Improve login accuracy event on Laravel>5 (#2642)

DataDog · Apr 30, 2024 · 78871c1 · 78871c1
1 parent 54b48e5
commit 78871c1
Show file tree

Hide file tree

Showing 46 changed files with 1,031 additions and 169 deletions.
diff --git a/.gitignore b/.gitignore
@@ -60,3 +60,4 @@ package.json
 packages.json
 package-lock.json
 yarn.lock
+cookies.txt
diff --git a/src/DDTrace/Integrations/Laravel/LaravelIntegration.php b/src/DDTrace/Integrations/Laravel/LaravelIntegration.php
@@ -350,7 +350,7 @@ function ($This, $scope, $args, $loginSuccess) use ($integration) {
 
         // Used by Laravel >= 5.0
         \DDTrace\hook_method(
-            'Illuminate\Auth\Events\Authenticated',
+            'Illuminate\Auth\Events\Login',
             '__construct',
             function ($This, $scope, $args) use ($integration) {
                 $authClass = 'Illuminate\Contracts\Auth\Authenticatable';

diff --git a/tests/Common/WebFrameworkTestCase.php b/tests/Common/WebFrameworkTestCase.php
@@ -21,12 +21,36 @@ abstract class WebFrameworkTestCase extends IntegrationTestCase
     const PORT = 9999;
 
     const ERROR_LOG_NAME = 'phpunit_error.log';
+    const COOKIE_JAR = 'cookies.txt';
 
     /**
      * @var WebServer|null
      */
     private static $appServer;
     protected $checkWebserverErrors = true;
+    protected $cookiesFile;
+    protected $maintainSession = false;
+
+    protected function ddSetUp()
+    {
+        parent::ddSetUp();
+    }
+
+    protected function enableSession()
+    {
+        $this->maintainSession = true;
+        $this->cookiesFile = realpath(dirname(static::getAppIndexScript())) . '/' . static::COOKIE_JAR;
+        $f = @fopen($this->cookiesFile, "r+");
+        if ($f !== false) {
+            ftruncate($f, 0);
+            fclose($f);
+        }
+    }
+
+    protected function disableSession()
+    {
+        $this->maintainSession = false;
+    }
 
     public static function ddSetUpBeforeClass()
     {
@@ -215,6 +239,12 @@ protected function sendRequest($method, $url, $headers = [], $body = [], $change
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, $options[CURLOPT_RETURNTRANSFER]);
             curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
             curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $options[CURLOPT_FOLLOWLOCATION]);
+            if ($this->maintainSession) {
+                curl_setopt($ch, CURLOPT_COOKIEJAR, $this->cookiesFile);
+                curl_setopt ($ch, CURLOPT_COOKIEFILE, $this->cookiesFile);
+                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+                curl_setopt($ch, CURLOPT_HEADER, 1);
+            }
             if ($method === 'POST') {
                 curl_setopt($ch, CURLOPT_POST, true);
                 curl_setopt($ch, CURLOPT_POSTFIELDS, is_array($body) ? json_encode($body) : $body);

diff --git a/tests/Frameworks/Laravel/Version_10_x/.env b/tests/Frameworks/Laravel/Version_10_x/.env
@@ -8,13 +8,6 @@ LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
-DB_CONNECTION=mysql
-DB_HOST=127.0.0.1
-DB_PORT=3306
-DB_DATABASE=laravel
-DB_USERNAME=root
-DB_PASSWORD=
-
 BROADCAST_DRIVER=log
 CACHE_DRIVER=file
 FILESYSTEM_DISK=local

diff --git a/tests/Frameworks/Laravel/Version_10_x/.env.example b/tests/Frameworks/Laravel/Version_10_x/.env.example
@@ -8,13 +8,6 @@ LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
-DB_CONNECTION=mysql
-DB_HOST=127.0.0.1
-DB_PORT=3306
-DB_DATABASE=laravel
-DB_USERNAME=root
-DB_PASSWORD=
-
 BROADCAST_DRIVER=log
 CACHE_DRIVER=file
 FILESYSTEM_DISK=local

diff --git a/tests/Frameworks/Laravel/Version_10_x/app/Http/Controllers/LoginTestController.php b/tests/Frameworks/Laravel/Version_10_x/app/Http/Controllers/LoginTestController.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Auth\Events\Registered;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Http\RedirectResponse;
+use App\Providers\RouteServiceProvider;
+use App\Models\User;
+
+class LoginTestController extends Controller
+{
+    /**
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function auth(Request $request)
+    {
+        $credentials = [
+            'email' => $request->get('email'),
+            'password' => 'password',
+        ];
+
+        if (Auth::attempt($credentials)) {
+            return response('Login successful', 200);
+        }
+
+        return response('Invalid credentials', 403);
+    }
+
+    public function register(Request $request): RedirectResponse
+    {
+        $request->validate([
+            'name' => ['required'],
+            'email' => ['required'],
+            'password' => ['required'],
+        ]);
+
+        $user = User::create([
+            'name' => $request->name,
+            'email' => $request->email,
+            'password' => Hash::make($request->password),
+        ]);
+
+        event(new Registered($user));
+
+        Auth::login($user);
+
+        return redirect('/simple');
+    }
+
+    public function behind_auth()
+    {
+        return "page behind auth";
+    }
+}
diff --git a/tests/Frameworks/Laravel/Version_10_x/app/Providers/AppServiceProvider.php b/tests/Frameworks/Laravel/Version_10_x/app/Providers/AppServiceProvider.php
@@ -2,6 +2,7 @@
 
 namespace App\Providers;
 
