[13.x] Cleanup

src/AuthCode.php

@@ -54,6 +54,8 @@ class AuthCode extends Model
     /**
      * Get the client that owns the authentication code.
      *
+     * @deprecated Will be removed in a future Laravel version.
+     *
      * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
      */
     public function client()

src/Bridge/PersonalAccessGrant.php

@@ -19,7 +19,7 @@ public function respondToAccessTokenRequest(
     ): ResponseTypeInterface {
         // Validate request
         $client = $this->validateClient($request);
-        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request));
+        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
         $userIdentifier = $this->getRequestParameter('user_id', $request);
 
         // Finalize the requested scopes

src/Client.php

@@ -91,6 +91,8 @@ public function user()
     /**
      * Get all of the authentication codes for the client.
      *
+     * @deprecated Will be removed in a future Laravel version.
+     *
      * @return \Illuminate\Database\Eloquent\Relations\HasMany
      */
     public function authCodes()

src/Console/InstallCommand.php

@@ -44,11 +44,8 @@ public function handle()
         if ($this->confirm('Would you like to run all pending database migrations?', true)) {
             $this->call('migrate');
 
-            if ($this->confirm('Would you like to create the "personal access" and "password grant" clients?', true)) {
-                $provider = in_array('users', array_keys(config('auth.providers'))) ? 'users' : null;
-
+            if ($this->confirm('Would you like to create the "personal access" grant client?', true)) {
                 $this->call('passport:client', ['--personal' => true, '--name' => config('app.name').' Personal Access Client']);
-                $this->call('passport:client', ['--password' => true, '--name' => config('app.name').' Password Grant Client', '--provider' => $provider]);
             }
         }
     }

src/Guards/TokenGuard.php

@@ -19,7 +19,6 @@
 use Laravel\Passport\ClientRepository;
 use Laravel\Passport\Passport;
 use Laravel\Passport\PassportUserProvider;
-use Laravel\Passport\TokenRepository;
 use Laravel\Passport\TransientToken;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\ResourceServer;
@@ -44,13 +43,6 @@ class TokenGuard implements Guard
      */
     protected $provider;
 
-    /**
-     * The token repository instance.
-     *
-     * @var \Laravel\Passport\TokenRepository
-     */
-    protected $tokens;
-
     /**
      * The client repository instance.
      *
@@ -84,7 +76,6 @@ class TokenGuard implements Guard
      *
      * @param  \League\OAuth2\Server\ResourceServer  $server
      * @param  \Laravel\Passport\PassportUserProvider  $provider
-     * @param  \Laravel\Passport\TokenRepository  $tokens
      * @param  \Laravel\Passport\ClientRepository  $clients
      * @param  \Illuminate\Contracts\Encryption\Encrypter  $encrypter
      * @param  \Illuminate\Http\Request  $request
@@ -93,13 +84,11 @@ class TokenGuard implements Guard
     public function __construct(
         ResourceServer $server,
         PassportUserProvider $provider,
-        TokenRepository $tokens,
         ClientRepository $clients,
         Encrypter $encrypter,
         Request $request
     ) {
         $this->server = $server;
-        $this->tokens = $tokens;
         $this->clients = $clients;
         $this->provider = $provider;
         $this->encrypter = $encrypter;
@@ -109,7 +98,7 @@ public function __construct(
     /**
      * Get the user for the incoming request.
      *
-     * @return mixed
+     * @return \Illuminate\Contracts\Auth\Authenticatable|null
      */
     public function user()
     {
@@ -135,7 +124,6 @@ public function validate(array $credentials = [])
         return ! is_null((new static(
             $this->server,
             $this->provider,
-            $this->tokens,
             $this->clients,
             $this->encrypter,
             $credentials['request'],
@@ -172,7 +160,7 @@ public function client()
      * Authenticate the incoming request via the Bearer token.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @return mixed
+     * @return \Illuminate\Contracts\Auth\Authenticatable|null
      */
     protected function authenticateViaBearerToken($request)
     {
@@ -190,6 +178,8 @@ protected function authenticateViaBearerToken($request)
             return;
         }
 
