Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[5.3] Update TokenGuard.php to look for key in query string items only. #14985

Merged
merged 2 commits into from
Aug 24, 2016
Merged

[5.3] Update TokenGuard.php to look for key in query string items only. #14985

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d12decf
Update TokenGuard.php to look for key in query string items only.
malhal Aug 24, 2016
5c99bb6
Update TokenGuard.php
malhal Aug 24, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions src/Illuminate/Auth/TokenGuard.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@ class TokenGuard implements Guard
protected $request;

/**
* The name of the field on the request containing the API token.
* The name of the query string item from the request containing the API token.
*
* @var string
*/
protected $inputKey;
protected $queryKey;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this could potentially be breaking BC, if one extending Illuminate\Auth\TokenGuard and changing the $inputKey.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks I updated the description to mention that potential issue.

Copy link
Member

@crynobone crynobone Aug 24, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, you need to stick with the old variable name or send this pull request to master branch (for Laravel 5.4), breaking BC is only permitted on major release.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for letting me know that information. I added a commit reverting back to the old variable name. So now all thats changed is the request->query access and the variable's comment.


/**
* The name of the token "column" in persistent storage.
Expand All @@ -42,7 +42,7 @@ public function __construct(UserProvider $provider, Request $request)
{
$this->request = $request;
$this->provider = $provider;
$this->inputKey = 'api_token';
$this->queryKey = 'api_token';
$this->storageKey = 'api_token';
}

Expand Down Expand Up @@ -80,7 +80,7 @@ public function user()
*/
public function getTokenForRequest()
{
$token = $this->request->input($this->inputKey);
$token = $this->request->query($this->queryKey);

if (empty($token)) {
$token = $this->request->bearerToken();
Expand All @@ -101,11 +101,11 @@ public function getTokenForRequest()
*/
public function validate(array $credentials = [])
{
if (empty($credentials[$this->inputKey])) {
if (empty($credentials[$this->queryKey])) {
return false;
}

$credentials = [$this->storageKey => $credentials[$this->inputKey]];
$credentials = [$this->storageKey => $credentials[$this->queryKey]];

if ($this->provider->retrieveByCredentials($credentials)) {
return true;
Expand Down