+use Illuminate\Support\Facades\Schema;
 use Illuminate\Support\ServiceProvider;
 
 class AppServiceProvider extends ServiceProvider
@@ -19,6 +20,6 @@ public function register(): void
      */
     public function boot(): void
     {
-        //
+        Schema::defaultStringLength(191);
     }
 }
diff --git a/tests/Frameworks/Laravel/Version_10_x/composer.json b/tests/Frameworks/Laravel/Version_10_x/composer.json
@@ -30,12 +30,14 @@
     "autoload-dev": {
         "psr-4": {
             "Tests\\": "tests/"
-        }
+        },
+        "files": ["../../../Appsec/Mock.php"]
     },
     "scripts": {
         "post-autoload-dump": [
             "Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
-            "@php artisan package:discover --ansi"
+            "@php artisan package:discover --ansi",
+            "@php artisan migrate:fresh --force"
         ],
         "post-update-cmd": [
             "@php artisan vendor:publish --tag=laravel-assets --ansi --force"

diff --git a/tests/Frameworks/Laravel/Version_10_x/config/database.php b/tests/Frameworks/Laravel/Version_10_x/config/database.php
@@ -46,11 +46,11 @@
         'mysql' => [
             'driver' => 'mysql',
             'url' => env('DATABASE_URL'),
-            'host' => env('DB_HOST', '127.0.0.1'),
+            'host' => env('DB_HOST', 'mysql_integration'),
             'port' => env('DB_PORT', '3306'),
-            'database' => env('DB_DATABASE', 'forge'),
-            'username' => env('DB_USERNAME', 'forge'),
-            'password' => env('DB_PASSWORD', ''),
+            'database' => env('DB_DATABASE', 'test'),
+            'username' => env('DB_USERNAME', 'test'),
+            'password' => env('DB_PASSWORD', 'test'),
             'unix_socket' => env('DB_SOCKET', ''),
             'charset' => 'utf8mb4',
             'collation' => 'utf8mb4_unicode_ci',

diff --git a/tests/Frameworks/Laravel/Version_10_x/routes/web.php b/tests/Frameworks/Laravel/Version_10_x/routes/web.php
@@ -1,6 +1,7 @@
 <?php
 
 use App\Http\Controllers\CommonSpecsController;
+use App\Http\Controllers\LoginTestController;
 use Illuminate\Support\Facades\Route;
 
 /*
@@ -17,3 +18,6 @@
 Route::get('simple', [CommonSpecsController::class, 'simple'])->name('simple_route');
 Route::get('simple_view', [CommonSpecsController::class, 'simple_view']);
 Route::get('error', [CommonSpecsController::class, 'error']);
+Route::get('login/auth', [LoginTestController::class, 'auth'])->name('login');
+Route::get('login/signup', [LoginTestController::class, 'register']);
+Route::get('/behind_auth', [LoginTestController::class, 'behind_auth'])->name('behind_auth')->middleware('auth');
diff --git a/tests/Frameworks/Laravel/Version_4_2/app/controllers/LoginTestController.php b/tests/Frameworks/Laravel/Version_4_2/app/controllers/LoginTestController.php
@@ -30,4 +30,9 @@ public function register()
 
         return "registered";
     }
+
+    public function behind_auth()
+    {
+        return "page behind auth";
+    }
 }
diff --git a/tests/Frameworks/Laravel/Version_4_2/app/routes.php b/tests/Frameworks/Laravel/Version_4_2/app/routes.php
@@ -23,3 +23,7 @@
 Route::get('/eloquent/refresh', 'EloquentTestController@refresh');
 Route::get('/login/auth', 'LoginTestController@auth');
 Route::get('/login/signup', 'LoginTestController@register');
+Route::group(array('before' => 'auth'), function()
+{
+   Route::get('/behind_auth', 'LoginTestController@behind_auth');
+});
diff --git a/tests/Frameworks/Laravel/Version_5_7/app/Http/Controllers/LoginTestController.php b/tests/Frameworks/Laravel/Version_5_7/app/Http/Controllers/LoginTestController.php
@@ -54,4 +54,9 @@ protected function create(array $data)
 
         return $user;
     }
+
+    public function behind_auth()
+    {
+        return "page behind auth";
+    }
 }
diff --git a/tests/Frameworks/Laravel/Version_5_7/routes/web.php b/tests/Frameworks/Laravel/Version_5_7/routes/web.php
@@ -30,3 +30,7 @@
 Route::get('queue/workOn', 'QueueTestController@workOn');
 Route::get('login/auth', 'LoginTestController@auth');
 Route::get('login/signup', 'LoginTestController@register');
+Route::group(array('before' => 'auth'), function()
+{
+   Route::get('/behind_auth', 'LoginTestController@behind_auth');
+});
diff --git a/tests/Frameworks/Laravel/Version_5_8/app/Http/Controllers/LoginTestController.php b/tests/Frameworks/Laravel/Version_5_8/app/Http/Controllers/LoginTestController.php
@@ -54,4 +54,9 @@ protected function create(array $data)
 
