From 91c325f72e185c536011f6bd843dcc4e30751e44 Mon Sep 17 00:00:00 2001 From: Alejandro Estringana Ruiz Date: Fri, 9 Feb 2024 10:47:05 +0100 Subject: [PATCH] Set user on Laravel 4 --- .../Laravel/LaravelIntegration.php | 33 ++++++++++++++++++- .../app/controllers/LoginTestController.php | 5 +++ .../Laravel/Version_4_2/app/routes.php | 4 +++ .../Laravel/V4/LoginEventsTest.php | 23 +++++++++++-- 4 files changed, 62 insertions(+), 3 deletions(-) diff --git a/src/Integrations/Integrations/Laravel/LaravelIntegration.php b/src/Integrations/Integrations/Laravel/LaravelIntegration.php index 5949f410e73..f73ce043343 100644 --- a/src/Integrations/Integrations/Laravel/LaravelIntegration.php +++ b/src/Integrations/Integrations/Laravel/LaravelIntegration.php @@ -398,7 +398,7 @@ function ($This, $scope, $args) use ($integration) { // Used by Laravel < 5.0 \DDTrace\hook_method( 'Illuminate\Auth\Guard', - 'setUser', + 'login', function ($This, $scope, $args) use ($integration) { $authClass = 'Illuminate\Auth\UserInterface'; if ( @@ -418,6 +418,7 @@ function ($This, $scope, $args) use ($integration) { $metadata['email'] = $args[0]['email']; } + \DDTrace\set_user($args[0]->getAuthIdentifier(), $metadata); \datadog\appsec\track_user_login_success_event( \method_exists($args[0], 'getAuthIdentifier') ? $args[0]->getAuthIdentifier() : '', $metadata, @@ -426,6 +427,35 @@ function ($This, $scope, $args) use ($integration) { } ); + // Used by Laravel < 5.0 + \DDTrace\hook_method( + 'Illuminate\Auth\Guard', + 'user', + null, + function ($This, $scope, $args, $user) use ($integration) { + $authClass = 'Illuminate\Auth\UserInterface'; + if ( + !function_exists('\datadog\appsec\track_user_login_success_event') || + !isset($user) || + !$user || + !($user instanceof $authClass) || + !\method_exists($user, 'getAuthIdentifier') + ) { + return; + } + + $metadata = []; + if (isset($user['name'])) { + $metadata['name'] = $user['name']; + } + if (isset($user['email'])) { + $metadata['email'] = $user['email']; + } + + \DDTrace\set_user($user->getAuthIdentifier(), $metadata); + } + ); + // Used by Laravel < 5.0 \DDTrace\hook_method( 'Illuminate\Auth\Guard', @@ -461,6 +491,7 @@ function ($This, $scope, $args) use ($integration) { } ); + // Used by Laravel >= 5.0 \DDTrace\hook_method( 'Illuminate\Auth\Events\Authenticated', '__construct', diff --git a/tests/Frameworks/Laravel/Version_4_2/app/controllers/LoginTestController.php b/tests/Frameworks/Laravel/Version_4_2/app/controllers/LoginTestController.php index 5b872529b75..7649f6a240b 100644 --- a/tests/Frameworks/Laravel/Version_4_2/app/controllers/LoginTestController.php +++ b/tests/Frameworks/Laravel/Version_4_2/app/controllers/LoginTestController.php @@ -30,4 +30,9 @@ public function register() return "registered"; } + + public function behind_auth() + { + return "page behind auth"; + } } diff --git a/tests/Frameworks/Laravel/Version_4_2/app/routes.php b/tests/Frameworks/Laravel/Version_4_2/app/routes.php index c1a29bd86bd..a086b36a64c 100644 --- a/tests/Frameworks/Laravel/Version_4_2/app/routes.php +++ b/tests/Frameworks/Laravel/Version_4_2/app/routes.php @@ -23,3 +23,7 @@ Route::get('/eloquent/refresh', 'EloquentTestController@refresh'); Route::get('/login/auth', 'LoginTestController@auth'); Route::get('/login/signup', 'LoginTestController@register'); +Route::group(array('before' => 'auth'), function() +{ + Route::get('/behind_auth', 'LoginTestController@behind_auth'); +}); diff --git a/tests/Integrations/Laravel/V4/LoginEventsTest.php b/tests/Integrations/Laravel/V4/LoginEventsTest.php index 37a8d9a1d26..0f5293975e4 100644 --- a/tests/Integrations/Laravel/V4/LoginEventsTest.php +++ b/tests/Integrations/Laravel/V4/LoginEventsTest.php @@ -71,14 +71,20 @@ public function testUserLoginSuccessEvent() $this->assertEquals('track_user_login_success_event', $events[0]['eventName']); } - public function testUserLoginSuccessEvent() + public function testLoggedInCalls() { $id = 1234; $name = 'someName'; $email = 'test-user@email.com'; $this->createUser($id, $name, $email); - $this->login($email); + //First log in + $traces = $this->login($email); + + $meta = $traces[0][0]['meta']; + $this->assertEquals($id, $meta['usr.id']); + $this->assertEquals($name, $meta['usr.name']); + $this->assertEquals($email, $meta['usr.email']); $events = AppsecStatus::getInstance()->getEvents(); $this->assertEquals(1, count($events)); @@ -87,6 +93,19 @@ public function testUserLoginSuccessEvent() $this->assertEquals($email, $events[0]['metadata']['email']); $this->assertTrue($events[0]['automated']); $this->assertEquals('track_user_login_success_event', $events[0]['eventName']); + + //Now we are logged in lets do another call + AppsecStatus::getInstance()->setDefaults(); //Remove all events + $traces = $this->tracesFromWebRequest(function () { + $this->call(GetSpec::create('Behind auth', '/behind_auth')); + }); + + $events = AppsecStatus::getInstance()->getEvents(); + $this->assertEquals(0, count($events)); //Auth does not generate appsec events + $meta = $traces[0][0]['meta']; + $this->assertEquals($id, $meta['usr.id']); + $this->assertEquals($name, $meta['usr.name']); + $this->assertEquals($email, $meta['usr.email']); } public function testUserLoginFailureEvent()