[4.x] Make impersonation tokens require stateful guards (#935)

* Throw an exception on attempt to create impersonation token with a non-stateful guard * Test that impersonation tokens can only be created with a stateful guard * Fix code style (php-cs-fixer) * Escape backslashes in the exception's message Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com> * Make the exception only about requiring a stateful guard Co-authored-by: PHP CS Fixer <phpcsfixer@example.com> Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>
2025-12-12 17:44:04 +00:00 · 2022-09-02 17:46:27 +02:00 · 2022-09-02 17:46:27 +02:00 · 3bf2c39e1a
commit 3bf2c39e1a
parent f83504ac6f
3 changed files with 77 additions and 11 deletions
--- a/src/Database/Models/ImpersonationToken.php
+++ b/src/Database/Models/ImpersonationToken.php
@ -5,9 +5,12 @@ declare(strict_types=1);
 namespace Stancl\Tenancy\Database\Models;

 use Carbon\Carbon;
+use Illuminate\Contracts\Auth\StatefulGuard;
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Str;
 use Stancl\Tenancy\Database\Concerns\CentralConnection;
+use Stancl\Tenancy\Exceptions\StatefulGuardRequiredException;

 /**
 * @property string $token
@ -38,9 +41,15 @@ class ImpersonationToken extends Model
    public static function booted(): void
    {
        static::creating(function ($model) {
+            $authGuard = $model->auth_guard ?? config('auth.defaults.guard');
+
+            if (! Auth::guard($authGuard) instanceof StatefulGuard) {
+                throw new StatefulGuardRequiredException($authGuard);
+            }
+
            $model->created_at = $model->created_at ?? $model->freshTimestamp();
            $model->token = $model->token ?? Str::random(128);
-            $model->auth_guard = $model->auth_guard ?? config('auth.defaults.guard');
+            $model->auth_guard = $authGuard;
        });
    }
 }