Geek Answers Handbook

Laravel Passport User Check

Is there anyway to add or pass 1 more variable for findForPassport?

As the default password for the laravel passport, I can only pass 2 variables (username, password), but I want to pass 1 more variable and check in findForPassport if this user belongs to another table or not.

+2
laravel laravel-passport
source share
3 answers

I hope this answer can help others.
If you want to add a variable and pass this variable to the findPassport function in the User Authenticate model, you need to update 3 classes in the passport:
- UserRepositoryInterface in vendor \ league \ oauth2-server \ src \ Repositories \ UserRepositoryInterface
- PasswordGrant in vendor \ league \ oauth2-server \ src \ Grant \ PasswordGrant
- UserRepository in the vendor \ laravel \ passport \ src \ Bridge \ UserRepository

in the code example, I will add a parent variable, and the code will look like this

+ in class UserRepositoryInterface

interface UserRepositoryInterface extends RepositoryInterface { /** * Get a user entity. * * @param string $username * @param string $password * @param string $grantType The grant type used * @param ClientEntityInterface $clientEntity * * @return UserEntityInterface */ public function getUserEntityByUserCredentials( $username, $password, $parent, <------variable example $grantType, ClientEntityInterface $clientEntity ); }

+ in class PasswordGrant

 class PasswordGrant extends AbstractGrant{ protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client) { $username = $this->getRequestParameter('username', $request); if (is_null($username)) { throw OAuthServerException::invalidRequest('username'); } $password = $this->getRequestParameter('password', $request); if (is_null($password)) { throw OAuthServerException::invalidRequest('password'); } /** * Get a user parent. * varaible example */ $parent = $this->getRequestParameter('parent', $request); if (is_null($parent)) { throw OAuthServerException::invalidRequest('password'); } $user = $this->userRepository->getUserEntityByUserCredentials( $username, $password, $parent, <--- variable example get from request $this->getIdentifier(), $client ); if ($user instanceof UserEntityInterface === false) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidCredentials(); } return $user; } }

+ in class UserRepository

 class UserRepository implements UserRepositoryInterface { public function getUserEntityByUserCredentials($username, $password, $parent, $grantType, ClientEntityInterface $clientEntity) /*add 1more parameter that implement from UserRepositoryInterface*/ { $provider = config('auth.guards.api.provider'); if (is_null($model = config('auth.providers.'.$provider.'.model'))) { throw new RuntimeException('Unable to determine authentication model from configuration.'); } if (method_exists($model, 'findForPassport')) { $user = (new $model)->findForPassport($username,$parent); <--- finally we pass parent variable to findForPassport here } else { $user = (new $model)->where('email', $username)->first(); } if (! $user) { return; } elseif (method_exists($user, 'validateForPassportPasswordGrant')) { if (! $user->validateForPassportPasswordGrant($password)) { return; } } elseif (! $this->hasher->check($password, $user->getAuthPassword())) { return; } return new User($user->getAuthIdentifier()); } }

then u can get the $ parent value from the parameter in findForPassport. but make sure you return the value as an eloquent user. If you want to join the table, you can see my sample code below

 class User extends Authenticatable{ .......... public function findForPassport($identifier,$parent) { $a = $this ->Join('role as r', 'r.user_id', '=', 'users.id') ->get(); return $a->where('name', $identifier)->where('role_id',$parent)->first(); } }
+1
source share

Worked like a charm, thank you very much, you saved me hours of work.

0
source share

From the link to passport No. 81 indicated by @Arun in OP :

There may be a better way now to do this, but I expanded PassportServiceProvider and copied the registerAuthorizationServer function so that I can register my own provisioning type.

Change the provider in config \ app.php with the new one:

 'providers' => [ //Laravel\Passport\PassportServiceProvider::class, App\Providers\PassportClientCredentialsServiceProvider::class,

Updated registerAuthorizationServer function, including a new provision option:

 protected function registerAuthorizationServer() { parent::registerAuthorizationServer(); $this->app->singleton(AuthorizationServer::class, function () { return tap($this->makeAuthorizationServer(), function ($server) { /** * @var $server AuthorizationServer */ $server->enableGrantType( new ClientCredentialsGrant(), Passport::tokensExpireIn() ); /** custom grant type */ $server->enableGrantType( new PasswordOverrideGrant( $this->app->make(UserRepository::class), $this->app->make(RefreshTokenRepository::class) ), Passport::tokensExpireIn() ); $server->enableGrantType( $this->makeAuthCodeGrant(), Passport::tokensExpireIn() ); $server->enableGrantType( $this->makeRefreshTokenGrant(), Passport::tokensExpireIn() ); $server->enableGrantType( $this->makePasswordGrant(), Passport::tokensExpireIn() ); $server->enableGrantType( new PersonalAccessGrant(), new \DateInterval('P1Y') ); }); }); }

PasswordOverrideGrant looks like this:

 <?php namespace App\Auth; use App\User; use League\OAuth2\Server\Entities\ClientEntityInterface; use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\PasswordGrant; use League\OAuth2\Server\RequestEvent; use Psr\Http\Message\ServerRequestInterface; class PasswordOverrideGrant extends PasswordGrant { protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client) { $username = $this->getRequestParameter('username', $request); if (is_null($username)) { throw OAuthServerException::invalidRequest('username'); } $custom_hash_token = $this->getRequestParameter('hash_token', $request); if (is_null($custom_hash_token)) { throw OAuthServerException::invalidRequest('identifier'); } $credentials = [ 'username' => $username, 'hash_token' => $custom_hash_token, ]; $user = User::where($credentials)->first(); if ($user instanceof User === false) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request)); throw OAuthServerException::invalidCredentials(); } return $user; } public function getIdentifier() { return 'password_override'; } }
0
source share

More articles:


All Articles