Merge branch '9.x'

# Conflicts:
#	CHANGELOG.md

Author: driesvints

CHANGELOG.md

@@ -1,6 +1,14 @@
 # Release Notes
 
-## [Unreleased](https://github.com/laravel/passport/compare/v9.0.0...master)
+## [Unreleased](https://github.com/laravel/passport/compare/v9.0.1...master)
+
+
+## [v9.0.1 (2020-05-06)](https://github.com/laravel/passport/compare/v9.0.0...v9.0.1)
+
+### Fixed
+- Fix displaying secret in Vue component ([#1244](https://github.com/laravel/passport/pull/1244))
+- Moved provider check to bearer token only ([#1246](https://github.com/laravel/passport/pull/1246))
+- Fix create client call ([aff9d09](https://github.com/laravel/passport/commit/aff9d0933737354d04df98cfc431fa20309be03a))
 
 
 ## [v9.0.0 (2020-05-05)](https://github.com/laravel/passport/compare/v8.5.0...v9.0.0)

resources/js/components/Clients.vue

@@ -50,7 +50,7 @@
 
                             <!-- Secret -->
                             <td style="vertical-align: middle;">
-                                <code>{{ client.secret }}</code>
+                                <code>{{ client.secret ? client.secret : '-' }}</code>
                             </td>
 
                             <!-- Edit Button -->
@@ -337,7 +337,7 @@
 
                 axios[method](uri, form)
                     .then(response => {
-                        this.getClients();
+                        this.clients.push(response.data);
 
                         form.name = '';
                         form.redirect = '';

src/Guards/TokenGuard.php

@@ -108,10 +108,6 @@ protected function hasValidProvider(Request $request)
      */
     public function user(Request $request)
     {
-        if (! $this->hasValidProvider($request)) {
-            return;
-        }
-
         if ($request->bearerToken()) {
             return $this->authenticateViaBearerToken($request);
         } elseif ($request->cookie(Passport::cookie())) {
@@ -154,6 +150,10 @@ protected function authenticateViaBearerToken($request)
             return;
         }
 
+        if (! $this->hasValidProvider($request)) {
+            return;
+        }
+
         // If the access token is valid we will retrieve the user according to the user ID
         // associated with the token. We will use the provider implementation which may
         // be used to retrieve users from Eloquent. Next, we'll be ready to continue.

src/Http/Controllers/ClientController.php

@@ -7,6 +7,7 @@
 use Illuminate\Http\Response;
 use Laravel\Passport\ClientRepository;
 use Laravel\Passport\Http\Rules\RedirectRule;
+use Laravel\Passport\Passport;
 
 class ClientController
 {
@@ -59,14 +60,20 @@ public function forUser(Request $request)
     {
         $userId = $request->user()->getAuthIdentifier();
 
-        return $this->clients->activeForUser($userId)->makeVisible('secret');
+        $clients = $this->clients->activeForUser($userId);
+
+        if (Passport::$hashesClientSecrets) {
+            return $clients;
+        }
+
+        return $clients->makeVisible('secret');
     }
 
     /**
      * Store a new client.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @return \Laravel\Passport\Client
+     * @return \Laravel\Passport\Client|array
      */
     public function store(Request $request)
     {
@@ -76,10 +83,16 @@ public function store(Request $request)
             'confidential' => 'boolean',
         ])->validate();
 
-        return $this->clients->create(
+        $client = $this->clients->create(
             $request->user()->getAuthIdentifier(), $request->name, $request->redirect,
-            false, false, (bool) $request->input('confidential', true)
-        )->makeVisible('secret');
+            null, false, false, (bool) $request->input('confidential', true)
+        );
+
+        if (Passport::$hashesClientSecrets) {
+            return ['secret' => $client->plainSecret] + $client->toArray();
+        }
+
+        return $client->makeVisible('secret');
     }
 
     /**

tests/ClientControllerTest.php

@@ -48,7 +48,7 @@ public function test_clients_can_be_stored()
 
         $clients->shouldReceive('create')
             ->once()
-            ->with(1, 'client name', 'http://localhost', false, false, true)
+            ->with(1, 'client name', 'http://localhost', null, false, false, true)
             ->andReturn($client = new Client);
 
         $redirectRule = m::mock(RedirectRule::class);
@@ -86,7 +86,7 @@ public function test_public_clients_can_be_stored()
 
         $clients->shouldReceive('create')
             ->once()
-            ->with(1, 'client name', 'http://localhost', false, false, false)
+            ->with(1, 'client name', 'http://localhost', null, false, false, false)
             ->andReturn($client = new Client);
 
         $redirectRule = m::mock(RedirectRule::class);