store current user inside of the auth manager and deprecate accessing…

… the current user from the DI container

src/Libs/AuthManager.php

@@ -64,6 +64,11 @@ class AuthManager
      */
     private $response;
 
+    /**
+     * @var UserInterface
+     */
+    private $currentUser;
+
     /**
      * @var UserRegistration
      */
@@ -230,6 +235,38 @@ public function getResponse()
         return $this->response;
     }
 
+    /**
+     * Sets the current user for this request.
+     *
+     * @param UserInterface $user
+     *
+     * @return $this
+     */
+    function setCurrentUser(UserInterface $user)
+    {
+        $this->currentUser = $user;
+
+        // accessing the current user from the
+        // DI container is deprecated
+        $this->app['user'] = $user;
+
+        return $this;
+    }
+
+    /**
+     * Gets the current user for this request.
+     */
+    function getCurrentUser(): UserInterface
+    {
+        if (!$this->currentUser) {
+            $this->setCurrentUser($this->getGuestUser());
+        }
+
+        // accessing the current user from the
+        // DI container is deprecated
+        return $this->app['user'];
+    }
+
     /**
      * @return QueryBuilder
      */
@@ -278,7 +315,7 @@ public function getAuthenticatedUser()
             $user = $this->signInUser($this->getGuestUser());
         }
 
-        $this->app['user'] = $user;
+        $this->setCurrentUser($user);
 
         return $user;
     }
@@ -292,7 +329,7 @@ public function getAuthenticatedUser()
      */
     public function logout()
     {
-        $user = $this->app['user'];
+        $user = $this->getCurrentUser();
 
         $result = $this->getStorage()
                        ->signOut($this->request, $this->response);
@@ -351,7 +388,7 @@ public function signInUser(UserInterface $user, $strategy = 'web', $remember = f
         // be completely signed in until they verify using 2FA
         $twoFactor = $this->getTwoFactorStrategy();
         if ($twoFactor && !$user->isTwoFactorVerified() && $twoFactor->needsVerification($user)) {
-            $this->app['user'] = $user;
+            $this->setCurrentUser($user);
 
             return $user->markSignedOut();
         }
@@ -385,7 +422,7 @@ public function signInUser(UserInterface $user, $strategy = 'web', $remember = f
             $user->markSignedOut();
         }
 
-        $this->app['user'] = $user;
+        $this->setCurrentUser($user);
 
         return $user;
     }

src/Libs/TestListener.php

@@ -58,7 +58,7 @@ public function __construct()
 
         $user->create($params);
         $user->markSignedIn();
-        Test::$app['user'] = $user;
+        Test::$app['auth']->setCurrentUser($user);
     }
 
     public function addError(PHPUnitTest $test, Exception $e, $time)
@@ -87,7 +87,7 @@ public function addWarning(PHPUnitTest $test, Warning $e, $time)
 
     public function startTest(PHPUnitTest $test)
     {
-        Test::$app['user']->demoteToNormalUser();
+        Test::$app['auth']->getCurrentUser()->demoteToNormalUser();
     }
 
     public function endTest(PHPUnitTest $test, $time)

src/Models/AbstractUser.php

@@ -139,10 +139,10 @@ protected function preSetHook(&$data)
         }
 
         // verify the given current password, when required
-        $app = $this->getApp();
-        if ($passwordRequired && !$this->can('skip-password-required', $app['user'])) {
+        $auth = $this->getApp()['auth'];
+        if ($passwordRequired && !$this->can('skip-password-required', $auth->getCurrentUser())) {
             $password = array_value($data, 'current_password');
-            $strategy = $app['auth']->getStrategy('traditional');
+            $strategy = $auth->getStrategy('traditional');
             if (!$strategy->verifyPassword($this, $password)) {
                 $this->getErrors()->add('invalid_password');
 
@@ -187,7 +187,8 @@ public static function passwordChanged(ModelEvent $event)
         $auth->signOutAllSessions($user);
         $user->markSignedOut();
 
