dev-think-one / laravel-release-protection

src/Http/Middleware/TestersEmailMiddleware.php

<?php


namespace ReleaseProtection\Http\Middleware;

use Auth;
use Closure;

class TestersEmailMiddleware
{

    /**
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param Closure $next
     * @param string $guard
     *
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = null)
    {
        if (app()->environment(config('release-protection.email.envs.' . $guard, config('release-protection.email.envs.default')))) {

The method environment() does not exist on Illuminate\Container\Container. Are you sure you never get this type here, but always one of the subclasses?

            $user = Auth::guard($guard)->user();
            if (!$user) {
                abort(
                    config('release-protection.email.status.not_logged.' . $guard, config('release-protection.email.status.not_logged.default')),
                    __(config('release-protection.email.msg.not_logged.' . $guard, config('release-protection.email.msg.not_logged.default')))

It seems like __(config('release-protection.email.msg.not_logged.' . $guard, config('release-protection.email.msg.not_logged.default'))) can also be of type array; however, parameter $message of abort() does only seem to accept string, maybe add an additional type check?

                );
            }

            $allowEmails = config('release-protection.email.emails.' . $guard, config('release-protection.email.emails.default'));
            $allowEmails = array_map(fn ($e) => trim(strtolower($e)), $allowEmails);

            if (!$user->email || !in_array(strtolower($user->email), $allowEmails)) {

Accessing email on the interface Illuminate\Contracts\Auth\Authenticatable suggest that you code against a concrete implementation. How about adding an instanceof check?

                abort(
                    config('release-protection.email.status.restricted.' . $guard, config('release-protection.email.status.restricted.default')),
                    __(config('release-protection.email.msg.restricted.' . $guard, config('release-protection.email.msg.restricted.default')))
                );
            }
        }

        return $next($request);
    }
}