From 8c73e5759f75773a8d43e6f4519b3bc39abdb515 Mon Sep 17 00:00:00 2001
From: lukinovec <lukinovec@gmail.com>
Date: Thu, 1 Sep 2022 16:15:26 +0200
Subject: [PATCH] Throw an exception on attempt to create impersonation token
 with a non-stateful guard

---
 src/Database/Models/ImpersonationToken.php        | 13 +++++++++++--
 ...TokenCouldNotBeCreatedWithNonStatefulGuard.php | 15 +++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100644 src/Exceptions/ImpersonationTokenCouldNotBeCreatedWithNonStatefulGuard.php

diff --git a/src/Database/Models/ImpersonationToken.php b/src/Database/Models/ImpersonationToken.php
index d73b436b..23f6b563 100644
--- a/src/Database/Models/ImpersonationToken.php
+++ b/src/Database/Models/ImpersonationToken.php
@@ -5,9 +5,12 @@ declare(strict_types=1);
 namespace Stancl\Tenancy\Database\Models;
 
 use Carbon\Carbon;
-use Illuminate\Database\Eloquent\Model;
 use Illuminate\Support\Str;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Contracts\Auth\StatefulGuard;
 use Stancl\Tenancy\Database\Concerns\CentralConnection;
+use Stancl\Tenancy\Exceptions\ImpersonationTokenCouldNotBeCreatedWithNonStatefulGuard;
 
 /**
  * @param string $token
@@ -38,9 +41,15 @@ class ImpersonationToken extends Model
     public static function booted()
     {
         static::creating(function ($model) {
+            $authGuard = $model->auth_guard ?? config('auth.defaults.guard');
+
+            if (! Auth::guard($authGuard) instanceof StatefulGuard) {
+                throw new ImpersonationTokenCouldNotBeCreatedWithNonStatefulGuard($authGuard);
+            }
+
             $model->created_at = $model->created_at ?? $model->freshTimestamp();
             $model->token = $model->token ?? Str::random(128);
-            $model->auth_guard = $model->auth_guard ?? config('auth.defaults.guard');
+            $model->auth_guard = $authGuard;
         });
     }
 }
diff --git a/src/Exceptions/ImpersonationTokenCouldNotBeCreatedWithNonStatefulGuard.php b/src/Exceptions/ImpersonationTokenCouldNotBeCreatedWithNonStatefulGuard.php
new file mode 100644
index 00000000..f611a080
--- /dev/null
+++ b/src/Exceptions/ImpersonationTokenCouldNotBeCreatedWithNonStatefulGuard.php
@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Stancl\Tenancy\Exceptions;
+
+use Exception;
+
+class ImpersonationTokenCouldNotBeCreatedWithNonStatefulGuard extends Exception
+{
+    public function __construct(string $guardName)
+    {
+        parent::__construct("Cannot use a non-stateful auth guard ('$guardName') with user impersonation. Use a guard implementing the Illuminate\Contracts\Auth\StatefulGuard interface.");
+    }
+}