         return $user;
     }
+
+    public function behind_auth()
+    {
+        return "page behind auth";
+    }
 }
diff --git a/tests/Frameworks/Laravel/Version_5_8/routes/web.php b/tests/Frameworks/Laravel/Version_5_8/routes/web.php
@@ -27,3 +27,7 @@
 Route::get('queue/workOn', 'QueueTestController@workOn');
 Route::get('login/auth', 'LoginTestController@auth');
 Route::get('login/signup', 'LoginTestController@register');
+Route::group(array('before' => 'auth'), function()
+{
+   Route::get('/behind_auth', 'LoginTestController@behind_auth');
+});
diff --git a/tests/Frameworks/Laravel/Version_8_x/app/Http/Controllers/LoginTestController.php b/tests/Frameworks/Laravel/Version_8_x/app/Http/Controllers/LoginTestController.php
@@ -50,4 +50,9 @@ public function register(Request $request): RedirectResponse
 
         return redirect(RouteServiceProvider::HOME);
     }
+
+    public function behind_auth()
+    {
+        return "page behind auth";
+    }
 }
diff --git a/tests/Frameworks/Laravel/Version_8_x/routes/web.php b/tests/Frameworks/Laravel/Version_8_x/routes/web.php
@@ -39,6 +39,7 @@
 Route::get('queue/workOn', [QueueTestController::class, 'workOn']);
 Route::get('login/auth', [LoginTestController::class, 'auth']);
 Route::get('login/signup', [LoginTestController::class, 'register']);
+Route::get('/behind_auth', [LoginTestController::class, 'behind_auth'])->name('behind_auth')->middleware('auth');
 
 // This route has to remain unnamed so we test both route cached and not cached.
 Route::get('/unnamed-route', [RouteCachingController::class, 'unnamed']);
diff --git a/tests/Frameworks/Laravel/Version_9_x/.env b/tests/Frameworks/Laravel/Version_9_x/.env
@@ -8,13 +8,6 @@ LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
-DB_CONNECTION=mysql
-DB_HOST=127.0.0.1
-DB_PORT=3306
-DB_DATABASE=laravel
-DB_USERNAME=root
-DB_PASSWORD=
-
 BROADCAST_DRIVER=log
 CACHE_DRIVER=file
 FILESYSTEM_DISK=local

diff --git a/tests/Frameworks/Laravel/Version_9_x/.env.example b/tests/Frameworks/Laravel/Version_9_x/.env.example
@@ -8,13 +8,6 @@ LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
-DB_CONNECTION=mysql
-DB_HOST=127.0.0.1
-DB_PORT=3306
-DB_DATABASE=laravel
-DB_USERNAME=root
-DB_PASSWORD=
-
 BROADCAST_DRIVER=log
 CACHE_DRIVER=file
 FILESYSTEM_DISK=local

diff --git a/tests/Frameworks/Laravel/Version_9_x/app/Http/Controllers/LoginTestController.php b/tests/Frameworks/Laravel/Version_9_x/app/Http/Controllers/LoginTestController.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Auth\Events\Registered;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Http\RedirectResponse;
+use App\Providers\RouteServiceProvider;
+use App\Models\User;
+
+class LoginTestController extends Controller
+{
+    /**
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function auth(Request $request)
+    {
+        $credentials = [
+            'email' => $request->get('email'),
+            'password' => 'password',
+        ];
+
+        if (Auth::attempt($credentials)) {
+            return response('Login successful', 200);
+        }
+
+        return response('Invalid credentials', 403);
+    }
+
+    public function register(Request $request): RedirectResponse
+    {
+        $request->validate([
+            'name' => ['required'],
+            'email' => ['required'],
+            'password' => ['required'],
+        ]);
+
+        $user = User::create([
+            'name' => $request->name,
+            'email' => $request->email,
+            'password' => Hash::make($request->password),
+        ]);
+
+        event(new Registered($user));
+
+        Auth::login($user);
+
+        return redirect('/simple');
+    }
+
+    public function behind_auth()
+    {
+        return "page behind auth";
+    }
+}
diff --git a/tests/Frameworks/Laravel/Version_9_x/app/Providers/AppServiceProvider.php b/tests/Frameworks/Laravel/Version_9_x/app/Providers/AppServiceProvider.php
@@ -2,6 +2,7 @@
 
 namespace App\Providers;
 
+use Illuminate\Support\Facades\Schema;
 use Illuminate\Support\ServiceProvider;
 
 class AppServiceProvider extends ServiceProvider
@@ -23,6 +24,6 @@ public function register()
      */
     public function boot()
     {
-        //
+        Schema::defaultStringLength(191);
     }
 }