TRF Certest first commit
This commit is contained in:
@@ -0,0 +1,77 @@
|
||||
<?php
|
||||
|
||||
namespace Vanguard\Http\Controllers\Api\Auth;
|
||||
|
||||
use Illuminate\Contracts\Container\BindingResolutionException;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
use Vanguard\Events\User\LoggedIn;
|
||||
use Vanguard\Events\User\LoggedOut;
|
||||
use Vanguard\Http\Controllers\Api\ApiController;
|
||||
use Vanguard\Http\Requests\Auth\ApiLoginRequest;
|
||||
use Vanguard\User;
|
||||
|
||||
class AuthController extends ApiController
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware('guest')->only('login');
|
||||
$this->middleware('auth')->only('logout');
|
||||
}
|
||||
|
||||
/**
|
||||
* Attempt to log the user in and generate unique JWT token on successful authentication.
|
||||
*
|
||||
* @throws BindingResolutionException
|
||||
* @throws ValidationException
|
||||
*/
|
||||
public function token(ApiLoginRequest $request): JsonResponse
|
||||
{
|
||||
$user = $this->findUser($request);
|
||||
|
||||
if ($user->isBanned()) {
|
||||
return $this->errorUnauthorized(trans('auth.banned'));
|
||||
}
|
||||
|
||||
Auth::setUser($user);
|
||||
|
||||
event(new LoggedIn);
|
||||
|
||||
return $this->respondWithArray([
|
||||
'token' => $user->createToken($request->device_name)->plainTextToken,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Find the user instance from the API request.
|
||||
*
|
||||
* @throws BindingResolutionException
|
||||
* @throws ValidationException
|
||||
*/
|
||||
private function findUser(ApiLoginRequest $request): ?User
|
||||
{
|
||||
$user = User::where($request->getCredentials())->first();
|
||||
|
||||
if (! $user || ! Hash::check($request->password, $user->password)) {
|
||||
throw ValidationException::withMessages([
|
||||
'username' => [trans('auth.failed')],
|
||||
]);
|
||||
}
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Logout user and invalidate token.
|
||||
*/
|
||||
public function logout(): JsonResponse
|
||||
{
|
||||
event(new LoggedOut);
|
||||
|
||||
auth()->user()->currentAccessToken()->delete();
|
||||
|
||||
return $this->respondWithSuccess();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,30 @@
|
||||
<?php
|
||||
|
||||
namespace Vanguard\Http\Controllers\Api\Auth\Password;
|
||||
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Password;
|
||||
use Vanguard\Events\User\RequestedPasswordResetEmail;
|
||||
use Vanguard\Http\Controllers\Api\ApiController;
|
||||
use Vanguard\Http\Requests\Auth\PasswordRemindRequest;
|
||||
use Vanguard\Mail\ResetPassword;
|
||||
use Vanguard\Repositories\User\UserRepository;
|
||||
|
||||
class RemindController extends ApiController
|
||||
{
|
||||
/**
|
||||
* Send a reset link to the given user.
|
||||
*/
|
||||
public function index(PasswordRemindRequest $request, UserRepository $users): JsonResponse
|
||||
{
|
||||
$user = $users->findByEmail($request->email);
|
||||
|
||||
$token = Password::getRepository()->create($user);
|
||||
|
||||
\Mail::to($user)->send(new ResetPassword($token));
|
||||
|
||||
event(new RequestedPasswordResetEmail($user));
|
||||
|
||||
return $this->respondWithSuccess();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
namespace Vanguard\Http\Controllers\Api\Auth\Password;
|
||||
|
||||
use Illuminate\Auth\Events\PasswordReset;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Password;
|
||||
use Vanguard\Http\Controllers\Api\ApiController;
|
||||
use Vanguard\Http\Requests\Auth\PasswordResetRequest;
|
||||
|
||||
class ResetController extends ApiController
|
||||
{
|
||||
/**
|
||||
* Reset the given user's password.
