['auth:craft'])->group(function () {
         Route::post('entries/save-entry', StoreEntryController::class);
     });
 
@@ -115,7 +115,7 @@
     /**
      * Actions needing auth
      */
-    Route::middleware(['auth'])->group(function () {
+    Route::middleware(['auth:craft'])->group(function () {
         // Addresses
         Route::post('addresses/fields', [AddressesController::class, 'fields']);
         Route::middleware(RequireAdminChanges::class)->post('addresses/save-field-layout', [AddressesController::class, 'saveFieldLayout']);

routes/cp.php

@@ -36,7 +36,7 @@
 /**
  * Admin requests that require a login
  */
-Route::middleware('auth')->group(function () {
+Route::middleware('auth:craft')->group(function () {
     Route::get('dashboard', DashboardController::class);
 
     Route::get('utilities', [UtilitiesController::class, 'index']);

src/Config/ConstAdapter.php

@@ -5,6 +5,7 @@
 namespace CraftCms\Cms\Config;
 
 use Dotenv\Repository\Adapter\AdapterInterface;
+use Override;
 use PhpOption\Option;
 use PhpOption\Some;
 
@@ -22,8 +23,8 @@ private function __construct() {}
      *
      * @return Option<AdapterInterface>
      */
-    #[\Override]
-    public static function create()
+    #[Override]
+    public static function create(): Option
     {
         /** @var Option<AdapterInterface> */
         return Some::create(new self);
@@ -35,8 +36,8 @@ public static function create()
      * @param  non-empty-string  $name
      * @return Option<string>
      */
-    #[\Override]
-    public function read(string $name)
+    #[Override]
+    public function read(string $name): Option
     {
         return Option::fromValue(defined($name) ? constant($name) : null);
     }
@@ -45,10 +46,9 @@ public function read(string $name)
      * Write to an environment variable, if possible.
      *
      * @param  non-empty-string  $name
-     * @return bool
      */
-    #[\Override]
-    public function write(string $name, string $value)
+    #[Override]
+    public function write(string $name, string $value): bool
     {
         define($name, $value);
 
@@ -59,10 +59,9 @@ public function write(string $name, string $value)
      * Delete an environment variable, if possible.
      *
      * @param  non-empty-string  $name
-     * @return bool
      */
-    #[\Override]
-    public function delete(string $name)
+    #[Override]
+    public function delete(string $name): bool
     {
         return false;
     }

src/Dashboard/Dashboard.php

@@ -296,7 +296,7 @@ public function changeWidgetColspan(int $widgetId, int $colspan): bool
      */
     private function addDefaultUserWidgets(): void
     {
-        /** @var User $user */
+        /** @var ?\craft\elements\User $user */
         $user = Auth::user();
 
         // Recent Entries widget
@@ -321,9 +321,11 @@ private function addDefaultUserWidgets(): void
             ],
         ]));
 
-        $user->update([
+        User::where('id', $user->id)->update([
             'hasDashboard' => true,
         ]);
+
+        $user->hasDashboard = true;
     }
 
     private function getUserWidgetModelById(?int $widgetId = null): Models\Widget

src/Database/Migrations/0000_00_00_000001_add_remember_token_to_users.php

@@ -11,17 +11,17 @@
 {
     public function up(): void
     {
-        if (Schema::hasColumn(Table::USERS, 'remember_token')) {
+        if (Schema::hasColumn(Table::USERS, 'rememberToken')) {
             return;
         }
 
         Schema::table(Table::USERS, function (Blueprint $table) {
-            $table->rememberToken();
+            $table->string('rememberToken', 100)->nullable();
         });
     }
 
     public function down(): void
     {
-        Schema::dropColumns(Table::USERS, 'remember_token');
+        Schema::dropColumns(Table::USERS, 'rememberToken');
     }
 };

src/Database/Migrations/Install.php

@@ -33,6 +33,7 @@
 use CraftCms\Cms\Support\Facades\Sites;
 use CraftCms\Cms\Support\Str;
 use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Event;
 use Illuminate\Support\Facades\Schema;
@@ -74,6 +75,7 @@ public function up(): void
                 $this->insertDefaultData();
             } catch (Throwable $e) {
                 $this->components->error("Error inserting default data: {$e->getMessage()}");
+                $this->getOutput()->info($e->getTraceAsString());
             }
         });
 
