Fetch token cookie name from config

src/ApiTokenCookieFactory.php

@@ -51,7 +51,7 @@ public function make($userId, $csrfToken)
         $expiration = Carbon::now()->addMinutes($config['lifetime']);
 
         return new Cookie(
-            'laravel_token',
+            $this->config->get('session.token_cookie', 'laravel_token'),
             $this->createToken($userId, $csrfToken, $expiration),
             $expiration,
             $config['path'],

src/Guards/TokenGuard.php

@@ -14,11 +14,19 @@
 use Illuminate\Contracts\Auth\UserProvider;
 use Illuminate\Contracts\Encryption\Encrypter;
 use Illuminate\Contracts\Debug\ExceptionHandler;
+use Illuminate\Contracts\Config\Repository as Config;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
 
 class TokenGuard
 {
+    /**
+     * The configuration repository implementation.
+     *
+     * @var Config
+     */
+    protected $config;
+
     /**
      * The resource server instance.
      *
@@ -57,19 +65,22 @@ class TokenGuard
     /**
      * Create a new token guard instance.
      *
+     * @param  Config $config
      * @param  ResourceServer  $server
      * @param  UserProvider  $provider
      * @param  TokenRepository  $tokens
      * @param  ClientRepository  $clients
      * @param  Encrypter  $encrypter
      * @return void
      */
-    public function __construct(ResourceServer $server,
+    public function __construct(Config $config,
+                                ResourceServer $server,
                                 UserProvider $provider,
                                 TokenRepository $tokens,
                                 ClientRepository $clients,
                                 Encrypter $encrypter)
     {
+        $this->config = $config;
         $this->server = $server;
         $this->tokens = $tokens;
         $this->clients = $clients;
@@ -87,7 +98,7 @@ public function user(Request $request)
     {
         if ($request->bearerToken()) {
             return $this->authenticateViaBearerToken($request);
-        } elseif ($request->cookie('laravel_token')) {
+        } elseif ($request->cookie($this->config->get('session.token_cookie', 'laravel_token'))) {
             return $this->authenticateViaCookie($request);
         }
     }
@@ -185,7 +196,7 @@ protected function authenticateViaCookie($request)
     protected function decodeJwtTokenCookie($request)
     {
         return (array) JWT::decode(
-            $this->encrypter->decrypt($request->cookie('laravel_token')),
+            $this->encrypter->decrypt($request->cookie($this->config->get('session.token_cookie', 'laravel_token'))),
             $this->encrypter->getKey(), ['HS256']
         );
     }

src/Http/Middleware/CreateFreshApiToken.php

@@ -5,9 +5,17 @@
 use Closure;
 use Illuminate\Http\Response;
 use Laravel\Passport\ApiTokenCookieFactory;
+use Illuminate\Contracts\Config\Repository as Config;
 
 class CreateFreshApiToken
 {
+    /**
+     * The configuration repository implementation.
+     *
+     * @var Config
+     */
+    protected $config;
+
     /**
      * The API token cookie factory instance.
      *
@@ -18,11 +26,13 @@ class CreateFreshApiToken
     /**
      * Create a new middleware instance.
      *
+     * @param  Config  $config
      * @param  ApiTokenCookieFactory  $cookieFactory
      * @return void
      */
-    public function __construct(ApiTokenCookieFactory $cookieFactory)
+    public function __construct(Config $config, ApiTokenCookieFactory $cookieFactory)
     {
+        $this->config = $config;
         $this->cookieFactory = $cookieFactory;
     }
 
@@ -93,7 +103,7 @@ protected function responseShouldReceiveFreshToken($response)
     protected function alreadyContainsToken($response)
     {
         foreach ($response->headers->getCookies() as $cookie) {
-            if ($cookie->getName() === 'laravel_token') {
+            if ($cookie->getName() === $this->config->get('session.token_cookie', 'laravel_token')) {
                 return true;
             }
         }

tests/ApiTokenCookieFactoryTest.php

@@ -19,11 +19,34 @@ public function test_cookie_can_be_successfully_created()
             'domain' => null,
             'secure' => true,
         ]);
+        $config->shouldReceive('get')->with('session.token_cookie', 'laravel_token')->andReturn(
+            'laravel_token'
+        );
         $encrypter = new Encrypter(str_repeat('a', 16));
         $factory = new ApiTokenCookieFactory($config, $encrypter);
 
