From 67ee2229a57fa5702e48f5bfdad06c84b350829f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20K=C3=BCndig?= <tobias@offline.swiss>
Date: Fri, 18 Jan 2019 21:42:25 +0100
Subject: [PATCH] Added manual deleted_at checks (#4051)

Fixes #4046

It is possible that the user model gets fetched using the SoftDelete
trait before the relevant migrations were applied during an update.
To fix this edge case the user model is always fetched using the
withTrashed scope and the deleted_at check is done manually afterwards.

@see https://github.com/octobercms/october/issues/3999
---
 modules/backend/classes/AuthManager.php | 28 +++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/modules/backend/classes/AuthManager.php b/modules/backend/classes/AuthManager.php
index 8423aa38f..f78e33c6d 100644
--- a/modules/backend/classes/AuthManager.php
+++ b/modules/backend/classes/AuthManager.php
@@ -162,6 +162,34 @@ class AuthManager extends RainAuthManager
         return $tabs;
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    protected function createUserModelQuery()
+    {
+        return parent::createUserModelQuery()->withTrashed();
+    }
+
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function validateUserModel($user)
+    {
+        if ( ! $user instanceof $this->userModel) {
+            return false;
+        }
+
+        // Perform the deleted_at check manually since the relevant migrations
+        // might not have been run yet during the update to build 444.
+        // @see https://github.com/octobercms/october/issues/3999
+        if (array_key_exists('deleted_at', $user->getAttributes()) && $user->deleted_at !== null) {
+            return false;
+        }
+
+        return $user;
+    }
+
     /**
      * Returns an array of registered permissions belonging to a given role code
      * @param string $role