198 lines
6.1 KiB
PHP
198 lines
6.1 KiB
PHP
<?php
|
|
|
|
namespace Vanguard\Http\Controllers\Web\Auth;
|
|
|
|
use Auth;
|
|
use Illuminate\Contracts\Auth\Authenticatable as BaseAuthenticatable;
|
|
use Illuminate\Contracts\View\View;
|
|
use Illuminate\Http\RedirectResponse;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Http\Response;
|
|
use Vanguard\Events\User\LoggedIn;
|
|
use Vanguard\Events\User\LoggedOut;
|
|
use Vanguard\Http\Controllers\Controller;
|
|
use Vanguard\Http\Requests\Auth\LoginRequest;
|
|
use Vanguard\Repositories\Session\SessionRepository;
|
|
use Vanguard\Repositories\User\UserRepository;
|
|
use Vanguard\Services\Auth\ThrottlesLogins;
|
|
use Vanguard\User;
|
|
use Vanguard\Models\School;
|
|
|
|
class LoginController extends Controller
|
|
{
|
|
use ThrottlesLogins;
|
|
|
|
public function __construct(private readonly UserRepository $users)
|
|
{
|
|
$this->middleware('guest')->except('logout');
|
|
$this->middleware('auth')->only('logout');
|
|
}
|
|
|
|
/**
|
|
* Show the application login form.
|
|
*/
|
|
public function show($school = null): View
|
|
{
|
|
// Debug: aggiungiamo un log per verificare se arriviamo qui
|
|
\Log::info('LoginController::show chiamato con school = ' . ($school ?? 'null'));
|
|
|
|
// Cerca la scuola in base allo slug
|
|
$schoolData = null;
|
|
if ($school) {
|
|
$schoolData = School::where('slug', $school)->first();
|
|
}
|
|
|
|
return view('auth.login', [
|
|
'socialProviders' => config('auth.social.providers'),
|
|
'school_slug' => $school,
|
|
'school_logo' => $schoolData ? $schoolData->logo : null,
|
|
]);
|
|
}
|
|
|
|
public function login(LoginRequest $request, SessionRepository $sessions): Response|RedirectResponse
|
|
{
|
|
// Debug: aggiungiamo un log per verificare se arriviamo qui
|
|
\Log::info('LoginController::login chiamato con input: ' . json_encode($request->all()));
|
|
|
|
// In case that request throttling is enabled, we have to check if user can perform this request.
|
|
$throttles = (bool) setting('throttle_enabled');
|
|
|
|
// Redirect URL that can be passed as hidden field.
|
|
$to = $request->has('to') ? '?to=' . $request->get('to') : '';
|
|
|
|
if ($throttles && $this->hasTooManyLoginAttempts($request)) {
|
|
return $this->sendLockoutResponse($request);
|
|
}
|
|
|
|
// Validazione del campo school
|
|
$schoolSlug = $request->input('school');
|
|
|
|
if ($schoolSlug) {
|
|
$school = School::where('slug', $schoolSlug)->first();
|
|
|
|
if ($school) {
|
|
// Se presente e valida → salva in sessione
|
|
$request->session()->put('school_id', $school->id);
|
|
}
|
|
// ⚠️ se non esiste → NON blocchiamo il login
|
|
}
|
|
// ⚠️ se è vuota → NON facciamo nulla
|
|
|
|
|
|
$credentials = $request->getCredentials();
|
|
|
|
if (! Auth::validate($credentials)) {
|
|
if ($throttles) {
|
|
$this->incrementLoginAttempts($request);
|
|
}
|
|
|
|
return redirect()->to('login' . $to)
|
|
->withErrors(trans('auth.failed'));
|
|
}
|
|
|
|
$user = Auth::getProvider()->retrieveByCredentials($credentials);
|
|
|
|
if ($user->isBanned()) {
|
|
return redirect()->to('login' . $to)
|
|
->withErrors(trans('auth.banned'));
|
|
}
|
|
|
|
$maxSessions = setting('max_active_sessions');
|
|
if ($maxSessions && $sessions->getActiveSessionsCount($user->id) >= $maxSessions) {
|
|
return redirect()->to('login' . $to)
|
|
->withErrors(trans('auth.max_sessions_reached'));
|
|
}
|
|
|
|
Auth::login($user, setting('remember_me') && $request->get('remember'));
|
|
|
|
return $this->authenticated($request, $throttles, $user);
|
|
}
|
|
|
|
/**
|
|
* Send the response after the user was authenticated.
|
|
*/
|
|
protected function authenticated(
|
|
Request $request,
|
|
bool $throttles,
|
|
BaseAuthenticatable $user,
|
|
): Response|RedirectResponse {
|
|
if ($throttles) {
|
|
$this->clearLoginAttempts($request);
|
|
}
|
|
|
|
// Redirezione basata sul ruolo
|
|
if ($user->hasRole('Admin')) {
|
|
return redirect()->to('userarea/admin.php');
|
|
} elseif ($user->hasRole('User')) {
|
|
return redirect()->to('userarea/select_school.php');
|
|
} elseif ($user->hasRole('teacher')) {
|
|
return redirect()->to('userarea/teacher.php');
|
|
} elseif ($user->hasRole('school_owner')) {
|
|
return redirect()->to('userarea/school_dashboard.php');
|
|
}
|
|
|
|
return redirect()->intended('userarea/default.php');
|
|
}
|
|
|
|
protected function logoutAndRedirectToTokenPage(Request $request, $user, ?string $redirectPage): RedirectResponse
|
|
{
|
|
Auth::logout();
|
|
|
|
$request->session()->put('auth.2fa.id', $user->id);
|
|
|
|
if ($redirectPage) {
|
|
$request->session()->put('auth.redirect_to', $redirectPage);
|
|
}
|
|
|
|
return redirect()->route('auth.token');
|
|
}
|
|
|
|
/**
|
|
* Log the user out of the application.
|
|
*/
|
|
|
|
|
|
public function logout(Request $request): RedirectResponse
|
|
{
|
|
event(new LoggedOut);
|
|
|
|
// 1) Logout Laravel
|
|
Auth::logout();
|
|
|
|
// 2) Pulisci + invalida session Laravel (NON solo forget)
|
|
$request->session()->forget(['school_id', 'school_name', 'school_selected']);
|
|
$request->session()->invalidate();
|
|
$request->session()->regenerateToken();
|
|
|
|
// 3) Pulisci anche la session PHP nativa usata in userarea (PHPSESSID)
|
|
if (session_status() !== PHP_SESSION_ACTIVE) {
|
|
@session_start();
|
|
}
|
|
|
|
unset(
|
|
$_SESSION['school_id'],
|
|
$_SESSION['school_name'],
|
|
$_SESSION['school_selected']
|
|
);
|
|
|
|
// Se vuoi essere ancora più “definitivo”, distruggi tutta la PHP session:
|
|
$_SESSION = [];
|
|
|
|
if (ini_get('session.use_cookies')) {
|
|
$params = session_get_cookie_params();
|
|
setcookie(
|
|
session_name(),
|
|
'',
|
|
time() - 42000,
|
|
$params['path'],
|
|
$params['domain'],
|
|
$params['secure'],
|
|
$params['httponly']
|
|
);
|
|
}
|
|
@session_destroy();
|
|
|
|
return redirect('login');
|
|
}
|
|
}
|