DataDog · estringana · Feb 7, 2024 · Feb 7, 2024 · Feb 7, 2024 · Feb 7, 2024
@@ -60,3 +60,4 @@ package.json
 packages.json
 package-lock.json
 yarn.lock
+cookies.txt
@@ -400,6 +400,7 @@ function ($This, $scope, $args) use ($integration) {
                     $metadata['email'] = $args[0]['email'];
                 }
 
+                \DDTrace\set_user($args[0]->getAuthIdentifier(), $metadata);
                 \datadog\appsec\track_user_login_success_event(
                     \method_exists($args[0], 'getAuthIdentifier') ? $args[0]->getAuthIdentifier() : '',
                     $metadata,
@@ -408,6 +409,34 @@ function ($This, $scope, $args) use ($integration) {
             }
         );
 
+        // Used by Laravel < 5.0
+        \DDTrace\hook_method(
+            'Illuminate\Auth\Guard',
+            'user',
+            null,
+            function ($This, $scope, $args, $user) use ($integration) {
+                $authClass = 'Illuminate\Auth\UserInterface';
+                if (
+                    !isset($user) ||
+                    !$user ||
+                    !($user instanceof $authClass) ||
+                    !\method_exists($user, 'getAuthIdentifier')
+                ) {
+                    return;
+                }
+
+                $metadata = [];
+                if (isset($user['name'])) {
+                    $metadata['name'] = $user['name'];
+                }
+                if (isset($user['email'])) {
+                    $metadata['email'] = $user['email'];
+                }
+
+                \DDTrace\set_user($user->getAuthIdentifier(), $metadata);
+            }
+        );
+
         // Used by Laravel < 5.0
         \DDTrace\hook_method(
             'Illuminate\Auth\Guard',
@@ -443,6 +472,36 @@ function ($This, $scope, $args) use ($integration) {
             }
         );
 
+        // Used by Laravel >= 5.0
+        \DDTrace\hook_method(
+            'Illuminate\Auth\Events\Authenticated',
+            '__construct',
+            null,
+            function ($This, $scope, $args) use ($integration) {
+                $authClass = 'Illuminate\Contracts\Auth\Authenticatable';
+                if (
+                    !isset($args[1]) ||
+                    !$args[1] ||
+                    !($args[1] instanceof $authClass)
+                ) {
+                    return;
+                }
+
+                $meta = [];
+                $user = $args[1];
+                if (isset($user->name)) {
+                    $meta['name'] = $user->name;
+                }
+                if (isset($user->email)) {
+                    $meta['email'] = $user->email;
+                }
+
+                if (\method_exists($user, 'getAuthIdentifier')) {
+                    \DDTrace\set_user($user->getAuthIdentifier(), $meta);
+                }
+            }
+        );
+
         return Integration::LOADED;
     }
 

@@ -21,12 +21,36 @@ abstract class WebFrameworkTestCase extends IntegrationTestCase
     const PORT = 9999;
 
     const ERROR_LOG_NAME = 'phpunit_error.log';
+    const COOKIE_JAR = 'cookies.txt';
 
     /**
      * @var WebServer|null
      */
     private static $appServer;
     protected $checkWebserverErrors = true;
+    protected $cookiesFile;
+    protected $maintainSession = false;
+
+    protected function ddSetUp()
+    {
+        parent::ddSetUp();
+    }
+
+    protected function enableSession()
+    {
+        $this->maintainSession = true;
+        $this->cookiesFile = realpath(dirname(static::getAppIndexScript())) . '/' . static::COOKIE_JAR;
+        $f = @fopen($this->cookiesFile, "r+");
+        if ($f !== false) {
+            ftruncate($f, 0);
+            fclose($f);
+        }
+    }
+
+    protected function disableSession()
+    {
+        $this->maintainSession = false;
+    }
 
     public static function ddSetUpBeforeClass()
     {
@@ -215,6 +239,12 @@ protected function sendRequest($method, $url, $headers = [], $body = [], $change
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, $options[CURLOPT_RETURNTRANSFER]);
             curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
             curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $options[CURLOPT_FOLLOWLOCATION]);
+            if ($this->maintainSession) {
+                curl_setopt($ch, CURLOPT_COOKIEJAR, $this->cookiesFile);
+                curl_setopt ($ch, CURLOPT_COOKIEFILE, $this->cookiesFile);
+                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+                curl_setopt($ch, CURLOPT_HEADER, 1);
+            }
             if ($method === 'POST') {
                 curl_setopt($ch, CURLOPT_POST, true);
                 curl_setopt($ch, CURLOPT_POSTFIELDS, is_array($body) ? json_encode($body) : $body);