-        if ($app['user'] && $app['user']->id() == $user->id()) {
+        $currentUser = $auth->getCurrentUser();
+        if ($currentUser->id() == $user->id()) {
             $auth->logout();
         }
 
@@ -516,14 +517,15 @@ public function deleteConfirm($password)
         }
 
         // the current user can only delete their own account
-        $app = $this->getApp();
-        if ($app['user']->id() != $this->id()) {
+        $auth = $this->getApp()['auth'];
+        $user = $auth->getCurrentUser();
+        if ($user->id() != $this->id()) {
             return false;
         }
 
         // Verify the supplied the password.
-        $verified = $app['auth']->getStrategy('traditional')
-                                ->verifyPassword($this, $password);
+        $verified = $auth->getStrategy('traditional')
+            ->verifyPassword($this, $password);
         if (!$verified) {
             return false;
         }

src/Services/Auth.php

@@ -11,58 +11,64 @@
 
 namespace Infuse\Auth\Services;
 
+use Infuse\Application;
 use Infuse\Auth\Libs\AuthManager;
 use Pulsar\ACLModelRequester;
 
 class Auth
 {
-    public function __construct($app)
+    /**
+     * @var AuthManager
+     */
+    private $auth;
+
+    public function __construct(Application $app)
     {
         // CLI requests have a super user
         if (defined('STDIN')) {
-            $userClass = $this->getUserClass($app);
+            $auth = $this->getAuthManager($app);
+            $userClass = $auth->getUserClass();
             $user = new $userClass();
             $user->promoteToSuperUser();
-            $app['user'] = $user;
+            $auth->setCurrentUser($user);
 
             // use the super user as the requester for model permissions
             ACLModelRequester::set($user);
             $app['requester'] = $user;
         }
     }
 
-    public function __invoke($app)
+    public function __invoke(Application $app)
     {
-        $auth = new AuthManager();
-        $auth->setApp($app);
+        return $this->getAuthManager($app);
+    }
+
+    private function getAuthManager(Application $app): AuthManager
+    {
+        if ($this->auth) {
+            return $this->auth;
+        }
+
+        $this->auth = new AuthManager();
+        $this->auth->setApp($app);
 
         // register authentication strategies
         $strategies = $app['config']->get('auth.strategies', []);
         foreach ($strategies as $id => $class) {
-            $auth->registerStrategy($id, $class);
+            $this->auth->registerStrategy($id, $class);
         }
 
         if ($class = $app['config']->get('auth.2fa_strategy')) {
-            $strategy = new $class($auth);
-            $auth->setTwoFactorStrategy($strategy);
+            $strategy = new $class($this->auth);
+            $this->auth->setTwoFactorStrategy($strategy);
         }
 
         // specify storage type
         if ($class = $app['config']->get('auth.storage')) {
-            $storage = new $class($auth);
-            $auth->setStorage($storage);
+            $storage = new $class($this->auth);
+            $this->auth->setStorage($storage);
         }
 
-        return $auth;
-    }
-
-    /**
-     * Gets the user model class.
-     *
-     * @return string
-     */
-    private function getUserClass($app)
-    {
-        return $app['config']->get('users.model', AuthManager::DEFAULT_USER_MODEL);
+        return $this->auth;
     }
 }

tests/Libs/AuthManagerTest.php

@@ -124,6 +124,20 @@ public function testGetResponse()
         $this->assertEquals($res, $auth->getResponse());
     }
 
+    function testGetCurrentUser()
+    {
+        $auth = $this->getAuth();
+        $user = $auth->getCurrentUser();
+        $this->assertInstanceOf(User::class, $user);
+        $this->assertFalse($user->isSignedIn());
+        $this->assertEquals($user, Test::$app['user']);
+
+        $user = new User(1234);
+        $auth->setCurrentUser($user);
+        $this->assertEquals($user, $auth->getCurrentUser());
+        $this->assertEquals($user, Test::$app['user']);
+    }
+
     public function testGetUserClass()
     {
         $auth = $this->getAuth();