[13.x] Fix accessing the plain secret after creating a new confidential client via deprecated ClientController::store

src/Client.php

@@ -134,6 +134,16 @@ protected function secret(): Attribute
         );
     }
 
+    /**
+     * Interact with the client's plain secret.
+     */
+    protected function plainSecret(): Attribute
+    {
+        return Attribute::make(
+            get: fn (): ?string => $this->plainSecret
+        );
+    }
+
     /**
      * Interact with the client's redirect URIs.
      */

src/Http/Controllers/ClientController.php

@@ -49,13 +49,11 @@ public function store(Request $request): Client
         $client = $this->clients->createAuthorizationCodeGrantClient(
             $request->name,
             explode(',', $request->redirect),
-            (bool) $request->input('confidential', true),
+            $confidential = (bool) $request->input('confidential', true),
             $request->user(),
         );
 
-        $client->secret = $client->plainSecret;
-
-        return $client->makeVisible('secret');
+        return $confidential ? $client->append(['plain_secret']) : $client;
     }
 
     /**

tests/Unit/ClientControllerTest.php

@@ -5,6 +5,7 @@
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Validation\Factory;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Hash;
 use Laravel\Passport\Client;
 use Laravel\Passport\ClientRepository;
 use Laravel\Passport\Http\Controllers\ClientController;
@@ -41,6 +42,9 @@ public function test_all_the_clients_for_the_current_user_can_be_retrieved()
 
     public function test_clients_can_be_stored()
     {
+        Hash::expects('isHashed')->once()->with('secret')->andReturn(false);
+        Hash::expects('make')->once()->with('secret')->andReturn('hashed_secret');
+
         $clients = m::mock(ClientRepository::class);
         $user = m::mock(Authenticatable::class);
         $user->shouldReceive('getAuthIdentifier')->andReturn(1);
@@ -51,7 +55,11 @@ public function test_clients_can_be_stored()
         $clients->shouldReceive('createAuthorizationCodeGrantClient')
             ->once()
             ->with('client name', ['http://localhost'], true, $user)
-            ->andReturn($client = new Client);
+            ->andReturn($client = new Client([
+                'name' => 'client name',
+                'redirect' => 'http://localhost',
+                'secret' => 'secret',
+            ]));
 
         $redirectRule = m::mock(RedirectRule::class);
 
@@ -71,6 +79,12 @@ public function test_clients_can_be_stored()
         );
 
         $this->assertEquals($client, $controller->store($request));
+        $this->assertSame('hashed_secret', $client->secret);
+        $this->assertSame([
+            'name' => 'client name',
+            'redirect' => 'http://localhost',
+            'plain_secret' => 'secret',
+        ], $client->toArray());
     }
 
     public function test_public_clients_can_be_stored()
@@ -89,7 +103,11 @@ public function test_public_clients_can_be_stored()
         $clients->shouldReceive('createAuthorizationCodeGrantClient')
             ->once()
             ->with('client name', ['http://localhost'], false, $user)
-            ->andReturn($client = new Client);
+            ->andReturn($client = new Client([
+                'name' => 'client name',
+                'redirect' => 'http://localhost',
+                'secret' => null,
+            ]));
 
         $redirectRule = m::mock(RedirectRule::class);
 
@@ -110,6 +128,11 @@ public function test_public_clients_can_be_stored()
         );
 
         $this->assertEquals($client, $controller->store($request));
+        $this->assertNull($client->secret);
+        $this->assertSame([
+            'name' => 'client name',
+            'redirect' => 'http://localhost',
+        ], $client->toArray());
     }
 
     public function test_clients_can_be_updated()