<?php

namespace Laravel\Passport\Http\Controllers;

use Exception;
use Illuminate\Http\Request;
use Laravel\Passport\Bridge\User;
use Laravel\Passport\Exceptions\InvalidAuthTokenException;

trait RetrievesAuthRequestFromSession
{
    /**
     * Make sure the auth token matches the one in the session.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return void
     *
     * @throws \Laravel\Passport\Exceptions\InvalidAuthTokenException
     */
    protected function assertValidAuthToken(Request $request)
    {
        if ($request->has('auth_token') && $request->session()->get('authToken') !== $request->get('auth_token')) {
            $request->session()->forget(['authToken', 'authRequest']);

            throw InvalidAuthTokenException::different();
        }
    }

    /**
     * Get the authorization request from the session.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \League\OAuth2\Server\RequestTypes\AuthorizationRequest
     *
     * @throws \Exception
     */
    protected function getAuthRequestFromSession(Request $request)
    {
        return tap($request->session()->get('authRequest'), function ($authRequest) use ($request) {
            if (! $authRequest) {
                throw new Exception('Authorization request was not present in the session.');
            }

            $authRequest->setUser(new User($request->user()->getAuthIdentifier()));
        });
    }
}

• [F] AccessTokenController.php
  Delete
• [F] ApproveAuthorizationController.php
  Delete
• [F] AuthorizationController.php
  Delete
• [F] AuthorizedAccessTokenController.php
  Delete
• [F] ClientController.php
  Delete
• [F] ConvertsPsrResponses.php
  Delete
• [F] DenyAuthorizationController.php
  Delete
• [F] HandlesOAuthErrors.php
  Delete
• [F] PersonalAccessTokenController.php
  Delete
• [F] RetrievesAuthRequestFromSession.php
  Delete
• [F] ScopeController.php
  Delete
• [F] TransientTokenController.php
  Delete

Developer

• Support

Back to Home page