<?php namespace App\Http\Middleware; use Closure; use App\Models\User\User; use Illuminate\Http\Request; use Illuminate\Auth\AuthManager; use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; /** * Authenticate user with Basic Authentication, with Passport token on password field. * * Examples: * curl -u "email@example.com:$TOKEN" -X PROPFIND https://localhost/dav/ * curl -u ":$TOKEN" -X PROPFIND https://localhost/dav/ */ class AuthenticateWithTokenOnBasicAuth { /** * The guard factory instance. * * @var AuthManager * @return \Illuminate\Contracts\Auth\Guard|\Illuminate\Contracts\Auth\StatefulGuard */ protected $auth; /** * Create a new middleware instance. * * @param AuthManager $auth * @return void */ public function __construct(AuthManager $auth) { $this->auth = $auth; } /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $this->authenticate($request); return $next($request); } /** * Handle authentication. * * @param \Illuminate\Http\Request $request * @return mixed */ private function authenticate($request) { if ($this->auth->guard()->check()) { return; } if (! $this->basicAuth($request)) { $this->failedBasicResponse(); } } /** * Try Bearer authentication, with token in 'password' field on basic auth. * * @param \Illuminate\Http\Request $request */ private function basicAuth(Request $request) { if (! $this->assertToken($request)) { return false; } $user = $this->authUser($request); // match User header if present if ($user && (! $request->getUser() || $request->getUser() === $user->email)) { $this->auth->guard()->setUser($user); return true; } return false; } /** * Authenticate user. * * @param \Illuminate\Http\Request $request * @return User|null */ private function authUser(Request $request): ?User { $headerUser = $request->getUser(); $user = null; try { // Remove User from header request as Laravel auth will not authenticate using Bearer token $request->headers->set('PHP_AUTH_USER', ''); /** @var \Illuminate\Auth\RequestGuard */ $guard = $this->auth->guard('api'); /** @var ?User */ $user = $guard->setRequest($request) ->user(); } finally { $request->headers->set('PHP_AUTH_USER', $headerUser); } return $user; } /** * Assert Bearer token is present. * If not using 'password' field on basic auth as Bearer token. * * @param \Illuminate\Http\Request $request * @return bool */ private function assertToken(Request $request): bool { if (! $request->bearerToken()) { $password = $request->getPassword(); $request->headers->set('Authorization', 'Bearer '.$password); } return true; } /** * Get the response for basic authentication. * * @return void * @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException */ protected function failedBasicResponse() { throw new UnauthorizedHttpException('Basic', 'Invalid credentials.'); } }