Validate $recaller in MultiAuthCollector.php (barryvdh#633)

sicaboy · May 15, 2017 · ef93304 · ef93304
1 parent dcc6350
commit ef93304
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/src/DataCollector/MultiAuthCollector.php b/src/DataCollector/MultiAuthCollector.php
@@ -1,8 +1,9 @@
 <?php
 
 namespace Barryvdh\Debugbar\DataCollector;
-use Illuminate\Contracts\Auth\Guard;
+use Illuminate\Auth\Recaller;
 use Illuminate\Auth\SessionGuard;
+use Illuminate\Contracts\Auth\Guard;
 
 /**
  * Collector for Laravel's Auth provider
@@ -58,17 +59,17 @@ private function resolveUser(Guard $guard)
         // then we must resolve user „manually”
         // to prevent csrf token regeneration
 
-        $usingSession = $guard instanceof SessionGuard;
-        $recaller = $usingSession ? $guard->getRequest()->cookies->get($guard->getRecallerName()) : null;
+        $recaller = $guard instanceof SessionGuard
+            ? new Recaller($guard->getRequest()->cookies->get($guard->getRecallerName()))
+            : null;
 
-        if($usingSession && !is_null($recaller)) {
-            list($id, $token) = explode('|', $recaller);
-            return $guard->getProvider()->retrieveByToken($id, $token);
+        if (!is_null($recaller) && $recaller->valid()) {
+            return $guard->getProvider()->retrieveByToken($recaller->id(), $recaller->token());
         } else {
             return $guard->user();
         }
     }
-    
+
     /**
      * @{inheritDoc}
      */