@@ -8,13 +8,6 @@ LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
-DB_CONNECTION=mysql
-DB_HOST=127.0.0.1
-DB_PORT=3306
-DB_DATABASE=laravel
-DB_USERNAME=root
-DB_PASSWORD=
-
 BROADCAST_DRIVER=log
 CACHE_DRIVER=file
 FILESYSTEM_DISK=local

@@ -8,13 +8,6 @@ LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
-DB_CONNECTION=mysql
-DB_HOST=127.0.0.1
-DB_PORT=3306
-DB_DATABASE=laravel
-DB_USERNAME=root
-DB_PASSWORD=
-
 BROADCAST_DRIVER=log
 CACHE_DRIVER=file
 FILESYSTEM_DISK=local

@@ -0,0 +1,58 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Auth\Events\Registered;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Http\RedirectResponse;
+use App\Providers\RouteServiceProvider;
+use App\Models\User;
+
+class LoginTestController extends Controller
+{
+    /**
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function auth(Request $request)
+    {
+        $credentials = [
+            'email' => $request->get('email'),
+            'password' => 'password',
+        ];
+
+        if (Auth::attempt($credentials)) {
+            return response('Login successful', 200);
+        }
+
+        return response('Invalid credentials', 403);
+    }
+
+    public function register(Request $request): RedirectResponse
+    {
+        $request->validate([
+            'name' => ['required'],
+            'email' => ['required'],
+            'password' => ['required'],
+        ]);
+
+        $user = User::create([
+            'name' => $request->name,
+            'email' => $request->email,
+            'password' => Hash::make($request->password),
+        ]);
+
+        event(new Registered($user));
+
+        Auth::login($user);
+
+        return redirect('/simple');
+    }
+
+    public function behind_auth()
+    {
+        return "page behind auth";
+    }
+}
@@ -2,6 +2,7 @@
 
 namespace App\Providers;
 
+use Illuminate\Support\Facades\Schema;
 use Illuminate\Support\ServiceProvider;
 
 class AppServiceProvider extends ServiceProvider
@@ -19,6 +20,6 @@ public function register(): void
      */
     public function boot(): void
     {
-        //
+        Schema::defaultStringLength(191);
     }
 }
@@ -30,12 +30,14 @@
     "autoload-dev": {
         "psr-4": {
             "Tests\\": "tests/"
-        }
+        },
+        "files": ["../../../Appsec/Mock.php"]
     },
     "scripts": {
         "post-autoload-dump": [
             "Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
-            "@php artisan package:discover --ansi"
+            "@php artisan package:discover --ansi",
+            "@php artisan migrate:fresh --force"
         ],
         "post-update-cmd": [
             "@php artisan vendor:publish --tag=laravel-assets --ansi --force"

@@ -46,11 +46,11 @@
         'mysql' => [
             'driver' => 'mysql',
             'url' => env('DATABASE_URL'),
-            'host' => env('DB_HOST', '127.0.0.1'),
+            'host' => env('DB_HOST', 'mysql_integration'),
             'port' => env('DB_PORT', '3306'),
-            'database' => env('DB_DATABASE', 'forge'),
-            'username' => env('DB_USERNAME', 'forge'),
-            'password' => env('DB_PASSWORD', ''),
+            'database' => env('DB_DATABASE', 'test'),
+            'username' => env('DB_USERNAME', 'test'),
+            'password' => env('DB_PASSWORD', 'test'),
             'unix_socket' => env('DB_SOCKET', ''),
             'charset' => 'utf8mb4',
             'collation' => 'utf8mb4_unicode_ci',

