dingo · qazz92 · Aug 28, 2020 · Aug 28, 2020 · Sep 14, 2020
diff --git a/composer.json b/composer.json
@@ -20,7 +20,6 @@
         "league/fractal": "^0.19"
     },
     "require-dev": {
-        "phpdocumentor/reflection-docblock": "3.3.2",
         "friendsofphp/php-cs-fixer": "~2",
         "illuminate/auth": "^7.0|^8.0",
         "illuminate/cache": "^7.0|^8.0",
@@ -32,6 +31,7 @@
         "illuminate/pagination": "^7.0|^8.0",
         "laravel/lumen-framework": "^7.0|^8.0",
         "mockery/mockery": "~1.0",
+        "phpdocumentor/reflection-docblock": "3.3.2",
         "phpunit/phpunit": "^8.5|^9.0",
         "squizlabs/php_codesniffer": "~2.0",
         "tymon/jwt-auth": "1.0.*"

diff --git a/config/api.php b/config/api.php
@@ -154,7 +154,8 @@
     */
 
     'middleware' => [
-
+        // If you are using sanctum spa authentication, please turn off the Comment.
+        // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class
     ],
 
     /*

diff --git a/src/Auth/Provider/SanctumSPA.php b/src/Auth/Provider/SanctumSPA.php
@@ -0,0 +1,49 @@
+<?php
+
+namespace Dingo\Api\Auth\Provider;
+
+use Dingo\Api\Contract\Auth\Provider;
+use Dingo\Api\Routing\Route;
+use Illuminate\Auth\AuthManager;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
+
+class SanctumSPA implements Provider
+{
+    /**
+     * Illuminate authentication manager.
+     *
+     * @var \Illuminate\Auth\AuthManager
+     */
+    private $auth;
+
+    /**
+     * Create a new basic provider instance.
+     *
+     * @param \Illuminate\Auth\AuthManager $auth
+     *
+     * @return void
+     */
+    public function __construct(AuthManager $auth)
+    {
+        $this->auth = $auth;
+    }
+
+    /**
+     * Authenticate request with Basic.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Dingo\Api\Routing\Route $route
+     *
+     * @return mixed
+     */
+    public function authenticate(Request $request, Route $route)
+    {
+        if ($user = $this->auth->guard('web')->user()) {
+            return $user;
+        }
+        throw new UnauthorizedHttpException('',
+            'Unauthenticated'
+        );
+    }
+}
diff --git a/tests/Auth/Provider/SanctumSPATest.php b/tests/Auth/Provider/SanctumSPATest.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace Dingo\Api\Tests\Auth\Provider;
+
+use Dingo\Api\Auth\Provider\SanctumSPA;
+use Dingo\Api\Routing\Route;
+use Dingo\Api\Tests\BaseTestCase;
+use Illuminate\Http\Request;
+use Mockery as m;
+use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
+
+class SanctumSPATest extends BaseTestCase
+{
+    protected $auth;
+    protected $provider;
+
+    public function setUp(): void
+    {
+        parent::setUp();
+
+        $this->auth = m::mock('Illuminate\Auth\AuthManager');
+        $this->provider = new SanctumSPA($this->auth);
+    }
+
+    public function testInvalidSanctumCredentialsThrowsException()
+    {
+        $this->expectException(UnauthorizedHttpException::class);
+
+        $request = Request::create('GET', '/');
+
+        $this->auth->shouldReceive('guard')->andReturn(m::self());
+
+        $this->auth->shouldReceive('user')->once()->andReturn(null);
+
+        $this->provider->authenticate($request, m::mock(Route::class));
+    }
+
+    public function testAuthenticatingSucceedsAndReturnsUserObject()
+    {
+        $request = Request::create('GET', '/');
+
+        $this->auth->shouldReceive('guard')->andReturn(m::self());
+
+        $this->auth->shouldReceive('user')->once()->andReturn((object) ['id' => 1]);
+
+        $this->assertSame(1, $this->provider->authenticate($request, m::mock(Route::class))->id);
+    }
+}