|
||||
*/
|
||||
public function index(PasswordResetRequest $request): JsonResponse
|
||||
{
|
||||
$response = Password::reset($request->credentials(), function ($user, $password) {
|
||||
$this->resetPassword($user, $password);
|
||||
});
|
||||
|
||||
return match ($response) {
|
||||
Password::PASSWORD_RESET, Password::INVALID_USER => $this->respondWithSuccess(),
|
||||
default => $this->setStatusCode(400)
|
||||
->respondWithError(trans($response)),
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Reset the given user's password.
|
||||
*/
|
||||
protected function resetPassword(\Illuminate\Contracts\Auth\CanResetPassword $user, string $password): void
|
||||
{
|
||||
$user->password = $password;
|
||||
$user->save();
|
||||
|
||||
event(new PasswordReset($user));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,57 @@
|
||||
<?php
|
||||
|
||||
namespace Vanguard\Http\Controllers\Api\Auth;
|
||||
|
||||
use Illuminate\Auth\Events\Registered;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Vanguard\Http\Controllers\Api\ApiController;
|
||||
use Vanguard\Http\Requests\Auth\RegisterRequest;
|
||||
use Vanguard\Repositories\Role\RoleRepository;
|
||||
use Vanguard\Repositories\User\UserRepository;
|
||||
use Vanguard\Role;
|
||||
use Vanguard\Support\Enum\UserStatus;
|
||||
|
||||
class RegistrationController extends ApiController
|
||||
{
|
||||
public function __construct(private readonly UserRepository $users, private readonly RoleRepository $roles)
|
||||
{
|
||||
}
|
||||
|
||||
public function index(RegisterRequest $request): JsonResponse
|
||||
{
|
||||
$role = $this->roles->findByName(Role::DEFAULT_USER_ROLE);
|
||||
|
||||
$user = $this->users->create(
|
||||
array_merge($request->validFormData(), ['role_id' => $role->id])
|
||||
);
|
||||
|
||||
event(new Registered($user));
|
||||
|
||||
return $this->setStatusCode(201)
|
||||
->respondWithArray([
|
||||
'requires_email_confirmation' => (bool) setting('reg_email_confirmation'),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify email via email confirmation token.
|
||||
*/
|
||||
public function verifyEmail($token): JsonResponse
|
||||
{
|
||||
if (! setting('reg_email_confirmation')) {
|
||||
return $this->errorNotFound();
|
||||
}
|
||||
|
||||
if ($user = $this->users->findByConfirmationToken($token)) {
|
||||
$this->users->update($user->id, [
|
||||
'status' => UserStatus::ACTIVE,
|
||||
'confirmation_token' => null,
|
||||
]);
|
||||
|
||||
return $this->respondWithSuccess();
|
||||
}
|
||||
|
||||
return $this->setStatusCode(400)
|
||||
->respondWithError('Invalid confirmation token.');
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,54 @@
|
||||
<?php
|
||||
|
||||
namespace Vanguard\Http\Controllers\Api\Auth;
|
||||
|
||||
use Auth;
|
||||
use Exception;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Socialite;
|
||||
use Vanguard\Events\User\LoggedIn;
|
||||
use Vanguard\Http\Controllers\Api\ApiController;
|
||||
use Vanguard\Http\Requests\Auth\Social\ApiAuthenticateRequest;
|
||||
use Vanguard\Repositories\User\UserRepository;
|
||||
use Vanguard\Services\Auth\Social\SocialManager;
|
||||
|
||||
class SocialLoginController extends ApiController
|
||||
{
|
||||
public function __construct(private readonly UserRepository $users, private readonly SocialManager $socialManager)
|
||||
{
|
||||
}
|
||||
|
||||
public function index(ApiAuthenticateRequest $request): JsonResponse
|
||||
{
|
||||
try {
|
||||
$socialUser = Socialite::driver($request->network)->userFromToken($request->social_token);
|
||||
} catch (Exception $e) {
|
||||
