update controllers logic
This commit is contained in:
@@ -2,69 +2,83 @@
|
||||
|
||||
namespace App\Http\Controllers\Api\Auth;
|
||||
|
||||
use App\Http\Controllers\Api\BaseApiController;
|
||||
use App\Http\Controllers\Api\Core\BaseApiController;
|
||||
use App\Models\User;
|
||||
use App\Services\Auth\ApiLoginSecurityService;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
use PHPOpenSourceSaver\JWTAuth\Facades\JWTAuth;
|
||||
|
||||
class AuthController extends BaseApiController
|
||||
{
|
||||
public function login(Request $request): JsonResponse
|
||||
public function login(Request $request, ApiLoginSecurityService $security): JsonResponse
|
||||
{
|
||||
$validator = Validator::make($request->all(), [
|
||||
'email' => ['required', 'email'],
|
||||
'password' => ['required', 'string'],
|
||||
]);
|
||||
|
||||
if ($validator->fails()) {
|
||||
return $this->respondValidationError($validator->errors()->toArray());
|
||||
$payload = $request->all();
|
||||
if ($request->isJson() && ($payload === [] || $payload === null)) {
|
||||
$decoded = json_decode((string) $request->getContent(), true);
|
||||
$payload = is_array($decoded) ? $decoded : [];
|
||||
}
|
||||
|
||||
$email = (string) $request->input('email');
|
||||
$password = (string) $request->input('password');
|
||||
// Match CodeIgniter apiLogin: raw email/password (no trim); empty check is identical to CI `!$email || !$password`.
|
||||
$email = (string) ($payload['email'] ?? '');
|
||||
$password = (string) ($payload['password'] ?? '');
|
||||
|
||||
if ($email === '' || $password === '') {
|
||||
return response()->json([
|
||||
'status' => false,
|
||||
'message' => 'Email and password are required.',
|
||||
], 400);
|
||||
}
|
||||
|
||||
$ip = $request->ip();
|
||||
if ($security->isIpBlocked((string) $ip)) {
|
||||
return response()->json([
|
||||
'status' => false,
|
||||
'message' => 'Too many failed attempts from your IP. Please try again later.',
|
||||
], 429);
|
||||
}
|
||||
|
||||
$user = User::query()->where('email', $email)->first();
|
||||
if (!$user || !ci_password_verify($password, (string) $user->password)) {
|
||||
return $this->respondError('Invalid credentials.', 401);
|
||||
if (!$user) {
|
||||
$security->logIpAttempt((string) $ip);
|
||||
|
||||
return response()->json([
|
||||
'status' => false,
|
||||
'message' => 'Invalid email or password.',
|
||||
], 401);
|
||||
}
|
||||
|
||||
if ((int) ($user->is_verified ?? 0) !== 1) {
|
||||
return $this->respondError('Account not verified.', 403);
|
||||
if ($user->is_suspended) {
|
||||
return response()->json([
|
||||
'status' => false,
|
||||
'message' => 'Account suspended. Please reset your password.',
|
||||
], 403);
|
||||
}
|
||||
|
||||
if (strcasecmp((string) ($user->status ?? ''), 'Active') !== 0) {
|
||||
return $this->respondError('Account is inactive.', 403);
|
||||
if (! ci_password_verify($password, (string) $user->password)) {
|
||||
$security->handleFailedLogin($user, $email, (string) $ip);
|
||||
|
||||
return response()->json([
|
||||
'status' => false,
|
||||
'message' => 'Invalid email or password.',
|
||||
], 401);
|
||||
}
|
||||
|
||||
$jwtToken = JWTAuth::fromUser($user);
|
||||
$sanctumToken = $user->createToken('api')->plainTextToken;
|
||||
$roles = $user->roles()
|
||||
->where('roles.is_active', 1)
|
||||
->pluck('roles.name')
|
||||
->values()
|
||||
->all();
|
||||
$security->resetFailedAttempts($user);
|
||||
$security->logSuccessfulLogin($user->fresh(), $request);
|
||||
|
||||
return $this->respondSuccess([
|
||||
'user' => [
|
||||
'id' => (int) $user->id,
|
||||
'firstname' => $user->firstname,
|
||||
'lastname' => $user->lastname,
|
||||
'email' => $user->email,
|
||||
'roles' => $roles,
|
||||
],
|
||||
'jwt' => [
|
||||
'access_token' => $jwtToken,
|
||||
'token_type' => 'bearer',
|
||||
'expires_in' => (int) config('jwt.ttl') * 60,
|
||||
],
|
||||
'sanctum' => [
|
||||
'access_token' => $sanctumToken,
|
||||
'token_type' => 'bearer',
|
||||
],
|
||||
], 'Authenticated.');
|
||||
$fresh = $user->fresh();
|
||||
if (!$fresh) {
|
||||
return response()->json([
|
||||
'status' => false,
|
||||
'message' => 'Invalid email or password.',
|
||||
], 401);
|
||||
}
|
||||
|
||||
$jwtToken = JWTAuth::fromUser($fresh);
|
||||
|
||||
return response()->json($security->buildLoginResponse($fresh, $jwtToken));
|
||||
}
|
||||
|
||||
public function refresh(Request $request): JsonResponse
|
||||
|
||||
Reference in New Issue
Block a user