-
Notifications
You must be signed in to change notification settings - Fork 171
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API Tokens from Model with HasApiTokens Trait Incorrectly Recorded as User ID #415
Comments
I suppose because it is a stateless request, it doesn't pull the actual user's details into the guard and only has the token to work with. You would likely need to bind a custom instance of I wonder if we could have a built in implementation just for Sanctum / Passport? |
There are some notes about this in the docs, but essentially Pulse only captures the user's ID by default. This is a problem when there are multiple models that authenticate because there's no way to determine which model the ID belongs to when resolving it in the dashboard. As @timacdonald mentioned, you'd need to bind a custom instance of For this scenario, you'd probably want the The See the |
@jessarcher thanks for your help. It worked! That bug really drove me nuts, as I really was thinking user xyz was doing all the traffic but he wasn't :D Maybe it would be cool to have this solution built in to the package itself!? Unfortunately the old data can't be used anymore and I needed to execute |
One thing I also noticed: I have a simple multi tenant approach, where I use a global scope to add the current auth users public static function bootHasTeamScope(): void
{
parent::addGlobalScope('team', function (Builder $query) {
if (auth()->check()) {
$query->where('team_id', auth()->user()->current_team_id);
}
});
static::saving(function ($model) {
if (auth()->check()) {
$model->team_id = auth()->user()->current_team_id;
}
});
} Cause of that, pulse would only show the Users from the current auth users team (let's say an admin who is viewing the pulse dashboard). Thats why I also needed to add $this->resolvedUsers = $model::withoutGlobalScopes()->findMany($keys); |
Pulse Version
v1.2.5
Laravel Version
v11.29.0
PHP Version
8.2.12
Livewire Version
v3.5.4
Database Driver & Version
mysql Ver 8.0.39-0ubuntu0.22.04.1 for Linux on x86_64 ((Ubuntu))
Description
Let's say you have a model called
Client
and it has theHasApiTokens
trait.If you create api tokens for this model and use them to auth/interact with your API, the id of the associated Client is used as the user id for the Application Usage pulse card.
In the screenshot below you can see Syafiq (lets say user id 100) and Aaln (user id 101) are listed, but actually the traffic is made by the api requests with client tokens (client with id 100 and id 101).
Steps To Reproduce
Create model xyz give it the
HasApiToken
trait, create a token, interact with your api...The text was updated successfully, but these errors were encountered: