Inherited scopes ignored when using actingAs #1138
Description
- Passport Version: 7.5.1
- Laravel Version: 6.6.2
- PHP Version: 7.2.24
- Database Driver & Version: n/a
Description:
When using inherited scopes and you attempt to set scope inside Passport::actingAs($user, ['api']) the can method returns false when checking scope api:users:index
Steps To Reproduce:
public function test_acting_as_ignores_with_inherited_scopes()
{
Passport::$withInheritedScopes = true;
$user = Passport::actingAs(factory(User::class)->create(), ['api']);
$this->assertTrue($user->tokenCan('api')); // Works as expected
$this->assertTrue($user->tokenCan('api:users')); // Fails
$this->assertTrue($user->tokenCan('api:users:index')); // Fails
}
public function test_acting_as_ingores_wildcard()
{
Passport::$withInheritedScopes = true;
$user = Passport::actingAs(factory(User::class)->create(), ['*']);
$this->assertTrue($user->tokenCan('api')); // Fails
}
The issue related to Passport.php acting as method:
public static function actingAs($user, $scopes = [], $guard = 'api')
{
$token = Mockery::mock(self::tokenModel())->shouldIgnoreMissing(false);
// This check is different to the logic performed inside the standard token model
foreach ($scopes as $scope) {
$token->shouldReceive('can')->with($scope)->andReturn(true);
}
$user->withAccessToken($token);
if (isset($user->wasRecentlyCreated) && $user->wasRecentlyCreated) {
$user->wasRecentlyCreated = false;
}
app('auth')->guard($guard)->setUser($user);
app('auth')->shouldUse($guard);
return $user;
}
Token.php here logic to handle wildcard and inherited scopes is checked
public function can($scope)
{
if (in_array('*', $this->scopes)) {
return true;
}
$scopes = Passport::$withInheritedScopes
? $this->resolveInheritedScopes($scope)
: [$scope];
foreach ($scopes as $scope) {
if (array_key_exists($scope, array_flip($this->scopes))) {
return true;
}
}
return false;
}