         $cookie = $factory->make(1, 'token');
 
         $this->assertInstanceOf('Symfony\Component\HttpFoundation\Cookie', $cookie);
     }
+
+    public function test_cookie_can_be_renamed()
+    {
+        $config = Mockery::mock('Illuminate\Contracts\Config\Repository');
+        $config->shouldReceive('get')->with('session')->andReturn([
+            'lifetime' => 120,
+            'path' => '/',
+            'domain' => null,
+            'secure' => true,
+        ]);
+        $config->shouldReceive('get')->with('session.token_cookie', 'laravel_token')->andReturn(
+            'renamed_cookie'
+        );
+        $encrypter = new Encrypter(str_repeat('a', 16));
+        $factory = new ApiTokenCookieFactory($config, $encrypter);
+
+        $cookie = $factory->make(1, 'token');
+
+        $this->assertTrue($cookie->getName() === 'renamed_cookie');
+    }
 }

tests/TokenGuardTest.php

@@ -15,13 +15,14 @@ public function tearDown()
 
     public function test_user_can_be_pulled_via_bearer_token()
     {
+        $config = Mockery::mock('Illuminate\Contracts\Config\Repository');
         $resourceServer = Mockery::mock('League\OAuth2\Server\ResourceServer');
         $userProvider = Mockery::mock('Illuminate\Contracts\Auth\UserProvider');
         $tokens = Mockery::mock('Laravel\Passport\TokenRepository');
         $clients = Mockery::mock('Laravel\Passport\ClientRepository');
         $encrypter = Mockery::mock('Illuminate\Contracts\Encryption\Encrypter');
 
-        $guard = new TokenGuard($resourceServer, $userProvider, $tokens, $clients, $encrypter);
+        $guard = new TokenGuard($config, $resourceServer, $userProvider, $tokens, $clients, $encrypter);
 
         $request = Request::create('/');
         $request->headers->set('Authorization', 'Bearer token');
@@ -47,13 +48,14 @@ public function test_no_user_is_returned_when_oauth_throws_exception()
         $container->instance('Illuminate\Contracts\Debug\ExceptionHandler', $handler = Mockery::mock());
         $handler->shouldReceive('report')->once()->with(Mockery::type('League\OAuth2\Server\Exception\OAuthServerException'));
 
+        $config = Mockery::mock('Illuminate\Contracts\Config\Repository');
         $resourceServer = Mockery::mock('League\OAuth2\Server\ResourceServer');
         $userProvider = Mockery::mock('Illuminate\Contracts\Auth\UserProvider');
         $tokens = Mockery::mock('Laravel\Passport\TokenRepository');
         $clients = Mockery::mock('Laravel\Passport\ClientRepository');
         $encrypter = Mockery::mock('Illuminate\Contracts\Encryption\Encrypter');
 
-        $guard = new TokenGuard($resourceServer, $userProvider, $tokens, $clients, $encrypter);
+        $guard = new TokenGuard($config, $resourceServer, $userProvider, $tokens, $clients, $encrypter);
 
         $request = Request::create('/');
         $request->headers->set('Authorization', 'Bearer token');
@@ -67,13 +69,14 @@ public function test_no_user_is_returned_when_oauth_throws_exception()
 
     public function test_null_is_returned_if_no_user_is_found()
     {
+        $config = Mockery::mock('Illuminate\Contracts\Config\Repository');
         $resourceServer = Mockery::mock('League\OAuth2\Server\ResourceServer');
         $userProvider = Mockery::mock('Illuminate\Contracts\Auth\UserProvider');
         $tokens = Mockery::mock('Laravel\Passport\TokenRepository');
         $clients = Mockery::mock('Laravel\Passport\ClientRepository');
         $encrypter = Mockery::mock('Illuminate\Contracts\Encryption\Encrypter');
 
-        $guard = new TokenGuard($resourceServer, $userProvider, $tokens, $clients, $encrypter);
+        $guard = new TokenGuard($config, $resourceServer, $userProvider, $tokens, $clients, $encrypter);
 
