82 lines
2.2 KiB
PHP
82 lines
2.2 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Auth;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Http\Requests\Auth\LoginRequest;
|
|
use App\Services\Auth\AuthAuditLogger;
|
|
use App\Services\Security\CaptchaVerifier;
|
|
use Illuminate\Http\RedirectResponse;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\View\View;
|
|
|
|
class AuthenticatedSessionController extends Controller
|
|
{
|
|
/**
|
|
* Display the login view.
|
|
*/
|
|
public function __construct(
|
|
private readonly CaptchaVerifier $captchaVerifier,
|
|
private readonly AuthAuditLogger $authAuditLogger,
|
|
) {
|
|
}
|
|
|
|
public function create(): View
|
|
{
|
|
return view('auth.login', [
|
|
'requiresCaptcha' => session('bot_captcha_required', false),
|
|
'captcha' => $this->captchaVerifier->frontendConfig(),
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Handle an incoming authentication request.
|
|
*/
|
|
public function store(LoginRequest $request): RedirectResponse
|
|
{
|
|
$request->authenticate();
|
|
|
|
$user = $request->authenticatedUser();
|
|
|
|
$this->authAuditLogger->log(
|
|
eventType: 'login',
|
|
request: $request,
|
|
status: 'success',
|
|
identifier: (string) $request->input('email'),
|
|
user: $user,
|
|
metadata: [
|
|
'via' => $request->authenticatedViaUsername() ? 'username' : 'email',
|
|
'remember' => $request->boolean('remember'),
|
|
],
|
|
);
|
|
|
|
$request->session()->regenerate();
|
|
|
|
if ($user && $request->authenticatedViaUsername() && ! $user->hasCompletedOnboarding()) {
|
|
$request->session()->put('username_login_upgrade', true);
|
|
|
|
return redirect()->route('setup.email.create')
|
|
->with('status', 'Add and verify your email address to continue setup.');
|
|
}
|
|
|
|
$request->session()->forget('username_login_upgrade');
|
|
|
|
return redirect()->intended(route('dashboard'));
|
|
}
|
|
|
|
/**
|
|
* Destroy an authenticated session.
|
|
*/
|
|
public function destroy(Request $request): RedirectResponse
|
|
{
|
|
Auth::guard('web')->logout();
|
|
|
|
$request->session()->invalidate();
|
|
|
|
$request->session()->regenerateToken();
|
|
|
|
return redirect('/');
|
|
}
|
|
}
|