+        $this->setClient($client);
+
         // If the access token is valid we will retrieve the user according to the user ID
         // associated with the token. We will use the provider implementation which may
         // be used to retrieve users from Eloquent. Next, we'll be ready to continue.
@@ -206,7 +196,7 @@ protected function authenticateViaBearerToken($request)
         // authorization such as within the developer's Laravel model policy classes.
         $token = AccessToken::fromPsrRequest($psr);
 
-        return $token ? $user->withAccessToken($token) : null;
+        return $user->withAccessToken($token);
     }
 
     /**
@@ -242,7 +232,7 @@ protected function getPsrRequestViaBearerToken($request)
      * Authenticate the incoming request via the token cookie.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @return mixed
+     * @return \Illuminate\Contracts\Auth\Authenticatable|null
      */
     protected function authenticateViaCookie($request)
     {
@@ -262,7 +252,7 @@ protected function authenticateViaCookie($request)
      * Get the token cookie via the incoming request.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @return mixed
+     * @return array|null
      */
     protected function getTokenViaCookie($request)
     {

src/HasApiTokens.php

@@ -51,7 +51,7 @@ public function token()
      */
     public function tokenCan($scope)
     {
-        return $this->accessToken ? $this->accessToken->can($scope) : false;
+        return $this->accessToken && $this->accessToken->can($scope);
     }
 
     /**

src/Http/Middleware/CheckCredentials.php

@@ -5,7 +5,6 @@
 use Closure;
 use Laravel\Passport\AccessToken;
 use Laravel\Passport\Exceptions\AuthenticationException;
-use Laravel\Passport\TokenRepository;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\ResourceServer;
 use Nyholm\Psr7\Factory\Psr17Factory;
@@ -20,24 +19,15 @@ abstract class CheckCredentials
      */
     protected $server;
 
-    /**
-     * Token Repository.
-     *
-     * @var \Laravel\Passport\TokenRepository
-     */
-    protected $repository;
-
     /**
      * Create a new middleware instance.
      *
      * @param  \League\OAuth2\Server\ResourceServer  $server
-     * @param  \Laravel\Passport\TokenRepository  $repository
      * @return void
      */
-    public function __construct(ResourceServer $server, TokenRepository $repository)
+    public function __construct(ResourceServer $server)
     {
         $this->server = $server;
-        $this->repository = $repository;
     }
 
     /**

src/PassportServiceProvider.php

@@ -352,7 +352,6 @@ protected function makeGuard(array $config)
         return new TokenGuard(
             $this->app->make(ResourceServer::class),
             new PassportUserProvider(Auth::createUserProvider($config['provider']), $config['provider']),
-            $this->app->make(TokenRepository::class),
             $this->app->make(ClientRepository::class),
             $this->app->make('encrypter'),
             $this->app->make('request')

src/RefreshToken.php

@@ -71,16 +71,6 @@ public function revoke()
         return $this->forceFill(['revoked' => true])->save();
     }
 
-    /**
-     * Determine if the token is a transient JWT token.
-     *
-     * @return bool
-     */
-    public function transient()
-    {
-        return false;
-    }
-
     /**
      * Get the current connection name for the model.
      *

src/TokenRepository.php

@@ -54,6 +54,8 @@ public function forUser($userId)
     /**
      * Get a valid token instance for the given user and client.
      *
+     * @deprecated use findValidToken
+     *
      * @param  \Illuminate\Contracts\Auth\Authenticatable  $user
      * @param  \Laravel\Passport\Client  $client
      * @return \Laravel\Passport\Token|null

tests/Unit/CheckClientCredentialsForAnyScopeTest.php

@@ -5,7 +5,6 @@
 use Illuminate\Http\Request;
 use Laravel\Passport\Exceptions\AuthenticationException;
 use Laravel\Passport\Http\Middleware\CheckClientCredentialsForAnyScope;
-use Laravel\Passport\TokenRepository;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\ResourceServer;
 use Mockery as m;
@@ -30,9 +29,7 @@ public function test_request_is_passed_along_if_token_is_valid()
             'oauth_scopes' => ['*'],
         ]);
 
-        $tokenRepository = m::mock(TokenRepository::class);
-
-        $middleware = new CheckClientCredentialsForAnyScope($resourceServer, $tokenRepository);
+        $middleware = new CheckClientCredentialsForAnyScope($resourceServer);
 