@@ -1,6 +1,7 @@
 <?php
 
 use App\Http\Controllers\CommonSpecsController;
+use App\Http\Controllers\LoginTestController;
 use Illuminate\Support\Facades\Route;
 
 /*
@@ -17,3 +18,6 @@
 Route::get('simple', [CommonSpecsController::class, 'simple'])->name('simple_route');
 Route::get('simple_view', [CommonSpecsController::class, 'simple_view']);
 Route::get('error', [CommonSpecsController::class, 'error']);
+Route::get('login/auth', [LoginTestController::class, 'auth'])->name('login');
+Route::get('login/signup', [LoginTestController::class, 'register']);
+Route::get('/behind_auth', [LoginTestController::class, 'behind_auth'])->name('behind_auth')->middleware('auth');
@@ -30,4 +30,9 @@ public function register()
 
         return "registered";
     }
+
+    public function behind_auth()
+    {
+        return "page behind auth";
+    }
 }
@@ -23,3 +23,7 @@
 Route::get('/eloquent/refresh', 'EloquentTestController@refresh');
 Route::get('/login/auth', 'LoginTestController@auth');
 Route::get('/login/signup', 'LoginTestController@register');
+Route::group(array('before' => 'auth'), function()
+{
+   Route::get('/behind_auth', 'LoginTestController@behind_auth');
+});
@@ -54,4 +54,9 @@ protected function create(array $data)
 
         return $user;
     }
+
+    public function behind_auth()
+    {
+        return "page behind auth";
+    }
 }
@@ -30,3 +30,7 @@
 Route::get('queue/workOn', 'QueueTestController@workOn');
 Route::get('login/auth', 'LoginTestController@auth');
 Route::get('login/signup', 'LoginTestController@register');
+Route::group(array('before' => 'auth'), function()
+{
+   Route::get('/behind_auth', 'LoginTestController@behind_auth');
+});
@@ -54,4 +54,9 @@ protected function create(array $data)
 
         return $user;
     }
+
+    public function behind_auth()
+    {
+        return "page behind auth";
+    }
 }
@@ -27,3 +27,7 @@
 Route::get('queue/workOn', 'QueueTestController@workOn');
 Route::get('login/auth', 'LoginTestController@auth');
 Route::get('login/signup', 'LoginTestController@register');
+Route::group(array('before' => 'auth'), function()
+{
+   Route::get('/behind_auth', 'LoginTestController@behind_auth');
+});
@@ -50,4 +50,9 @@ public function register(Request $request): RedirectResponse
 
         return redirect(RouteServiceProvider::HOME);
     }
+
+    public function behind_auth()
+    {
+        return "page behind auth";
+    }
 }
@@ -39,6 +39,7 @@
 Route::get('queue/workOn', [QueueTestController::class, 'workOn']);
 Route::get('login/auth', [LoginTestController::class, 'auth']);
 Route::get('login/signup', [LoginTestController::class, 'register']);
+Route::get('/behind_auth', [LoginTestController::class, 'behind_auth'])->name('behind_auth')->middleware('auth');
 
 // This route has to remain unnamed so we test both route cached and not cached.
 Route::get('/unnamed-route', [RouteCachingController::class, 'unnamed']);
@@ -8,13 +8,6 @@ LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
-DB_CONNECTION=mysql
-DB_HOST=127.0.0.1
-DB_PORT=3306
-DB_DATABASE=laravel
-DB_USERNAME=root
-DB_PASSWORD=
-
 BROADCAST_DRIVER=log
 CACHE_DRIVER=file
 FILESYSTEM_DISK=local

@@ -8,13 +8,6 @@ LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
-DB_CONNECTION=mysql
-DB_HOST=127.0.0.1
-DB_PORT=3306
-DB_DATABASE=laravel
-DB_USERNAME=root
-DB_PASSWORD=
-
 BROADCAST_DRIVER=log
 CACHE_DRIVER=file
 FILESYSTEM_DISK=local