Use GuardHelpers trait & Enhance RemoteUserProvider

app/Extensions/RemoteUserProvider.php

@@ -13,23 +13,55 @@
 
 class RemoteUserProvider implements UserProvider
 {
+    // 2FAuth is single user by design and domain data are not coupled to the user model.
+    // So the RemoteUserProvider provides a non-persisted user, dynamically instanciated using data
+    // from the auth proxy.
+    //
+    // This way no matter the user data set at proxy level, 2FAuth will always
+    // authenticate a request from the proxy and will return domain data without restriction.
+    //
+    // The downside of this approach is that we have to be sure that no change that needs
+    // to be persisted will be made to the user instance afterward (i.e through middlewares).
+
+
+    /**
+     * The currently authenticated user.
+     *
+     * @var \App\Models\User|null
+     */
+    protected $user;
+
+
+    /**
+     * Get the In-memory user
+     * 
+     * @return \App\Models\User
+     */
+    protected function getInMemoryUser()
+    {
+        if (is_null($this->user)) {
+            $this->user = new User;
+            $this->user->name = 'Remote User';
+            $this->user->email = 'fake.email@do.not.use';
+        }
+        
+        return $this->user;
+    }
+
+
     /**
      * @inheritDoc
      */
     public function retrieveById($identifier)
     {
-        // 2FAuth is single user by design and domain data are not coupled to the user model.
-        // So we provide a non-persisted user, dynamically instanciated using data
-        // from the auth proxy.
-        // This way no matter the user account used at proxy level, 2FAuth will always
-        // authenticate a request from the proxy and will return domain data without restriction.
-        //
-        // The downside of this approach is that we have to be sure that no change that needs
-        // to be persisted will be made to the user instance afterward (i.e through middlewares).
+        $user = $this->getInMemoryUser();
 
-        $user = new User;
-        $user->name = $identifier['user'];
-        $user->email = Arr::has($identifier, 'email') ? $identifier['email'] : 'fake.email@do.not.use';
+        if (Arr::has($identifier, 'user')) {
+            $user->name = $identifier['user'];
+        }
+        if (Arr::has($identifier, 'email')) {
+            $user->email = $identifier['email'];
+        }
 
         return $user;
     }
@@ -41,7 +73,7 @@ public function retrieveById($identifier)
      */
     public function retrieveByToken($identifier, $token)
     {
-        throw new Exception(sprintf('No implementation for %s', __METHOD__));
+        return $this->retrieveById($identifier);
     }
 
     /**
@@ -61,7 +93,7 @@ public function updateRememberToken(Authenticatable $user, $token)
      */
     public function retrieveByCredentials(array $credentials)
     {
-        throw new Exception(sprintf('No implementation for %s', __METHOD__));
+        return $this->getInMemoryUser();
     }
 
     /**
@@ -71,6 +103,6 @@ public function retrieveByCredentials(array $credentials)
      */
     public function validateCredentials(Authenticatable $user, array $credentials)
     {
-        throw new Exception(sprintf('No implementation for %s', __METHOD__));
+        return true;
     }
 }

app/Services/Auth/ReverseProxyGuard.php

@@ -5,28 +5,22 @@
 
 namespace App\Services\Auth;
 
-use Exception;
-use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\Guard;
 use Illuminate\Contracts\Auth\UserProvider;
+use Illuminate\Auth\GuardHelpers;
 use Illuminate\Support\Facades\Log;
 
 class ReverseProxyGuard implements Guard
 {
+    use GuardHelpers;
+
     /**
      * The currently authenticated user.
      *
-     * @var \Illuminate\Contracts\Auth\Authenticatable
+     * @var \Illuminate\Contracts\Auth\Authenticatable|null
      */
     protected $user;
 
-    /**
-     * The user provider implementation.
-     *
-     * @var \Illuminate\Contracts\Auth\UserProvider
-     */
-    protected $provider;
-
     /**
      * Create a new authentication guard.
      *
@@ -38,22 +32,6 @@ public function __construct(UserProvider $provider)
         $this->provider = $provider;
     }
 
-    /**
-     * @inheritDoc
-     */
-    public function check(): bool
-    {
-        return !is_null($this->user());
-    }
-
-    /**
-     * @inheritDoc
-     */
-    public function guest(): bool
-    {
-        return !$this->check();
-    }
-
     /**
      * @inheritDoc
      */
@@ -62,12 +40,10 @@ public function user()
         // If we've already retrieved the user for the current request we can just
         // return it back immediately. We do not want to fetch the user data on
         // every call to this method because that would be tremendously slow.
-        if (!is_null($this->user)) {
+        if (! is_null($this->user)) {
             return $this->user;
         }
 
-        $user = null;
-
         // Get the user identifier from $_SERVER or apache filtered headers
         $remoteUserHeader = config('auth.auth_proxy_headers.user');
         $remoteUserHeader = $remoteUserHeader ?: 'REMOTE_USER';
@@ -101,39 +77,19 @@ public function user()
             }
         }
 
-        $user = $this->provider->retrieveById($identifier);
-
-        return $this->user = $user;
-    }
-
-    /**
-     * @inheritDoc
-     * 
-     * @codeCoverageIgnore
-     */
-    public function id()
-    {
-        return $this->user;
+        return $this->user = $this->provider->retrieveById($identifier);
     }
 
     /**
      * Validate a user's credentials.
      *
      * @param  array  $credentials
-     * @return Exception
+     * @return bool
      * 
      * @codeCoverageIgnore
      */
     public function validate(array $credentials = [])
     {
-        throw new Exception('No implementation for RemoteUserGuard::validate()');
-    }
-
-    /**
-     * @inheritDoc
-     */
-    public function setUser(Authenticatable $user)
-    {
-        $this->user = $user;
+        return $this->check();
     }
 }