[11.x] Allow authenticated client to be retrieved from the guard (#1508)

* Allow authenticated client to be retrieved from the guard

* Make token guard macroable

* Use previously resolved client when available

* Add tests ensuring client and user are only pulled from the database once

Author: axlon

src/Guards/TokenGuard.php

@@ -4,12 +4,15 @@
 
 use Exception;
 use Firebase\JWT\JWT;
+use Illuminate\Auth\GuardHelpers;
 use Illuminate\Container\Container;
+use Illuminate\Contracts\Auth\Guard;
 use Illuminate\Contracts\Debug\ExceptionHandler;
 use Illuminate\Contracts\Encryption\Encrypter;
 use Illuminate\Cookie\CookieValuePrefix;
 use Illuminate\Cookie\Middleware\EncryptCookies;
 use Illuminate\Http\Request;
+use Illuminate\Support\Traits\Macroable;
 use Laravel\Passport\ClientRepository;
 use Laravel\Passport\Passport;
 use Laravel\Passport\PassportUserProvider;
@@ -20,8 +23,10 @@
 use Nyholm\Psr7\Factory\Psr17Factory;
 use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;
 
-class TokenGuard
+class TokenGuard implements Guard
 {
+    use GuardHelpers, Macroable;
+
     /**
      * The resource server instance.
      *
@@ -57,6 +62,20 @@ class TokenGuard
      */
     protected $encrypter;
 
+    /**
+     * The request instance.
+     *
+     * @var \Illuminate\Http\Request
+     */
+    protected $request;
+
+    /**
+     * The currently authenticated client.
+     *
+     * @var \Laravel\Passport\Client|null
+     */
+    protected $client;
+
     /**
      * Create a new token guard instance.
      *
@@ -65,56 +84,83 @@ class TokenGuard
      * @param  \Laravel\Passport\TokenRepository  $tokens
      * @param  \Laravel\Passport\ClientRepository  $clients
      * @param  \Illuminate\Contracts\Encryption\Encrypter  $encrypter
+     * @param  \Illuminate\Http\Request  $request
      * @return void
      */
     public function __construct(
         ResourceServer $server,
         PassportUserProvider $provider,
         TokenRepository $tokens,
         ClientRepository $clients,
-        Encrypter $encrypter
+        Encrypter $encrypter,
+        Request $request
     ) {
         $this->server = $server;
         $this->tokens = $tokens;
         $this->clients = $clients;
         $this->provider = $provider;
         $this->encrypter = $encrypter;
+        $this->request = $request;
     }
 
     /**
      * Get the user for the incoming request.
      *
-     * @param  \Illuminate\Http\Request  $request
      * @return mixed
      */
-    public function user(Request $request)
+    public function user()
     {
-        if ($request->bearerToken()) {
-            return $this->authenticateViaBearerToken($request);
-        } elseif ($request->cookie(Passport::cookie())) {
-            return $this->authenticateViaCookie($request);
+        if (! is_null($this->user)) {
+            return $this->user;
+        }
+
+        if ($this->request->bearerToken()) {
+            return $this->user = $this->authenticateViaBearerToken($this->request);
+        } elseif ($this->request->cookie(Passport::cookie())) {
+            return $this->user = $this->authenticateViaCookie($this->request);
         }
     }
 
+    /**
+     * Validate a user's credentials.
+     *
+     * @param  array  $credentials
+     * @return bool
+     */
+    public function validate(array $credentials = [])
+    {
+        return ! is_null((new static(
+            $this->server,
+            $this->provider,
+            $this->tokens,
+            $this->clients,
+            $this->encrypter,
+            $credentials['request'],
+        ))->user());
+    }
+
     /**
      * Get the client for the incoming request.
      *
-     * @param  \Illuminate\Http\Request  $request
      * @return mixed
      */
-    public function client(Request $request)
+    public function client()
     {
-        if ($request->bearerToken()) {
-            if (! $psr = $this->getPsrRequestViaBearerToken($request)) {
+        if (! is_null($this->client)) {
+            return $this->client;
+        }
+
+        if ($this->request->bearerToken()) {
+            if (! $psr = $this->getPsrRequestViaBearerToken($this->request)) {
                 return;
             }
 
-            return $this->clients->findActive(
+            return $this->client = $this->clients->findActive(
                 $psr->getAttribute('oauth_client_id')
             );
-        } elseif ($request->cookie(Passport::cookie())) {
-            if ($token = $this->getTokenViaCookie($request)) {
-                return $this->clients->findActive($token['aud']);
+        } elseif ($this->request->cookie(Passport::cookie())) {
+            if ($token = $this->getTokenViaCookie($this->request)) {
+                return $this->client = $this->clients->findActive($token['aud']);
             }
         }
     }
@@ -285,6 +331,19 @@ protected function getTokenFromRequest($request)
         return $token;
     }
 
+    /**
+     * Set the current request instance.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return $this
+     */
+    public function setRequest(Request $request)
+    {
+        $this->request = $request;
+
+        return $this;
+    }
+
     /**
      * Determine if the cookie contents should be serialized.
      *

src/PassportServiceProvider.php

@@ -4,7 +4,6 @@
 
 use DateInterval;
 use Illuminate\Auth\Events\Logout;
-use Illuminate\Auth\RequestGuard;
 use Illuminate\Config\Repository as Config;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Cookie;
@@ -341,19 +340,18 @@ protected function registerGuard()
      * Make an instance of the token guard.
      *
      * @param  array  $config
-     * @return \Illuminate\Auth\RequestGuard
+     * @return \Laravel\Passport\Guards\TokenGuard
      */
     protected function makeGuard(array $config)
     {
-        return new RequestGuard(function ($request) use ($config) {
-            return (new TokenGuard(
-                $this->app->make(ResourceServer::class),
-                new PassportUserProvider(Auth::createUserProvider($config['provider']), $config['provider']),
-                $this->app->make(TokenRepository::class),
-                $this->app->make(ClientRepository::class),
-                $this->app->make('encrypter')
-            ))->user($request);
-        }, $this->app['request']);
+        return new TokenGuard(
+            $this->app->make(ResourceServer::class),
+            new PassportUserProvider(Auth::createUserProvider($config['provider']), $config['provider']),
+            $this->app->make(TokenRepository::class),
+            $this->app->make(ClientRepository::class),
+            $this->app->make('encrypter'),
+            $this->app->make('request')
+        );
     }
 
     /**