[13.x] Fix possible 500 error when retrieving user on token guard (#1871)

hafezdivandari · web-flow · commit 98173ac70d1b · 2025-11-21T14:53:49.000-06:00
* catch exceptions when retrieving user from the provider

* fix minor cs
diff --git a/src/Console/ClientCommand.php b/src/Console/ClientCommand.php
@@ -131,7 +131,7 @@ protected function createDeviceCodeClient(ClientRepository $clients): Client
     {
         $confidential = $this->hasOption('public')
             ? ! $this->option('public')
-            : $this->confirm('Would you like to make this client confidential?', true);
+            : $this->components->confirm('Would you like to make this client confidential?', true);
 
         return $clients->createDeviceAuthorizationGrantClient($this->option('name'), $confidential);
     }
@@ -151,7 +151,7 @@ protected function createAuthCodeClient(ClientRepository $clients): Client
             : $this->components->confirm('Would you like to make this client confidential?', true);
 
         $enableDeviceFlow = Passport::$deviceCodeGrantEnabled &&
-            $this->confirm('Would you like to enable the device authorization flow for this client?');
+            $this->components->confirm('Would you like to enable the device authorization flow for this client?');
 
         return $clients->createAuthorizationCodeGrantClient(
             $this->option('name'), explode(',', $redirect), $confidential, null, $enableDeviceFlow
diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php
@@ -144,18 +144,18 @@ protected function authenticateViaBearerToken(): ?Authenticatable
         // If the access token is valid we will retrieve the user according to the user ID
         // associated with the token. We will use the provider implementation which may
         // be used to retrieve users from Eloquent. Next, we'll be ready to continue.
-        $user = $this->provider->retrieveById(
-            $psr->getAttribute('oauth_user_id') ?: null
-        );
-
-        if (! $user) {
+        try {
+            $user = $this->provider->retrieveById(
+                $psr->getAttribute('oauth_user_id') ?: null
+            );
+        } catch (Exception) {
             return null;
         }
 
         // Next, we will assign a token instance to this user which the developers may use
         // to determine if the token has a given scope, etc. This will be useful during
         // authorization such as within the developer's Laravel model policy classes.
-        return $user->withAccessToken(AccessToken::fromPsrRequest($psr));
+        return $user?->withAccessToken(AccessToken::fromPsrRequest($psr));
     }
 
     /**
@@ -193,11 +193,13 @@ protected function authenticateViaCookie(): ?Authenticatable
         // If this user exists, we will return this user and attach a "transient" token to
         // the user model. The transient token assumes it has all scopes since the user
         // is physically logged into the application via the application's interface.
-        if ($user = $this->provider->retrieveById($token['sub'])) {
-            return $user->withAccessToken(new TransientToken);
+        try {
+            $user = $this->provider->retrieveById($token['sub']);
+        } catch (Exception) {
+            return null;
         }
 
-        return null;
+        return $user?->withAccessToken(new TransientToken);
     }
 
     /**
diff --git a/src/Http/Controllers/HandlesOAuthErrors.php b/src/Http/Controllers/HandlesOAuthErrors.php
@@ -13,7 +13,7 @@ trait HandlesOAuthErrors
      *
      * @template TResult
      *
-     * @param  \Closure(): TResult  $callback
+     * @param  (\Closure(): TResult)  $callback
      * @return TResult
      *
      * @throws \Laravel\Passport\Exceptions\OAuthServerException
diff --git a/src/Http/Middleware/CreateFreshApiToken.php b/src/Http/Middleware/CreateFreshApiToken.php
@@ -38,7 +38,7 @@ public static function using(?string $guard = null): string
     /**
      * Handle an incoming request.
      *
-     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     * @param  (\Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response))  $next
      */
     public function handle(Request $request, Closure $next, ?string $guard = null): BaseResponse
     {
diff --git a/src/Http/Middleware/ValidateToken.php b/src/Http/Middleware/ValidateToken.php
@@ -39,7 +39,7 @@ public static function using(array|string $param, string ...$params): string
     /**
      * Handle an incoming request.
      *
-     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     * @param  (\Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response))  $next
      */
     public function handle(Request $request, Closure $next, string ...$params): Response
     {

Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,7 @@ protected function createDeviceCodeClient(ClientRepository $clients): Client`
`131`	`131`	`{`
`132`	`132`	`$confidential = $this->hasOption('public')`
`133`	`133`	`? ! $this->option('public')`
`134`		`- : $this->confirm('Would you like to make this client confidential?', true);`
	`134`	`+ : $this->components->confirm('Would you like to make this client confidential?', true);`
`135`	`135`
`136`	`136`	`return $clients->createDeviceAuthorizationGrantClient($this->option('name'), $confidential);`
`137`	`137`	`}`
`@@ -151,7 +151,7 @@ protected function createAuthCodeClient(ClientRepository $clients): Client`
`151`	`151`	`: $this->components->confirm('Would you like to make this client confidential?', true);`
`152`	`152`
`153`	`153`	`$enableDeviceFlow = Passport::$deviceCodeGrantEnabled &&`
`154`		`- $this->confirm('Would you like to enable the device authorization flow for this client?');`
	`154`	`+ $this->components->confirm('Would you like to enable the device authorization flow for this client?');`
`155`	`155`
`156`	`156`	`return $clients->createAuthorizationCodeGrantClient(`
`157`	`157`	`$this->option('name'), explode(',', $redirect), $confidential, null, $enableDeviceFlow`
Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ trait HandlesOAuthErrors`
`13`	`13`	`*`
`14`	`14`	`* @template TResult`
`15`	`15`	`*`
`16`		`- * @param \Closure(): TResult $callback`
	`16`	`+ * @param (\Closure(): TResult) $callback`
`17`	`17`	`* @return TResult`
`18`	`18`	`*`
`19`	`19`	`* @throws \Laravel\Passport\Exceptions\OAuthServerException`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ public static function using(?string $guard = null): string`
`38`	`38`	`/**`
`39`	`39`	`* Handle an incoming request.`
`40`	`40`	`*`
`41`		`- * @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next`
	`41`	`+ * @param (\Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response)) $next`
`42`	`42`	`*/`
`43`	`43`	`public function handle(Request $request, Closure $next, ?string $guard = null): BaseResponse`
`44`	`44`	`{`
Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ public static function using(array\|string $param, string ...$params): string`
`39`	`39`	`/**`
`40`	`40`	`* Handle an incoming request.`
`41`	`41`	`*`
`42`		`- * @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next`
	`42`	`+ * @param (\Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response)) $next`
`43`	`43`	`*/`
`44`	`44`	`public function handle(Request $request, Closure $next, string ...$params): Response`
`45`	`45`	`{`