TokenGuard.php 3.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136
  1. <?php
  2. namespace Illuminate\Auth;
  3. use Illuminate\Http\Request;
  4. use Illuminate\Contracts\Auth\Guard;
  5. use Illuminate\Contracts\Auth\UserProvider;
  6. class TokenGuard implements Guard
  7. {
  8. use GuardHelpers;
  9. /**
  10. * The request instance.
  11. *
  12. * @var \Illuminate\Http\Request
  13. */
  14. protected $request;
  15. /**
  16. * The name of the query string item from the request containing the API token.
  17. *
  18. * @var string
  19. */
  20. protected $inputKey;
  21. /**
  22. * The name of the token "column" in persistent storage.
  23. *
  24. * @var string
  25. */
  26. protected $storageKey;
  27. /**
  28. * Create a new authentication guard.
  29. *
  30. * @param \Illuminate\Contracts\Auth\UserProvider $provider
  31. * @param \Illuminate\Http\Request $request
  32. * @param string $inputKey
  33. * @param string $storageKey
  34. * @return void
  35. */
  36. public function __construct(UserProvider $provider, Request $request, $inputKey = 'api_token', $storageKey = 'api_token')
  37. {
  38. $this->request = $request;
  39. $this->provider = $provider;
  40. $this->inputKey = $inputKey;
  41. $this->storageKey = $storageKey;
  42. }
  43. /**
  44. * Get the currently authenticated user.
  45. *
  46. * @return \Illuminate\Contracts\Auth\Authenticatable|null
  47. */
  48. public function user()
  49. {
  50. // If we've already retrieved the user for the current request we can just
  51. // return it back immediately. We do not want to fetch the user data on
  52. // every call to this method because that would be tremendously slow.
  53. if (! is_null($this->user)) {
  54. return $this->user;
  55. }
  56. $user = null;
  57. $token = $this->getTokenForRequest();
  58. if (! empty($token)) {
  59. $user = $this->provider->retrieveByCredentials(
  60. [$this->storageKey => $token]
  61. );
  62. }
  63. return $this->user = $user;
  64. }
  65. /**
  66. * Get the token for the current request.
  67. *
  68. * @return string
  69. */
  70. public function getTokenForRequest()
  71. {
  72. $token = $this->request->query($this->inputKey);
  73. if (empty($token)) {
  74. $token = $this->request->input($this->inputKey);
  75. }
  76. if (empty($token)) {
  77. $token = $this->request->bearerToken();
  78. }
  79. if (empty($token)) {
  80. $token = $this->request->getPassword();
  81. }
  82. return $token;
  83. }
  84. /**
  85. * Validate a user's credentials.
  86. *
  87. * @param array $credentials
  88. * @return bool
  89. */
  90. public function validate(array $credentials = [])
  91. {
  92. if (empty($credentials[$this->inputKey])) {
  93. return false;
  94. }
  95. $credentials = [$this->storageKey => $credentials[$this->inputKey]];
  96. if ($this->provider->retrieveByCredentials($credentials)) {
  97. return true;
  98. }
  99. return false;
  100. }
  101. /**
  102. * Set the current request instance.
  103. *
  104. * @param \Illuminate\Http\Request $request
  105. * @return $this
  106. */
  107. public function setRequest(Request $request)
  108. {
  109. $this->request = $request;
  110. return $this;
  111. }
  112. }