From ef93304a31da33e0dd9906ef814d50972dab9ca3 Mon Sep 17 00:00:00 2001
From: Seita Moriyama <moriyama@node-link.jp>
Date: Mon, 15 May 2017 18:45:19 +0900
Subject: [PATCH] Validate $recaller in MultiAuthCollector.php (#633)

---
 src/DataCollector/MultiAuthCollector.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/DataCollector/MultiAuthCollector.php b/src/DataCollector/MultiAuthCollector.php
index 8c1be24d..15a9da82 100644
--- a/src/DataCollector/MultiAuthCollector.php
+++ b/src/DataCollector/MultiAuthCollector.php
@@ -1,8 +1,9 @@
 <?php
 
 namespace Barryvdh\Debugbar\DataCollector;
-use Illuminate\Contracts\Auth\Guard;
+use Illuminate\Auth\Recaller;
 use Illuminate\Auth\SessionGuard;
+use Illuminate\Contracts\Auth\Guard;
 
 /**
  * Collector for Laravel's Auth provider
@@ -58,17 +59,17 @@ private function resolveUser(Guard $guard)
         // then we must resolve user „manually”
         // to prevent csrf token regeneration
 
-        $usingSession = $guard instanceof SessionGuard;
-        $recaller = $usingSession ? $guard->getRequest()->cookies->get($guard->getRecallerName()) : null;
+        $recaller = $guard instanceof SessionGuard
+            ? new Recaller($guard->getRequest()->cookies->get($guard->getRecallerName()))
+            : null;
 
-        if($usingSession && !is_null($recaller)) {
-            list($id, $token) = explode('|', $recaller);
-            return $guard->getProvider()->retrieveByToken($id, $token);
+        if (!is_null($recaller) && $recaller->valid()) {
+            return $guard->getProvider()->retrieveByToken($recaller->id(), $recaller->token());
         } else {
             return $guard->user();
         }
     }
-    
+
     /**
      * @{inheritDoc}
      */