vendor and env first commit

2025-03-28 08:52:46 +01:00
parent f8388bc81b
commit 8f26283832
10976 changed files with 1349952 additions and 2 deletions
@@ -0,0 +1,115 @@
+<?php
+
+namespace Laravel\Fortify\Actions;
+
+use Illuminate\Auth\Events\Failed;
+use Illuminate\Contracts\Auth\StatefulGuard;
+use Illuminate\Validation\ValidationException;
+use Laravel\Fortify\Fortify;
+use Laravel\Fortify\LoginRateLimiter;
+
+class AttemptToAuthenticate
+{
+    /**
+     * The guard implementation.
+     *
+     * @var \Illuminate\Contracts\Auth\StatefulGuard
+     */
+    protected $guard;
+
+    /**
+     * The login rate limiter instance.
+     *
+     * @var \Laravel\Fortify\LoginRateLimiter
+     */
+    protected $limiter;
+
+    /**
+     * Create a new controller instance.
+     *
+     * @param  \Illuminate\Contracts\Auth\StatefulGuard  $guard
+     * @param  \Laravel\Fortify\LoginRateLimiter  $limiter
+     * @return void
+     */
+    public function __construct(StatefulGuard $guard, LoginRateLimiter $limiter)
+    {
+        $this->guard = $guard;
+        $this->limiter = $limiter;
+    }
+
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  callable  $next
+     * @return mixed
+     */
+    public function handle($request, $next)
+    {
+        if (Fortify::$authenticateUsingCallback) {
+            return $this->handleUsingCustomCallback($request, $next);
+        }
+
+        if ($this->guard->attempt(
+            $request->only(Fortify::username(), 'password'),
+            $request->boolean('remember'))
+        ) {
+            return $next($request);
+        }
+
+        $this->throwFailedAuthenticationException($request);
+    }
+
+    /**
+     * Attempt to authenticate using a custom callback.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  callable  $next
+     * @return mixed
+     */
+    protected function handleUsingCustomCallback($request, $next)
+    {
+        $user = call_user_func(Fortify::$authenticateUsingCallback, $request);
+
+        if (! $user) {
+            $this->fireFailedEvent($request);
+
+            return $this->throwFailedAuthenticationException($request);
+        }
+
+        $this->guard->login($user, $request->boolean('remember'));
+
+        return $next($request);
+    }
+
+    /**
+     * Throw a failed authentication validation exception.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return void
+     *
+     * @throws \Illuminate\Validation\ValidationException
+     */
+    protected function throwFailedAuthenticationException($request)
+    {
+        $this->limiter->increment($request);
+
+        throw ValidationException::withMessages([
+            Fortify::username() => [trans('auth.failed')],
+        ]);
+    }
+
+    /**
+     * Fire the failed authentication attempt event with the given arguments.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return void
+     */
+    protected function fireFailedEvent($request)
+    {
+        event(new Failed($this->guard?->name ?? config('fortify.guard'), null, [
+            Fortify::username() => $request->{Fortify::username()},
+            'password' => $request->password,
+        ]));
+    }
+}
@@ -0,0 +1,25 @@
+<?php
+
+namespace Laravel\Fortify\Actions;
+
+use Illuminate\Support\Str;
+use Laravel\Fortify\Fortify;
+
+class CanonicalizeUsername
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  callable  $next
+     * @return mixed
+     */
+    public function handle($request, $next)
+    {
+        $request->merge([
+            Fortify::username() => Str::lower($request->{Fortify::username()}),
+        ]);
+
+        return $next($request);
+    }
+}
@@ -0,0 +1,26 @@
+<?php
+
+namespace Laravel\Fortify\Actions;
+
+use Illuminate\Auth\Events\PasswordReset;
+use Illuminate\Contracts\Auth\StatefulGuard;
+use Illuminate\Support\Str;
+
+class CompletePasswordReset
+{
+    /**
+     * Complete the password reset process for the given user.
+     *
+     * @param  \Illuminate\Contracts\Auth\StatefulGuard  $guard
+     * @param  mixed  $user
+     * @return void
+     */
+    public function __invoke(StatefulGuard $guard, $user)
+    {
+        $user->setRememberToken(Str::random(60));
+
+        $user->save();
+
+        event(new PasswordReset($user));
+    }
+}
@@ -0,0 +1,43 @@
+<?php
+
+namespace Laravel\Fortify\Actions;
+
+use Illuminate\Contracts\Auth\StatefulGuard;
+use Laravel\Fortify\Fortify;
+
+class ConfirmPassword
+{
+    /**
+     * Confirm that the given password is valid for the given user.
