Merge pull request #5 from lbausch/develop

Version 0.3.0

.editorconfig

@@ -0,0 +1,8 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

.github/workflows/tests.yml

@@ -22,7 +22,7 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        php: [7.3, 7.4]
+        php: ['7.3', '7.4', '8.0', '8.1']
         stability: [prefer-lowest, prefer-stable]
 
     name: PHP ${{ matrix.php }} - ${{ matrix.stability }}
@@ -54,6 +54,7 @@ jobs:
           DB_USERNAME: root
 
       - name: Upload coverage to Codecov
+        if: ${{ github.ref == 'refs/heads/master' && matrix.php == '8.0' && matrix.stability == 'prefer-stable' }}
         uses: codecov/codecov-action@v1
         with:
           file: ./coverage.xml

.php_cs.dist → .php-cs-fixer.dist.php

@@ -7,7 +7,7 @@
     ->in(__DIR__)
 ;
 
-return PhpCsFixer\Config::create()
+return (new PhpCsFixer\Config())
     ->setRules([
         '@Symfony' => true,
     ])

CHANGELOG.md

@@ -0,0 +1,3 @@
+# Changelog
+
+Please see [Releases](https://github.com/lbausch/flarum-laravel-session/releases).

README.md

@@ -141,7 +141,7 @@ class AppServiceProvider extends ServiceProvider
 }
 ```
 
-If you need to use a different user model than `App\Models\User`, you may call `FlarumLaravelSession::useUserModel(YourUser::class);` in your service provider.
+If you need to use a different user model than `App\Models\User`, you may call `FlarumLaravelSession::useUserModel(YourUser::class)` in your service provider.
 
 ## Accessing Flarum Session Cookie From Different Domain
 If Flarum is running on domain.tld and Laravel on sub.domain.tld you need to configure Flarum (`config.php`), so the session cookie can be accessed on the subdomain:

composer.json

@@ -22,12 +22,12 @@
         }
     ],
     "require": {
-        "php": "^7.3",
-        "illuminate/auth": "^8.0",
-        "illuminate/filesystem": "^8.0",
-        "illuminate/http": "^8.0",
-        "illuminate/session": "^8.0",
-        "illuminate/support": "^8.0"
+        "php": "^7.3|^8.0",
+        "illuminate/auth": "^8.65",
+        "illuminate/filesystem": "^8.65",
+        "illuminate/http": "^8.65",
+        "illuminate/session": "^8.65",
+        "illuminate/support": "^8.65"
     },
     "require-dev": {
         "orchestra/testbench": "^6.0",

phpunit.xml.dist

@@ -1,21 +1,21 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:noNamespaceSchemaLocation="./vendor/phpunit/phpunit/phpunit.xsd"
-         bootstrap="vendor/autoload.php"
-         colors="true"
-         testdox="true"
+    xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd"
+    bootstrap="vendor/autoload.php"
+    colors="true"
+    testdox="true"
 >
-    <testsuites>
-        <testsuite name="Flarum Laravel Session Test Suite">
-            <directory suffix="Test.php">./tests</directory>
-        </testsuite>
-    </testsuites>
-    <filter>
-        <whitelist processUncoveredFilesFromWhitelist="true">
-            <directory suffix=".php">./src</directory>
-        </whitelist>
-    </filter>
-    <php>
-        <env name="DB_CONNECTION" value="testing"/>
-    </php>
+  <testsuites>
+    <testsuite name="Flarum Laravel Session Test Suite">
+      <directory suffix="Test.php">./tests</directory>
+    </testsuite>
+  </testsuites>
+  <coverage processUncoveredFiles="true">
+    <include>
+      <directory suffix=".php">./src</directory>
+    </include>
+  </coverage>
+  <php>
+    <env name="DB_CONNECTION" value="testing"/>
+  </php>
 </phpunit>

src/FlarumSessionMiddleware.php

@@ -41,14 +41,24 @@ public function handle(Request $request, Closure $next)
         // Start session
         $session_store->start();
 
-        // Try to get user id
-        $user_id = $session_store->get('user_id', false);
+        // Try to get access_token
+        $access_token = $session_store->get('access_token', false);
 
-        // Redirect if no user id was found
-        if (!$user_id) {
+        // Redirect if no access_token was found
+        if (!$access_token) {
             return redirect(Config::get('flarum.url'));
         }
 
+        // Try to get token data with user id
+        $token_data = $flarum_user = DB::connection(Config::get('flarum.db_connection'))->table('access_tokens')->where('token', $access_token)->first();
+
+        // Redirect if no token was found
+        if (!$token_data || !$token_data->user_id) {
+            return redirect(Config::get('flarum.url'));
+        }
+
+        $user_id = $token_data->user_id;
+
         // Get Flarum user from Flarum database
         $flarum_user = DB::connection(Config::get('flarum.db_connection'))->table('users')->find($user_id);
 

tests/FlarumMiddlewareTest.php

@@ -60,7 +60,7 @@ public function testMiddlewareExecutesNextRequest()
             $mock->shouldReceive('sharedGet')
                 ->once()
                 ->with($session_file)
-                ->andReturn(serialize(['user_id' => 1]));
+                ->andReturn(serialize(['access_token' => 'foobar']));
         });
 
         $request = new Request($query = [], $request = [], $attributes = [], $cookies = [
@@ -107,7 +107,7 @@ public function testUsersDontGetCreatedTwice()
             $mock->shouldReceive('sharedGet')
                 ->once()
                 ->with($session_file)
-                ->andReturn(serialize(['user_id' => 1]));
+                ->andReturn(serialize(['access_token' => 'foobar']));
         });
 
         $request = new Request($query = [], $request = [], $attributes = [], $cookies = [
@@ -153,7 +153,7 @@ public function testMiddlewareExecutesNextRequestEarly()
             $mock->shouldReceive('sharedGet')
                 ->once()
                 ->with($session_file)
-                ->andReturn(serialize(['user_id' => 1]));
+                ->andReturn(serialize(['access_token' => 'foobar']));
         });
 
         $request = new Request($query = [], $request = [], $attributes = [], $cookies = [
@@ -169,7 +169,7 @@ public function testMiddlewareExecutesNextRequestEarly()
         $this->assertTrue($next_request_executed);
 
         // Mock Filesystem
-        $this->partialMock(Filesystem::class, function ($mock) use ($session_file) {
+        $this->partialMock(Filesystem::class, function ($mock) {
             $mock->shouldReceive('isFile')
                 ->never();
 
@@ -209,7 +209,7 @@ public function testMiddlewareRedirectsIfUserWasNotFound()
             $mock->shouldReceive('sharedGet')
                 ->once()
                 ->with($session_file)
-                ->andReturn(serialize(['user_id' => 2]));
+                ->andReturn(serialize(['access_token' => 'loremipsum']));
         });
 
         $request = new Request($query = [], $request = [], $attributes = [], $cookies = [