Skip to content

Commit ed6f6c1

Browse files
axlontaylorotwell
andauthored
[11.x] Fix scope inheritance when using Passport::actingAs() (#1551)
* Fix scope inheritance when using Passport::actingAs() * Update Passport.php Co-authored-by: Taylor Otwell <[email protected]>
1 parent 42677aa commit ed6f6c1

File tree

2 files changed

+37
-4
lines changed

2 files changed

+37
-4
lines changed

src/Passport.php

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -364,11 +364,9 @@ public static function ignoreCsrfToken($ignoreCsrfToken = true)
364364
*/
365365
public static function actingAs($user, $scopes = [], $guard = 'api')
366366
{
367-
$token = Mockery::mock(self::tokenModel())->shouldIgnoreMissing(false);
367+
$token = app(self::tokenModel());
368368

369-
foreach ($scopes as $scope) {
370-
$token->shouldReceive('can')->with($scope)->andReturn(true);
371-
}
369+
$token->scopes = $scopes;
372370

373371
$user->withAccessToken($token);
374372

tests/Feature/ActingAsTest.php

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
use Illuminate\Contracts\Routing\Registrar;
66
use Illuminate\Foundation\Auth\User;
7+
use Illuminate\Support\Facades\Route;
78
use Laravel\Passport\HasApiTokens;
89
use Laravel\Passport\Http\Middleware\CheckForAnyScope;
910
use Laravel\Passport\Http\Middleware\CheckScopes;
@@ -64,6 +65,40 @@ public function testActingAsWhenTheRouteIsProtectedByCheckForAnyScopeMiddleware(
6465
$response->assertSuccessful();
6566
$response->assertSee('bar');
6667
}
68+
69+
public function testActingAsWhenTheRouteIsProtectedByCheckScopesMiddlewareWithInheritance()
70+
{
71+
Passport::$withInheritedScopes = true;
72+
73+
$this->withoutExceptionHandling();
74+
75+
Route::middleware(CheckScopes::class.':foo:bar,baz:qux')->get('/foo', function () {
76+
return 'bar';
77+
});
78+
79+
Passport::actingAs(new PassportUser(), ['foo', 'baz']);
80+
81+
$response = $this->get('/foo');
82+
$response->assertSuccessful();
83+
$response->assertSee('bar');
84+
}
85+
86+
public function testActingAsWhenTheRouteIsProtectedByCheckForAnyScopeMiddlewareWithInheritance()
87+
{
88+
Passport::$withInheritedScopes = true;
89+
90+
$this->withoutExceptionHandling();
91+
92+
Route::middleware(CheckForAnyScope::class.':foo:baz,baz:qux')->get('/foo', function () {
93+
return 'bar';
94+
});
95+
96+
Passport::actingAs(new PassportUser(), ['foo']);
97+
98+
$response = $this->get('/foo');
99+
$response->assertSuccessful();
100+
$response->assertSee('bar');
101+
}
67102
}
68103

69104
class PassportUser extends User

0 commit comments

Comments
 (0)