From c1dee4c865bb9146a12ed677e191c218b42f6dae Mon Sep 17 00:00:00 2001 From: Hafez Divandari Date: Fri, 21 Nov 2025 18:01:23 +0330 Subject: [PATCH 1/2] catch exceptions when retrieving user from the provider --- src/Guards/TokenGuard.php | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php index 25749360..ab85ce77 100644 --- a/src/Guards/TokenGuard.php +++ b/src/Guards/TokenGuard.php @@ -144,18 +144,18 @@ protected function authenticateViaBearerToken(): ?Authenticatable // If the access token is valid we will retrieve the user according to the user ID // associated with the token. We will use the provider implementation which may // be used to retrieve users from Eloquent. Next, we'll be ready to continue. - $user = $this->provider->retrieveById( - $psr->getAttribute('oauth_user_id') ?: null - ); - - if (! $user) { + try { + $user = $this->provider->retrieveById( + $psr->getAttribute('oauth_user_id') ?: null + ); + } catch (Exception) { return null; } // Next, we will assign a token instance to this user which the developers may use // to determine if the token has a given scope, etc. This will be useful during // authorization such as within the developer's Laravel model policy classes. - return $user->withAccessToken(AccessToken::fromPsrRequest($psr)); + return $user?->withAccessToken(AccessToken::fromPsrRequest($psr)); } /** @@ -193,11 +193,13 @@ protected function authenticateViaCookie(): ?Authenticatable // If this user exists, we will return this user and attach a "transient" token to // the user model. The transient token assumes it has all scopes since the user // is physically logged into the application via the application's interface. - if ($user = $this->provider->retrieveById($token['sub'])) { - return $user->withAccessToken(new TransientToken); + try { + $user = $this->provider->retrieveById($token['sub']); + } catch (Exception) { + return null; } - return null; + return $user?->withAccessToken(new TransientToken); } /** From 32b063797239ce4a7f3e7a234ce1f8e91f59ee57 Mon Sep 17 00:00:00 2001 From: Hafez Divandari Date: Fri, 21 Nov 2025 18:03:20 +0330 Subject: [PATCH 2/2] fix minor cs --- src/Console/ClientCommand.php | 4 ++-- src/Http/Controllers/HandlesOAuthErrors.php | 2 +- src/Http/Middleware/CreateFreshApiToken.php | 2 +- src/Http/Middleware/ValidateToken.php | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Console/ClientCommand.php b/src/Console/ClientCommand.php index ec5c1832..addd6c67 100644 --- a/src/Console/ClientCommand.php +++ b/src/Console/ClientCommand.php @@ -131,7 +131,7 @@ protected function createDeviceCodeClient(ClientRepository $clients): Client { $confidential = $this->hasOption('public') ? ! $this->option('public') - : $this->confirm('Would you like to make this client confidential?', true); + : $this->components->confirm('Would you like to make this client confidential?', true); return $clients->createDeviceAuthorizationGrantClient($this->option('name'), $confidential); } @@ -151,7 +151,7 @@ protected function createAuthCodeClient(ClientRepository $clients): Client : $this->components->confirm('Would you like to make this client confidential?', true); $enableDeviceFlow = Passport::$deviceCodeGrantEnabled && - $this->confirm('Would you like to enable the device authorization flow for this client?'); + $this->components->confirm('Would you like to enable the device authorization flow for this client?'); return $clients->createAuthorizationCodeGrantClient( $this->option('name'), explode(',', $redirect), $confidential, null, $enableDeviceFlow diff --git a/src/Http/Controllers/HandlesOAuthErrors.php b/src/Http/Controllers/HandlesOAuthErrors.php index 26bebf0f..a4453122 100644 --- a/src/Http/Controllers/HandlesOAuthErrors.php +++ b/src/Http/Controllers/HandlesOAuthErrors.php @@ -13,7 +13,7 @@ trait HandlesOAuthErrors * * @template TResult * - * @param \Closure(): TResult $callback + * @param (\Closure(): TResult) $callback * @return TResult * * @throws \Laravel\Passport\Exceptions\OAuthServerException diff --git a/src/Http/Middleware/CreateFreshApiToken.php b/src/Http/Middleware/CreateFreshApiToken.php index 2ecc477e..ff790530 100644 --- a/src/Http/Middleware/CreateFreshApiToken.php +++ b/src/Http/Middleware/CreateFreshApiToken.php @@ -38,7 +38,7 @@ public static function using(?string $guard = null): string /** * Handle an incoming request. * - * @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next + * @param (\Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response)) $next */ public function handle(Request $request, Closure $next, ?string $guard = null): BaseResponse { diff --git a/src/Http/Middleware/ValidateToken.php b/src/Http/Middleware/ValidateToken.php index 89e0c99e..357fc784 100644 --- a/src/Http/Middleware/ValidateToken.php +++ b/src/Http/Middleware/ValidateToken.php @@ -39,7 +39,7 @@ public static function using(array|string $param, string ...$params): string /** * Handle an incoming request. * - * @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next + * @param (\Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response)) $next */ public function handle(Request $request, Closure $next, string ...$params): Response {