Adds logout function to Gateway guard so we can make multiple API requests with different tokens in unit tests.

[chloealee]

What's this PR do?

Adds logout function to Gateway guard so we can make multiple API requests with different tokens/users in unit tests (needed in this Rogue PR!).

How should this be reviewed?

👀

Checklist

• [ ] Tests added for new features/bug fixes.
• [ ] Is this a breaking change?

[DFurnes]

So that we don't have to think about this in the future, let's try calling this function in withAccessToken, maybe right above here?

// If a user is already authenticated, reset the guard.
auth('api')->logout();

[chloealee]

ah yes thanks @DFurnes ! Added :)

[DFurnes]

Looks great! If you haven't already, just give a quick test to make sure this fixes your issue on DoSomething/rogue#697 by updating that app's composer.json to point to dev-logout & running composer update. If tests pass, merge away!

[chloealee]

Cool - I didn't know you could do that @DFurnes ! Good to know for the future! I ran the tests against these changes and a lot of Rogue tests were getting a 401 Unauthorized :-/

[DFurnes]

Oh no! That's a bummer. 😟 Want to dig into this together tomorrow?

[chloealee]

that'd be great, @DFurnes !

[DFurnes]

We looked into this together and ended up doing a little more refactoring!

With the changes in 70fe130, we'll always create a new Token instance and parse the JWT when calling Auth::id(). This prevents issues where we have a cached token/key in memory (from calling Auth::id() too early, like in a test). This change should have a negligible performance impact, and make it a lot easier to reason about what's going on in the future.

[chloealee]

Thanks for adding that context, @DFurnes ! I ran the phpunit tests and getting a lot of failures :-/

When testing manually and phpunit, here are the errors I'm seeing:

• DELETE /v3/signups/:signup_id, DELETE /v3/posts/:post_id, POST api/v3/posts/:post_id/reviews, POST api/v3/posts/:post_id/tags
  • 500 "message": "Trying to get property 'role' of non-object"

In addition, it looks like using $post->tag('Hide In Gallery'); isn't working in the tests as expected.

[chloealee]

@DFurnes update - the latest commit now gets all endpoints in Rogue working and $post->tag('Hide In Gallery'); works in Rogue tests as expected! But... breaking gateway tests now 👎

[chloealee]

@DFurnes false alarm! The changes I made in RequireRole were actually not needed and were causing errors. I changed them back in the last commit and now everything seems to be working!

Just for a peace of mind, would you mind giving one more 👀 before I merge?