[5.6] Add ability to determine if the current user is ALREADY authenticated without triggering side effects

[mpyw]

• Auth::check() internally calls Auth::user(). It may trigger side effects.
  (e.g. accessing database or making an HTTP request for external Web API)
• Auth::guard()->user is protected.

We currently do not have an ability to determine if Auth::guard()->user is already set without using reflection. This PR adds Auth::alreadyAuthenticated() which returns boolean value.

It will be useful in models or custom relations.

Example

class Post extends Model
{
    protected $visible = ['id', 'title', 'body', 'created_at', 'likes', 'liked'];
    protected $with = ['likeByCurrentUser'];
    protected $appends = ['liked'];

    public function likes()
    {
        return $this->hasMany(Like::class);
    }

    public function likeByCurrentUser()
    {
        return $this->hasOne(Like::class)->where('user_id', Auth::alreadyAuthenticated() ? Auth::id() : null);
    }

    public function getLikedAttribute()
    {
        return Auth::alreadyAuthenticated() ? ! is_null($this->likeByCurrentUser) : null;
    }
}

[browner12]

I not sure you can rely on the $this->user property being set as an indicator of whether or not the user is authenticated or not. If the property is set, you know the user is logged in, but if the property is not set, the user may not be logged in, or the class just might not know about the user yet, and needs to run through it's driver specific code to check if the user is authenticated.

[mpyw]

@browner12 I know. In some environment running driver specific code through Auth::user() may throw exceptions or trigger unexpected behaviors. In my project, for instance, development environment is separated from the authentication platform API so making HTTP requests through Auth::user() triggers exceptions.

Please tell me if you have the proper name for this method. (e.g. Auth::alreadyChecked())
Or just make Auth::guard()->user public?

[taylorotwell]

I would rather just say something like Auth::hasUser()

[mpyw]

@taylorotwell Nice

class Post extends Model
{
    protected $visible = ['id', 'title', 'body', 'created_at', 'likes', 'liked'];
    protected $with = ['likeByCurrentUser'];
    protected $appends = ['liked'];

    public function likes()
    {
        return $this->hasMany(Like::class);
    }

    public function likeByCurrentUser()
    {
        return $this->hasOne(Like::class)->where('user_id', Auth::hasUser() ? Auth::id() : null);
    }

    public function getLikedAttribute()
    {
        return Auth::hasUser() ? ! is_null($this->likeByCurrentUser) : null;
    }
}

[browner12]

I guess I'm a little confused. If your local environment throws exceptions when trying to authenticate over HTTP with your auth API, how does this change help you? Wouldn't $this->user always be null then?

[mpyw]

@browner12 In this example, fetching Post instances always fails in my local environment regardless of whether the endpoint requires authentication or not.

class Post extends Model
{
    protected $visible = ['id', 'title', 'body', 'created_at', 'likes', 'liked'];
    protected $with = ['likeByCurrentUser'];
    protected $appends = ['liked'];

    public function likes()
    {
        return $this->hasMany(Like::class);
    }

    public function likeByCurrentUser()
    {
        return $this->hasOne(Like::class)->where('user_id', Auth::id());
    }

    public function getLikedAttribute()
    {
        return ! is_null($this->likeByCurrentUser);
    }
}

class PostContrller extends Controller
{
    public function index()
    {
        // Always fails in my local environment
        return Post::all();
    }
}

Note that this is just an example. Generally I think loading or formatting models should not trigger side effects except accessing database to fetch their rows.

[mpyw]

@taylorotwell Should missing public methods such as authenticate() hasUser() be added to Guard contract at the next major release? (6.0? 5.7)

[antonkomarev]

@mpyw next major release will be 5.7. Laravel isn't following SemVer.