Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x] Modify UserRepository to check for 'findAndValidateForPassport' method #1144

Merged
merged 1 commit into from
Dec 27, 2019
Merged

[8.x] Modify UserRepository to check for 'findAndValidateForPassport' method #1144

merged 1 commit into from
Dec 27, 2019

Conversation

gdebrauwer
Copy link
Contributor 

/**
 * Find the user instance for the given username and validate its password.
 *
 * @param string $username
 * @param string $password
 *
 * @return null|\App\User
 */
public function findAndValidateForPassport($username, $password)
{
    $user = $this->where('username', $username)->first();

    if (! $user) {
        return;
    }

    return Hash::check($password, $user->password);
}

This PR updates the UserRepository to check if the findAndValidateForPassport method exists on the User model. It allows you to combine the existing findForPassport and validateForPassportPasswordGrant methods.

Why would you want to use this findAndValidateForPassport method on your User model?

Passport assumes the user with the username always already exists and always uses a traditional password to authenticate. That is not the case in certain applications. For example, if a user authenticates with his phone number and a verification code is received via SMS. You don't want to create that user unless he authenticates with his phone number and the correct verification code. By adding the findAndValidateForPassport method, you allow a lot more flexibility in the way you can customize Passport.

An example of how you could use this method:

/**
 * Find the user instance for the given username and validate its password.
 *
 * @param string $username
 * @param string $password
 *
 * @return null|\App\User
 */
public function findAndValidateForPassport($username, $password)
{
    $verificationCode = VerificationCode::where('phone', $username)->first();

    if (! $verificationCode || ! Hash::check($password, $verificationCode->code)) {
        return;
    }

    return static::firstOrCreate(['phone' => $username]);
}

If this PR gets accepted, I will create a PR to update the docs.

@taylorotwell
Copy link
Member

So this is currently impossible with the two existing methods (find and validate)?

@gdebrauwer
Copy link
Contributor Author

No, because it requires you to already create a user in the findForPassport method in order to check the 'password' in the validateForPassportPasswordGrant method.
With the findAndValidateForPassport method you can delay the user creation until you are sure the provided credentials are correct.

@taylorotwell taylorotwell merged commit 5555ba2 into laravel:8.x Dec 27, 2019
@gdebrauwer gdebrauwer mentioned this pull request Dec 31, 2019
Closed
@msonowal
Copy link
Contributor

msonowal commented Jan 2, 2020

@gdebrauwer
Nice PR I am already doing same in one of the apps with some added customisation on one of my private projects

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gdebrauwer @taylorotwell @msonowal