Moved provider check to bearer token only (#1246)

billriess · web-flow · commit 32e5a6a2c11a · 2020-05-06T11:56:23.000-05:00
diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php
@@ -108,10 +108,6 @@ protected function hasValidProvider(Request $request)
      */
     public function user(Request $request)
     {
-        if (! $this->hasValidProvider($request)) {
-            return;
-        }
-
         if ($request->bearerToken()) {
             return $this->authenticateViaBearerToken($request);
         } elseif ($request->cookie(Passport::cookie())) {
@@ -154,6 +150,10 @@ protected function authenticateViaBearerToken($request)
             return;
         }
 
+        if (! $this->hasValidProvider($request)) {
+            return;
+        }
+
         // If the access token is valid we will retrieve the user according to the user ID
         // associated with the token. We will use the provider implementation which may
         // be used to retrieve users from Eloquent. Next, we'll be ready to continue.
