Set user on Laravel 4

estringana · estringana · commit 91c325f72e18 · 2024-02-09T10:47:05.000+01:00
diff --git a/src/Integrations/Integrations/Laravel/LaravelIntegration.php b/src/Integrations/Integrations/Laravel/LaravelIntegration.php
@@ -398,7 +398,7 @@ function ($This, $scope, $args) use ($integration) {
         // Used by Laravel < 5.0
         \DDTrace\hook_method(
             'Illuminate\Auth\Guard',
-            'setUser',
+            'login',
             function ($This, $scope, $args) use ($integration) {
                 $authClass = 'Illuminate\Auth\UserInterface';
                 if (
@@ -418,6 +418,7 @@ function ($This, $scope, $args) use ($integration) {
                     $metadata['email'] = $args[0]['email'];
                 }
 
+                \DDTrace\set_user($args[0]->getAuthIdentifier(), $metadata);
                 \datadog\appsec\track_user_login_success_event(
                     \method_exists($args[0], 'getAuthIdentifier') ? $args[0]->getAuthIdentifier() : '',
                     $metadata,
@@ -426,6 +427,35 @@ function ($This, $scope, $args) use ($integration) {
             }
         );
 
+        // Used by Laravel < 5.0
+        \DDTrace\hook_method(
+            'Illuminate\Auth\Guard',
+            'user',
+            null,
+            function ($This, $scope, $args, $user) use ($integration) {
+                $authClass = 'Illuminate\Auth\UserInterface';
+                if (
+                    !function_exists('\datadog\appsec\track_user_login_success_event') ||
+                    !isset($user) ||
+                    !$user ||
+                    !($user instanceof $authClass) ||
+                    !\method_exists($user, 'getAuthIdentifier')
+                ) {
+                    return;
+                }
+
+                $metadata = [];
+                if (isset($user['name'])) {
+                    $metadata['name'] = $user['name'];
+                }
+                if (isset($user['email'])) {
+                    $metadata['email'] = $user['email'];
+                }
+
+                \DDTrace\set_user($user->getAuthIdentifier(), $metadata);
+            }
+        );
+
         // Used by Laravel < 5.0
         \DDTrace\hook_method(
             'Illuminate\Auth\Guard',
@@ -461,6 +491,7 @@ function ($This, $scope, $args) use ($integration) {
             }
         );
 
+        // Used by Laravel >= 5.0
         \DDTrace\hook_method(
             'Illuminate\Auth\Events\Authenticated',
             '__construct',
diff --git a/tests/Frameworks/Laravel/Version_4_2/app/controllers/LoginTestController.php b/tests/Frameworks/Laravel/Version_4_2/app/controllers/LoginTestController.php
@@ -30,4 +30,9 @@ public function register()
 
         return "registered";
     }
+
+    public function behind_auth()
+    {
+        return "page behind auth";
+    }
 }
diff --git a/tests/Frameworks/Laravel/Version_4_2/app/routes.php b/tests/Frameworks/Laravel/Version_4_2/app/routes.php
@@ -23,3 +23,7 @@
 Route::get('/eloquent/refresh', 'EloquentTestController@refresh');
 Route::get('/login/auth', 'LoginTestController@auth');
 Route::get('/login/signup', 'LoginTestController@register');
+Route::group(array('before' => 'auth'), function()
+{
+   Route::get('/behind_auth', 'LoginTestController@behind_auth');
+});
diff --git a/tests/Integrations/Laravel/V4/LoginEventsTest.php b/tests/Integrations/Laravel/V4/LoginEventsTest.php
@@ -71,14 +71,20 @@ public function testUserLoginSuccessEvent()
         $this->assertEquals('track_user_login_success_event', $events[0]['eventName']);
     }
 
-    public function testUserLoginSuccessEvent()
+    public function testLoggedInCalls()
     {
         $id = 1234;
         $name = 'someName';
         $email = 'test-user@email.com';
         $this->createUser($id, $name, $email);
 
-        $this->login($email);
+        //First log in
+        $traces = $this->login($email);
+
+        $meta = $traces[0][0]['meta'];
+        $this->assertEquals($id, $meta['usr.id']);
+        $this->assertEquals($name, $meta['usr.name']);
+        $this->assertEquals($email, $meta['usr.email']);
 
         $events = AppsecStatus::getInstance()->getEvents();
         $this->assertEquals(1, count($events));
@@ -87,6 +93,19 @@ public function testUserLoginSuccessEvent()
         $this->assertEquals($email, $events[0]['metadata']['email']);
         $this->assertTrue($events[0]['automated']);
         $this->assertEquals('track_user_login_success_event', $events[0]['eventName']);
+
+        //Now we are logged in lets do another call
+        AppsecStatus::getInstance()->setDefaults(); //Remove all events
+        $traces = $this->tracesFromWebRequest(function () {
+            $this->call(GetSpec::create('Behind auth', '/behind_auth'));
+        });
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(0, count($events)); //Auth does not generate appsec events
+        $meta = $traces[0][0]['meta'];
+        $this->assertEquals($id, $meta['usr.id']);
+        $this->assertEquals($name, $meta['usr.name']);
+        $this->assertEquals($email, $meta['usr.email']);
     }
 
     public function testUserLoginFailureEvent()

Original file line number	Diff line number	Diff line change
`@@ -30,4 +30,9 @@ public function register()`
`30`	`30`
`31`	`31`	`return "registered";`
`32`	`32`	`}`
	`33`	`+`
	`34`	`+ public function behind_auth()`
	`35`	`+ {`
	`36`	`+ return "page behind auth";`
	`37`	`+ }`
`33`	`38`	`}`