+     *
+     * @param  \Illuminate\Contracts\Auth\StatefulGuard  $guard
+     * @param  mixed  $user
+     * @param  string|null  $password
+     * @return bool
+     */
+    public function __invoke(StatefulGuard $guard, $user, ?string $password = null)
+    {
+        $username = Fortify::username();
+
+        return is_null(Fortify::$confirmPasswordsUsingCallback) ? $guard->validate([
+            $username => $user->{$username},
+            'password' => $password,
+        ]) : $this->confirmPasswordUsingCustomCallback($user, $password);
+    }
+
+    /**
+     * Confirm the user's password using a custom callback.
+     *
+     * @param  mixed  $user
+     * @param  string|null  $password
+     * @return bool
+     */
+    protected function confirmPasswordUsingCustomCallback($user, ?string $password = null)
+    {
+        return call_user_func(
+            Fortify::$confirmPasswordsUsingCallback,
+            $user,
+            $password
+        );
+    }
+}
@@ -0,0 +1,52 @@
+<?php
+
+namespace Laravel\Fortify\Actions;
+
+use Illuminate\Validation\ValidationException;
+use Laravel\Fortify\Contracts\TwoFactorAuthenticationProvider;
+use Laravel\Fortify\Events\TwoFactorAuthenticationConfirmed;
+
+class ConfirmTwoFactorAuthentication
+{
+    /**
+     * The two factor authentication provider.
+     *
+     * @var \Laravel\Fortify\Contracts\TwoFactorAuthenticationProvider
+     */
+    protected $provider;
+
+    /**
+     * Create a new action instance.
+     *
+     * @param  \Laravel\Fortify\Contracts\TwoFactorAuthenticationProvider  $provider
+     * @return void
+     */
+    public function __construct(TwoFactorAuthenticationProvider $provider)
+    {
+        $this->provider = $provider;
+    }
+
+    /**
+     * Confirm the two factor authentication configuration for the user.
+     *
+     * @param  mixed  $user
+     * @param  string  $code
+     * @return void
+     */
+    public function __invoke($user, $code)
+    {
+        if (empty($user->two_factor_secret) ||
+            empty($code) ||
+            ! $this->provider->verify(decrypt($user->two_factor_secret), $code)) {
+            throw ValidationException::withMessages([
+                'code' => [__('The provided two factor authentication code was invalid.')],
+            ])->errorBag('confirmTwoFactorAuthentication');
+        }
+
+        $user->forceFill([
+            'two_factor_confirmed_at' => now(),
+        ])->save();
+
+        TwoFactorAuthenticationConfirmed::dispatch($user);
+    }
+}
@@ -0,0 +1,31 @@
+<?php
+
+namespace Laravel\Fortify\Actions;
+
+use Laravel\Fortify\Events\TwoFactorAuthenticationDisabled;
+use Laravel\Fortify\Fortify;
+
+class DisableTwoFactorAuthentication
+{
+    /**
+     * Disable two factor authentication for the user.
+     *
+     * @param  mixed  $user
+     * @return void
+     */
+    public function __invoke($user)
+    {
+        if (! is_null($user->two_factor_secret) ||
+            ! is_null($user->two_factor_recovery_codes) ||
+            ! is_null($user->two_factor_confirmed_at)) {
+            $user->forceFill([
+                'two_factor_secret' => null,
+                'two_factor_recovery_codes' => null,
+            ] + (Fortify::confirmsTwoFactorAuthentication() ? [
+                'two_factor_confirmed_at' => null,
+            ] : []))->save();
+
+            TwoFactorAuthenticationDisabled::dispatch($user);
+        }
+    }
+}
@@ -0,0 +1,50 @@
+<?php
+
+namespace Laravel\Fortify\Actions;
+
+use Illuminate\Support\Collection;
+use Laravel\Fortify\Contracts\TwoFactorAuthenticationProvider;
+use Laravel\Fortify\Events\TwoFactorAuthenticationEnabled;
+use Laravel\Fortify\RecoveryCode;
+
+class EnableTwoFactorAuthentication
+{
+    /**
+     * The two factor authentication provider.