@@ -774,7 +776,7 @@ public function createTables(): void
             $table->string('unverifiedEmail')->nullable();
             $table->boolean('passwordResetRequired')->default(false);
             $table->dateTime('lastPasswordChangeDate')->nullable();
-            $table->rememberToken();
+            $table->string('rememberToken', 100)->nullable();
             $table->dateTime('dateCreated');
             $table->dateTime('dateUpdated');
 
@@ -1130,8 +1132,8 @@ public function insertDefaultData(): void
                 'language' => $this->site->getLanguage(),
             ]);
 
-            if (! Craft::$app->getRequest()->getIsConsoleRequest()) {
-                Craft::$app->getUser()->login($user, Cms::config()->userSessionDuration);
+            if (! app()->runningInConsole()) {
+                Auth::guard('craft')->loginUsingId($user->id);
             }
         });
     }

src/Database/Queries/Concerns/QueriesDraftsAndRevisions.php

@@ -8,7 +8,7 @@
 use CraftCms\Cms\Database\Queries\ElementQuery;
 use CraftCms\Cms\Database\Table;
 use CraftCms\Cms\Support\Arr;
-use CraftCms\Cms\User\Models\User;
+use CraftCms\Cms\User\Elements\User;
 use Illuminate\Database\Query\Builder;
 use Illuminate\Support\Collection;
 use InvalidArgumentException;

src/Database/Queries/UserQuery.php

@@ -59,6 +59,7 @@ public function __construct(array $config = [])
             'users.affiliatedSiteId as affiliatedSiteId',
             'users.active as active',
             'users.fullName as fullName',
+            'users.rememberToken as rememberToken',
         ]);
     }
 

src/Edition.php

@@ -7,6 +7,7 @@
 use CraftCms\Cms\Edition\Events\EditionChanged;
 use CraftCms\Cms\Edition\Exceptions\WrongEditionException;
 use CraftCms\Cms\License\License;
+use CraftCms\Cms\Shared\Models\Info;
 use CraftCms\Cms\Support\Env;
 use CraftCms\Cms\Support\Facades\ProjectConfig;
 use Illuminate\Support\Facades\Auth;
@@ -125,7 +126,7 @@ public static function canTest(): bool
 
     public static function canUpgrade(): bool
     {
-        if (! Auth::getUser()?->isAdmin()) {
+        if (! Auth::user()?->isAdmin()) {
             return false;
         }
 
@@ -146,7 +147,7 @@ public static function require(Edition|int $edition, bool $orBetter = true): voi
             $edition = self::from($edition);
         }
 
-        if (! \Craft::$app->getIsInstalled()) {
+        if (! Info::isInstalled()) {
             return;
         }
 

src/Element/Concerns/Draftable.php

@@ -4,10 +4,10 @@
 
 namespace CraftCms\Cms\Element\Concerns;
 
+use Craft;
 use craft\elements\User as UserElement;
 use CraftCms\Cms\Database\Table;
 use CraftCms\Cms\Element\Events\AuthorizeCreateDrafts;
-use CraftCms\Cms\User\Models\User;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Event;
 
@@ -127,7 +127,7 @@ public function handleDraftDelete(): void
     /**
      * {@inheritdoc}
      */
-    public function canCreateDrafts(User $user): bool
+    public function canCreateDrafts(UserElement $user): bool
     {
         if (Event::hasListeners(AuthorizeCreateDrafts::class)) {
             Event::dispatch($event = new AuthorizeCreateDrafts($this, $user));
@@ -144,7 +144,7 @@ public function canCreateDrafts(User $user): bool
     public function canDuplicateAsDraft(UserElement $user): bool
     {
         // if anything, this will be more lenient than canDuplicate()
-        return \Craft::$app->getElements()->canDuplicate($this, $user);
+        return Craft::$app->getElements()->canDuplicate($this, $user);
     }
 
     /**