         $request = Request::create('/');
         $request->headers->set('Authorization', 'Bearer token');
@@ -55,9 +52,7 @@ public function test_request_is_passed_along_if_token_has_any_required_scope()
             'oauth_scopes' => ['foo', 'bar', 'baz'],
         ]);
 
-        $tokenRepository = m::mock(TokenRepository::class);
-
-        $middleware = new CheckClientCredentialsForAnyScope($resourceServer, $tokenRepository);
+        $middleware = new CheckClientCredentialsForAnyScope($resourceServer);
 
         $request = Request::create('/');
         $request->headers->set('Authorization', 'Bearer token');
@@ -73,13 +68,12 @@ public function test_exception_is_thrown_when_oauth_throws_exception()
     {
         $this->expectException(AuthenticationException::class);
 
-        $tokenRepository = m::mock(TokenRepository::class);
         $resourceServer = m::mock(ResourceServer::class);
         $resourceServer->shouldReceive('validateAuthenticatedRequest')->andThrow(
             new OAuthServerException('message', 500, 'error type')
         );
 
-        $middleware = new CheckClientCredentialsForAnyScope($resourceServer, $tokenRepository);
+        $middleware = new CheckClientCredentialsForAnyScope($resourceServer);
 
         $request = Request::create('/');
         $request->headers->set('Authorization', 'Bearer token');
@@ -102,9 +96,7 @@ public function test_exception_is_thrown_if_token_does_not_have_required_scope()
             'oauth_scopes' => ['foo', 'bar'],
         ]);
 
-        $tokenRepository = m::mock(TokenRepository::class);
-
-        $middleware = new CheckClientCredentialsForAnyScope($resourceServer, $tokenRepository);
+        $middleware = new CheckClientCredentialsForAnyScope($resourceServer);
 
         $request = Request::create('/');
         $request->headers->set('Authorization', 'Bearer token');

tests/Unit/CheckClientCredentialsTest.php

@@ -5,7 +5,6 @@
 use Illuminate\Http\Request;
 use Laravel\Passport\Exceptions\AuthenticationException;
 use Laravel\Passport\Http\Middleware\CheckClientCredentials;
-use Laravel\Passport\TokenRepository;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\ResourceServer;
 use Mockery as m;
@@ -30,9 +29,7 @@ public function test_request_is_passed_along_if_token_is_valid()
             'oauth_scopes' => ['*'],
         ]);
 
-        $tokenRepository = m::mock(TokenRepository::class);
-
-        $middleware = new CheckClientCredentials($resourceServer, $tokenRepository);
+        $middleware = new CheckClientCredentials($resourceServer);
 
         $request = Request::create('/');
         $request->headers->set('Authorization', 'Bearer token');
@@ -55,9 +52,7 @@ public function test_request_is_passed_along_if_token_and_scope_are_valid()
             'oauth_scopes' => ['see-profile'],
         ]);
 
-        $tokenRepository = m::mock(TokenRepository::class);
-
-        $middleware = new CheckClientCredentials($resourceServer, $tokenRepository);
+        $middleware = new CheckClientCredentials($resourceServer);
 
         $request = Request::create('/');
         $request->headers->set('Authorization', 'Bearer token');
@@ -73,13 +68,12 @@ public function test_exception_is_thrown_when_oauth_throws_exception()
     {
         $this->expectException(AuthenticationException::class);
 
-        $tokenRepository = m::mock(TokenRepository::class);
         $resourceServer = m::mock(ResourceServer::class);
         $resourceServer->shouldReceive('validateAuthenticatedRequest')->andThrow(
             new OAuthServerException('message', 500, 'error type')
         );
 
-        $middleware = new CheckClientCredentials($resourceServer, $tokenRepository);
+        $middleware = new CheckClientCredentials($resourceServer);
 
         $request = Request::create('/');
         $request->headers->set('Authorization', 'Bearer token');
@@ -102,9 +96,7 @@ public function test_exception_is_thrown_if_token_does_not_have_required_scopes(
             'oauth_scopes' => ['foo', 'notbar'],
         ]);
 
-        $tokenRepository = m::mock(TokenRepository::class);
-
-        $middleware = new CheckClientCredentials($resourceServer, $tokenRepository);
+        $middleware = new CheckClientCredentials($resourceServer);
 
         $request = Request::create('/');
         $request->headers->set('Authorization', 'Bearer token');