+     *
+     * @var \Laravel\Fortify\Contracts\TwoFactorAuthenticationProvider
+     */
+    protected $provider;
+
+    /**
+     * Create a new action instance.
+     *
+     * @param  \Laravel\Fortify\Contracts\TwoFactorAuthenticationProvider  $provider
+     * @return void
+     */
+    public function __construct(TwoFactorAuthenticationProvider $provider)
+    {
+        $this->provider = $provider;
+    }
+
+    /**
+     * Enable two factor authentication for the user.
+     *
+     * @param  mixed  $user
+     * @param  bool  $force
+     * @return void
+     */
+    public function __invoke($user, $force = false)
+    {
+        if (empty($user->two_factor_secret) || $force === true) {
+            $user->forceFill([
+                'two_factor_secret' => encrypt($this->provider->generateSecretKey()),
+                'two_factor_recovery_codes' => encrypt(json_encode(Collection::times(8, function () {
+                    return RecoveryCode::generate();
+                })->all())),
+            ])->save();
+
+            TwoFactorAuthenticationEnabled::dispatch($user);
+        }
+    }
+}
@@ -0,0 +1,46 @@
+<?php
+
+namespace Laravel\Fortify\Actions;
+
+use Illuminate\Auth\Events\Lockout;
+use Laravel\Fortify\Contracts\LockoutResponse;
+use Laravel\Fortify\LoginRateLimiter;
+
+class EnsureLoginIsNotThrottled
+{
+    /**
+     * The login rate limiter instance.
+     *
+     * @var \Laravel\Fortify\LoginRateLimiter
+     */
+    protected $limiter;
+
+    /**
+     * Create a new class instance.
+     *
+     * @param  \Laravel\Fortify\LoginRateLimiter  $limiter
+     * @return void
+     */
+    public function __construct(LoginRateLimiter $limiter)
+    {
+        $this->limiter = $limiter;
+    }
+
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  callable  $next
+     * @return mixed
+     */
+    public function handle($request, $next)
+    {
+        if (! $this->limiter->tooManyAttempts($request)) {
+            return $next($request);
+        }
+
+        event(new Lockout($request));
+
+        return app(LockoutResponse::class);
+    }
+}
@@ -0,0 +1,27 @@
+<?php
+
+namespace Laravel\Fortify\Actions;
+
+use Illuminate\Support\Collection;
+use Laravel\Fortify\Events\RecoveryCodesGenerated;
+use Laravel\Fortify\RecoveryCode;
+
+class GenerateNewRecoveryCodes
+{
+    /**
+     * Generate new recovery codes for the user.
+     *
+     * @param  mixed  $user
+     * @return void
+     */
+    public function __invoke($user)
+    {
+        $user->forceFill([
+            'two_factor_recovery_codes' => encrypt(json_encode(Collection::times(8, function () {
+                return RecoveryCode::generate();
+            })->all())),
+        ])->save();
+
+        RecoveryCodesGenerated::dispatch($user);
+    }
+}
@@ -0,0 +1,44 @@
+<?php
+
+namespace Laravel\Fortify\Actions;
+
+use Laravel\Fortify\LoginRateLimiter;
+
+class PrepareAuthenticatedSession
+{
+    /**
+     * The login rate limiter instance.
+     *
+     * @var \Laravel\Fortify\LoginRateLimiter
+     */
+    protected $limiter;
+
+    /**
+     * Create a new class instance.
+     *
+     * @param  \Laravel\Fortify\LoginRateLimiter  $limiter
+     * @return void
+     */
+    public function __construct(LoginRateLimiter $limiter)
+    {
+        $this->limiter = $limiter;
+    }
+
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  callable  $next
+     * @return mixed
+     */
+    public function handle($request, $next)
+    {
+        if ($request->hasSession()) {
+            $request->session()->regenerate();
+        }
+
+        $this->limiter->clear($request);
+
+        return $next($request);
+    }
+}
@@ -0,0 +1,156 @@
+<?php
+
+namespace Laravel\Fortify\Actions;
+
+use Illuminate\Auth\Events\Failed;
+use Illuminate\Contracts\Auth\StatefulGuard;
+use Illuminate\Validation\ValidationException;
+use Laravel\Fortify\Events\TwoFactorAuthenticationChallenged;
+use Laravel\Fortify\Fortify;
+use Laravel\Fortify\LoginRateLimiter;
+use Laravel\Fortify\TwoFactorAuthenticatable;
+
+class RedirectIfTwoFactorAuthenticatable
+{
+    /**
+     * The guard implementation.
