[5.7] Fix actingAs

[laurencei]

This fixes #25868 (and duplicates #21107, #25775 and #23270)

So fresh install of Laravel 5.7:

Route::get('/test', function () {
    return Auth::user();
});

public function testBasicTest()
{
    $user = factory(\App\User::class)->create();
    $response = $this->actingAs($user)->get('/test');
    $response->assertOk();
}

This test fails - because Response status code [201] does not match expected 200 status code.

This is a bug.

The $user was created before the start of the reqeust. i.e. we did not create a new user and return it inside of /test. The creation of $user is just to setup the requirements of the test.

The point of 201 is the request was successful and you created a resource. But in the test above - I did not create a resource inside of that request.

This PR ensures that anyone pre-authenticated (using actingAs() or be()) is never marked as newly created - since that is logically impossible (you cant be pre-authenticated against a resource that doesnt exist before the request even begins).

In other words - you must already have a preexisting user to be/act as them

[driesvints]

@laurencei might be worth to send this to master for 5.8 because I think this will probably be a breaking change for some people.

[laurencei]

Whilst I dont disagree it might break - it would only break test cases, which are actually returning incorrect results though? i.e. this is a bug fix of an incorrect value.

If I had a test that I wanted explicitly to get a 201, and after this patch I start getting a 200 on my test - is it correct to hide the error until 5.8 is released? Because the bug is hiding what would be returned in production.

Production returns would be unchanged obviously.

I'll leave it and if Taylor says I can change it - happy either way.

[driesvints]

@laurencei fair enough :)

[mfn]

Wish the commit would contain the great PR description 😂

[tillkruss]

Isn't this the same as this?

if ($user->wasRecentlyCreated ?? false) { }

[laurencei]

probably... 😄

[devcircus]

This happens across the board with testing for any model. Doesn't make sense to just patch this one case. It would've been best to just let the developer account for this, or revert the magic that causes it.

[laurencei]

This happens across the board with testing for any model.

@devcircus - No it doesnt. It only occurs for an auth user - because you directly pass the newly created model into the actingAs and basically insert it into the framework directly (bypassing the normal request cycle).

Any other models created prior to the request are retrieved during the request, and therefore are not wasRecentlyCreated

That's why this was a specific target.