return $this->errorInternalError('Could not connect to specified social network.');
|
||||
}
|
||||
|
||||
$user = $this->users->findBySocialId(
|
||||
$request->network,
|
||||
$socialUser->getId()
|
||||
);
|
||||
|
||||
if (! $user) {
|
||||
if (! setting('reg_enabled')) {
|
||||
return $this->errorForbidden('Only users who already created an account can log in.');
|
||||
}
|
||||
|
||||
$user = $this->socialManager->associate($socialUser, $request->network);
|
||||
}
|
||||
|
||||
if ($user->isBanned()) {
|
||||
return $this->errorForbidden(__('Your account is banned by administrators.'));
|
||||
}
|
||||
|
||||
Auth::setUser($user);
|
||||
|
||||
event(new LoggedIn);
|
||||
|
||||
return $this->respondWithArray([
|
||||
'token' => $user->createToken($request->device_name)->plainTextToken,
|
||||
]);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,90 @@
|
||||
<?php
|
||||
|
||||
namespace Vanguard\Http\Controllers\Api\Auth;
|
||||
|
||||
use Illuminate\Auth\Access\AuthorizationException;
|
||||
use Illuminate\Auth\Events\Verified;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Response;
|
||||
use Illuminate\Routing\Exceptions\InvalidSignatureException;
|
||||
use Vanguard\Http\Controllers\Api\ApiController;
|
||||
use Vanguard\Http\Requests\Auth\ApiVerifyEmailRequest;
|
||||
|
||||
class VerificationController extends ApiController
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware('throttle:6,1')->only('resend');
|
||||
}
|
||||
|
||||
/**
|
||||
* Mark the authenticated user's email address as verified.
|
||||
*
|
||||
* @throws AuthorizationException
|
||||
*/
|
||||
public function verify(ApiVerifyEmailRequest $request): JsonResponse
|
||||
{
|
||||
if (! setting('reg_email_confirmation')) {
|
||||
return $this->errorNotFound();
|
||||
}
|
||||
|
||||
$this->verifySignature($request);
|
||||
|
||||
if ($request->user()->hasVerifiedEmail()) {
|
||||
return $this->emailAlreadyVerifiedResponse();
|
||||
}
|
||||
|
||||
if ($request->user()->markEmailAsVerified()) {
|
||||
event(new Verified($request->user()));
|
||||
}
|
||||
|
||||
return $this->respondWithSuccess();
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify request signature.
|
||||
*
|
||||
* @throws AuthorizationException
|
||||
*/
|
||||
private function verifySignature(ApiVerifyEmailRequest $baseRequest): void
|
||||
{
|
||||
$request = Request::create(
|
||||
route('verification.verify', $baseRequest->only('id', 'hash')),
|
||||
Request::METHOD_GET,
|
||||
$baseRequest->only('expires', 'signature')
|
||||
);
|
||||
|
||||
if (! $request->hasValidSignature()) {
|
||||
throw new InvalidSignatureException;
|
||||
}
|
||||
|
||||
if (! hash_equals((string) $baseRequest->id, (string) auth()->user()->getKey())) {
|
||||
throw new AuthorizationException;
|
||||
}
|
||||
|
||||
if (! hash_equals((string) $baseRequest->hash, sha1(auth()->user()->getEmailForVerification()))) {
|
||||
throw new AuthorizationException;
|
||||
}
|
||||
}
|
||||
|
||||
protected function emailAlreadyVerifiedResponse(): JsonResponse
|
||||
{
|
||||
return $this->setStatusCode(Response::HTTP_BAD_REQUEST)
|
||||
->respondWithError(__('E-Mail already verified.'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Resend the email verification notification.
|
||||
*/
|
||||
public function resend(Request $request): JsonResponse
|
||||
{
|
||||
if ($request->user()->hasVerifiedEmail()) {
|
||||
return $this->emailAlreadyVerifiedResponse();
|
||||
}
|
||||
|
||||
$request->user()->sendEmailVerificationNotification();
|
||||
|
||||
return $this->respondWithSuccess(Response::HTTP_ACCEPTED);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user