         $request = Request::create('/');
         $request->headers->set('Authorization', 'Bearer token');
@@ -87,13 +90,14 @@ public function test_null_is_returned_if_no_user_is_found()
 
     public function test_users_may_be_retrieved_from_cookies()
     {
+        $config = Mockery::mock('Illuminate\Contracts\Config\Repository');
         $resourceServer = Mockery::mock('League\OAuth2\Server\ResourceServer');
         $userProvider = Mockery::mock('Illuminate\Contracts\Auth\UserProvider');
         $tokens = Mockery::mock('Laravel\Passport\TokenRepository');
         $clients = Mockery::mock('Laravel\Passport\ClientRepository');
         $encrypter = new Illuminate\Encryption\Encrypter(str_repeat('a', 16));
 
-        $guard = new TokenGuard($resourceServer, $userProvider, $tokens, $clients, $encrypter);
+        $guard = new TokenGuard($config, $resourceServer, $userProvider, $tokens, $clients, $encrypter);
 
         $request = Request::create('/');
         $request->headers->set('X-CSRF-TOKEN', 'token');
@@ -104,6 +108,9 @@ public function test_users_may_be_retrieved_from_cookies()
             ], str_repeat('a', 16)))
         );
 
+        $config->shouldReceive('get')->with('session.token_cookie', 'laravel_token')->andReturn(
+            'laravel_token'
+        );
         $userProvider->shouldReceive('retrieveById')->with(1)->andReturn($expectedUser = new TokenGuardTestUser);
 
         $user = $guard->user($request);
@@ -113,13 +120,14 @@ public function test_users_may_be_retrieved_from_cookies()
 
     public function test_cookie_xsrf_is_verified_against_header()
     {
+        $config = Mockery::mock('Illuminate\Contracts\Config\Repository');
         $resourceServer = Mockery::mock('League\OAuth2\Server\ResourceServer');
         $userProvider = Mockery::mock('Illuminate\Contracts\Auth\UserProvider');
         $tokens = Mockery::mock('Laravel\Passport\TokenRepository');
         $clients = Mockery::mock('Laravel\Passport\ClientRepository');
         $encrypter = new Illuminate\Encryption\Encrypter(str_repeat('a', 16));
 
-        $guard = new TokenGuard($resourceServer, $userProvider, $tokens, $clients, $encrypter);
+        $guard = new TokenGuard($config, $resourceServer, $userProvider, $tokens, $clients, $encrypter);
 
         $request = Request::create('/');
         $request->headers->set('X-CSRF-TOKEN', 'wrong_token');
@@ -130,20 +138,24 @@ public function test_cookie_xsrf_is_verified_against_header()
             ], str_repeat('a', 16)))
         );
 
+        $config->shouldReceive('get')->with('session.token_cookie', 'laravel_token')->andReturn(
+            'laravel_token'
+        );
         $userProvider->shouldReceive('retrieveById')->never();
 
         $this->assertNull($guard->user($request));
     }
 
     public function test_expired_cookies_may_not_be_used()
     {
+        $config = Mockery::mock('Illuminate\Contracts\Config\Repository');
         $resourceServer = Mockery::mock('League\OAuth2\Server\ResourceServer');
         $userProvider = Mockery::mock('Illuminate\Contracts\Auth\UserProvider');
         $tokens = Mockery::mock('Laravel\Passport\TokenRepository');
         $clients = Mockery::mock('Laravel\Passport\ClientRepository');
         $encrypter = new Illuminate\Encryption\Encrypter(str_repeat('a', 16));
 
-        $guard = new TokenGuard($resourceServer, $userProvider, $tokens, $clients, $encrypter);
+        $guard = new TokenGuard($config, $resourceServer, $userProvider, $tokens, $clients, $encrypter);
 
         $request = Request::create('/');
         $request->headers->set('X-CSRF-TOKEN', 'token');
@@ -154,6 +166,9 @@ public function test_expired_cookies_may_not_be_used()
             ], str_repeat('a', 16)))
         );
 
+        $config->shouldReceive('get')->with('session.token_cookie', 'laravel_token')->andReturn(
+            'laravel_token'
+        );
         $userProvider->shouldReceive('retrieveById')->never();
 
         $this->assertNull($guard->user($request));