search

statamic / cms

The core Laravel CMS Composer package
https://statamic.com
Other
4.06k stars 530 forks source link

Eloquent driver is always used in the activation/reset password flow #3795

Closed MarlBurroW closed 10 months ago

MarlBurroW commented 3 years ago

Bug Description

When I try to reset a password from the CP (via Forgot password) I get this exception just after submit the form:

BadMethodCallException
Call to undefined method App\Models\User::email()

I'm on an existing Laravel app and I've two differents guards, one for Laravel users and one for statamic users. Statamic users are stored with the file driver.

I can send the activation/reset password email if I create a new user or if I click on "Send reset password email" from the CP user management. But when I go to the reset password form then type my email and new password then submit, A validation error says "The email address doesn't exists".

It seems Statamic try to use the Eloquent driver at some places of the activation/reset password flow.

How to reproduce

  1. Create a fresh Laravel app
  2. Install statamic via composer
  3. Create an additional auth guard with the statamic provider (see Extra Detail section).
  4. Configure statamic users storage driver as file and not eloquent

Extra Detail

Here is the content of my config/auth.php

    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],
        'statamic_users' => [
            'driver' => 'statamic',

        ],
    ],

     // ...

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
        'statamic' => [
            'driver' => 'session',
            'provider' => 'statamic_users',
        ],
        'api' => [
            'driver' => 'token',
            'provider' => 'users',
            'hash' => false,
        ],
    ],

And here my config/statamic/users.php

    'repository' => 'file',
    'repositories' => [

        'file' => [
            'driver' => 'file',
            'paths' => [
                'users' => base_path('users'),
                'roles' => resource_path('users/roles.yaml'),
                'groups' => resource_path('users/groups.yaml'),
            ],
        ],
    ],

    // ....

    'guards' => [
        'cp' => 'statamic',
        'web' => 'web',
    ],

    // ...

Environment

Statamic 3.1.18 Pro Laravel 8.34.0 PHP 7.4.3 aryehraber/statamic-font-awesome 2.2.0 edalzell/blade-directives 3.1

Statamic has been Installed on an existing Laravel App via composer

MrMooky commented 3 years ago

I experience the same problem. It does work when the user in question has super: true set, though. Any other users don't work. Weird bug. I also use a Pro licence (purchased, not just for testing), so there should be no issue with "One (super) admin user account".

duncanmcclean commented 3 years ago

Yeah, we've just run into this on a project as well. If I have some time this weekend, I'll take a look at fixing it (if no one beats me to it).

MrMooky commented 3 years ago

@duncanmcclean Have you had a chance to check this out yet?

duncanmcclean commented 3 years ago

I haven't had any time, sorry!

stuartcusackie commented 2 years ago

Just ran into the same trouble. Followed this guide: https://statamic.dev/tips/using-an-independent-authentication-guard

stuartcusackie commented 2 years ago

Looks like it's just a case of adding an additional password reset config in config/auth.php Example:

'passwords' => [
  'resets' => [
    'provider' => 'users',
    'table' => 'password_resets',
    'expire' => 60,
    'throttle' => 60,
  ],

  'activations' => [
    'provider' => 'users',
    'table' => 'password_activations',
    'expire' => 4320,
    'throttle' => 60,
  ],

  'resets_statamic' => [
    'provider' => 'statamic',
    'table' => 'password_resets',
    'expire' => 60,
    'throttle' => 60,
  ],

  'activations_statamic' => [
    'provider' => 'statamic',
    'table' => 'password_activations',
    'expire' => 4320,
    'throttle' => 60,
  ],
],

And then updating the brokers in config/statamic/users.php

'passwords' => [
  'resets' => 'resets_statamic',
  'activations' => 'activations_statamic',
],

If this is the way to go then it would be good to get these docs updated. I've added an issue on Statamic docs: https://github.com/statamic/docs/issues/910