Lumen-framework: Lumen guards broken in AuthServiceProvider

Created on 20 Jun 2017 · 12Comments · Source: laravel/lumen-framework

Lumen Version: 5.4.6
PHP Version: 7.1
Database Driver & Version: Mysql

Description:

Can't capture the request in the boot function of AuthServiceProvider class, actually this is happen with the last fix on the container bound position https://github.com/laravel/framework/commit/778b1ff0d7d3227f178344a6621edbd999770b4d

In laravel, the request is instantiate from the beginning and when this pass for the instance method of the container class the object is updated but in lumen this don't happen cuz when we call to the refresh method of the container the request object never was instantiated before and with this in the AuthProviderService we get a empty Request object.

Steps To Reproduce:

This is easy get a clean installation of Lumen 5.4.6
Uncomment AuthServiceProvider in bootstrap/app.php
Go to app/Providers/AuthServiceProvider.php and dump the Request object inside of the closure in viaRequest call
After that make a http request to ur installation and pass any header

PD: this is bad cuz i have a system with JWT authentication and i can't validate any user of my system cuz i can't capture the token in the header of the request.

Source

Azakur4

👍4

All 12 comments

@Azakur4 you should use a middleware for that....don't use request class in your service provider

mstaack on 20 Jun 2017

actually i don't create a Request object in the AuthServiceProvider, i follow the example of the lumen boilerplate that he use the request objecte inside the closure of viaRequest method see this:

https://github.com/laravel/lumen/blob/master/app/Providers/AuthServiceProvider.php#L26-L39

that request object always be empty in lumen, with the last fix of Illuminate/Container

Azakur4 on 20 Jun 2017

and what gives $request->headers->all();?

mstaack on 20 Jun 2017

return and empty array []

Azakur4 on 21 Jun 2017

👍1

@taylorotwell some help with this pls

Azakur4 on 21 Jun 2017

👍1

@Azakur4 How did you manage to solve the issue?

Mathius17 on 31 Aug 2017

i put this line in my composer.json

section require

"illuminate/container": "5.4.19"

in that version of the container all is working after that the problem appear.

Azakur4 on 31 Aug 2017

I discovered that my issue was with an external package but thanks for the tip anyway!

Mathius17 on 31 Aug 2017

@Azakur4

I had a similar problem , when my request was not yet binded. When do you register your code? In boot or in register method?

catalinux on 1 Sep 2017

@catalinux in boot

Azakur4 on 1 Sep 2017

I'm getting bit by this one as well - again trying to use JWT authentication following the basic use case from the docs.

Has anyone got a nice solution / example for how/where to handle the JWT headers now if the $request object can't be used in a service provider?

Everywhere says middleware should be used but I'm not seeing how I get from doing something in middle to being able to return the correct user from the AuthServiceProvider.

Update - actually looks like Sentry was the culprit for me (same as reported: https://stackoverflow.com/a/44658326)