+     *
+     * @var \Illuminate\Contracts\Auth\StatefulGuard
+     */
+    protected $guard;
+
+    /**
+     * The login rate limiter instance.
+     *
+     * @var \Laravel\Fortify\LoginRateLimiter
+     */
+    protected $limiter;
+
+    /**
+     * Create a new controller instance.
+     *
+     * @param  \Illuminate\Contracts\Auth\StatefulGuard  $guard
+     * @param  \Laravel\Fortify\LoginRateLimiter  $limiter
+     * @return void
+     */
+    public function __construct(StatefulGuard $guard, LoginRateLimiter $limiter)
+    {
+        $this->guard = $guard;
+        $this->limiter = $limiter;
+    }
+
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  callable  $next
+     * @return mixed
+     */
+    public function handle($request, $next)
+    {
+        $user = $this->validateCredentials($request);
+
+        if (Fortify::confirmsTwoFactorAuthentication()) {
+            if (optional($user)->two_factor_secret &&
+                ! is_null(optional($user)->two_factor_confirmed_at) &&
+                in_array(TwoFactorAuthenticatable::class, class_uses_recursive($user))) {
+                return $this->twoFactorChallengeResponse($request, $user);
+            } else {
+                return $next($request);
+            }
+        }
+
+        if (optional($user)->two_factor_secret &&
+            in_array(TwoFactorAuthenticatable::class, class_uses_recursive($user))) {
+            return $this->twoFactorChallengeResponse($request, $user);
+        }
+
+        return $next($request);
+    }
+
+    /**
+     * Attempt to validate the incoming credentials.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return mixed
+     */
+    protected function validateCredentials($request)
+    {
+        if (Fortify::$authenticateUsingCallback) {
+            return tap(call_user_func(Fortify::$authenticateUsingCallback, $request), function ($user) use ($request) {
+                if (! $user) {
+                    $this->fireFailedEvent($request);
+
+                    $this->throwFailedAuthenticationException($request);
+                }
+            });
+        }
+
+        $model = $this->guard->getProvider()->getModel();
+
+        return tap($model::where(Fortify::username(), $request->{Fortify::username()})->first(), function ($user) use ($request) {
+            if (! $user || ! $this->guard->getProvider()->validateCredentials($user, ['password' => $request->password])) {
+                $this->fireFailedEvent($request, $user);
+
+                $this->throwFailedAuthenticationException($request);
+            }
+
+            if (config('hashing.rehash_on_login', true) && method_exists($this->guard->getProvider(), 'rehashPasswordIfRequired')) {
+                $this->guard->getProvider()->rehashPasswordIfRequired($user, ['password' => $request->password]);
+            }
+        });
+    }
+
+    /**
+     * Throw a failed authentication validation exception.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return void
+     *
+     * @throws \Illuminate\Validation\ValidationException
+     */
+    protected function throwFailedAuthenticationException($request)
+    {
+        $this->limiter->increment($request);
+
+        throw ValidationException::withMessages([
+            Fortify::username() => [trans('auth.failed')],
+        ]);
+    }
+
+    /**
+     * Fire the failed authentication attempt event with the given arguments.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Illuminate\Contracts\Auth\Authenticatable|null  $user
+     * @return void
+     */
+    protected function fireFailedEvent($request, $user = null)
+    {
+        event(new Failed($this->guard?->name ?? config('fortify.guard'), $user, [
+            Fortify::username() => $request->{Fortify::username()},
+            'password' => $request->password,
+        ]));
+    }
+
+    /**
+     * Get the two factor authentication enabled response.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  mixed  $user
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
+    protected function twoFactorChallengeResponse($request, $user)
+    {
+        $request->session()->put([
+            'login.id' => $user->getKey(),
+            'login.remember' => $request->boolean('remember'),
+        ]);
+
+        TwoFactorAuthenticationChallenged::dispatch($user);
+
+        return $request->wantsJson()
+                    ? response()->json(['two_factor' => true])
+                    : redirect()->route('two-factor.login');
+    }
+}