complete story 1.3 with qa test & added future recommendations to the dev

This commit is contained in:
Naser Mansour
2025-12-26 14:04:24 +02:00
parent 84d9c2f66a
commit ebb6841ed0
29 changed files with 760 additions and 101 deletions
@@ -0,0 +1,26 @@
<?php
namespace App\Http\Middleware;
use App\Enums\UserStatus;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Symfony\Component\HttpFoundation\Response;
class EnsureUserIsActive
{
public function handle(Request $request, Closure $next): Response
{
if ($request->user()?->status === UserStatus::Deactivated) {
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect()->route('login')
->with('error', __('auth.account_deactivated'));
}
return $next($request);
}
}
+19
View File
@@ -0,0 +1,19 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class EnsureUserIsAdmin
{
public function handle(Request $request, Closure $next): Response
{
if (! $request->user()?->isAdmin()) {
abort(403, __('messages.unauthorized'));
}
return $next($request);
}
}
+24
View File
@@ -0,0 +1,24 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\App;
use Symfony\Component\HttpFoundation\Response;
class SetLocale
{
public function handle(Request $request, Closure $next): Response
{
$locale = $request->user()?->preferred_language
?? session('locale')
?? config('app.locale', 'ar');
if (in_array($locale, ['ar', 'en'])) {
App::setLocale($locale);
}
return $next($request);
}
}
+23
View File
@@ -0,0 +1,23 @@
<?php
namespace App\Http\Responses;
use Illuminate\Http\JsonResponse;
use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
use Symfony\Component\HttpFoundation\Response;
class LoginResponse implements LoginResponseContract
{
public function toResponse($request): Response
{
$user = $request->user();
$redirectPath = $user->isAdmin()
? '/admin/dashboard'
: '/client/dashboard';
return $request->wantsJson()
? new JsonResponse(['two_factor' => false], 200)
: redirect()->intended($redirectPath);
}
}
@@ -0,0 +1,23 @@
<?php
namespace App\Http\Responses;
use Illuminate\Http\JsonResponse;
use Laravel\Fortify\Contracts\VerifyEmailResponse as VerifyEmailResponseContract;
use Symfony\Component\HttpFoundation\Response;
class VerifyEmailResponse implements VerifyEmailResponseContract
{
public function toResponse($request): Response
{
$user = $request->user();
$redirectPath = $user->isAdmin()
? '/admin/dashboard'
: '/client/dashboard';
return $request->wantsJson()
? new JsonResponse('', 204)
: redirect()->intended($redirectPath.'?verified=1');
}
}
+25
View File
@@ -0,0 +1,25 @@
<?php
namespace App\Listeners;
use App\Models\AdminLog;
use Illuminate\Auth\Events\Failed;
class LogFailedLoginAttempt
{
public function handle(Failed $event): void
{
AdminLog::create([
'admin_id' => null,
'action' => 'failed_login',
'target_type' => 'user',
'target_id' => null,
'old_values' => null,
'new_values' => [
'email' => $event->credentials['email'] ?? 'unknown',
],
'ip_address' => request()->ip(),
'created_at' => now(),
]);
}
}
+8
View File
@@ -109,6 +109,14 @@ class User extends Authenticatable
return $this->isIndividual() || $this->isCompany();
}
/**
* Check if user is active.
*/
public function isActive(): bool
{
return $this->status === UserStatus::Active;
}
/**
* Scope to filter admin users.
*/
+4 -1
View File
@@ -2,6 +2,9 @@
namespace App\Providers;
use App\Listeners\LogFailedLoginAttempt;
use Illuminate\Auth\Events\Failed;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\ServiceProvider;
class AppServiceProvider extends ServiceProvider
@@ -19,6 +22,6 @@ class AppServiceProvider extends ServiceProvider
*/
public function boot(): void
{
//
Event::listen(Failed::class, LogFailedLoginAttempt::class);
}
}
+28 -1
View File
@@ -4,11 +4,18 @@ namespace App\Providers;
use App\Actions\Fortify\CreateNewUser;
use App\Actions\Fortify\ResetUserPassword;
use App\Enums\UserStatus;
use App\Http\Responses\LoginResponse;
use App\Http\Responses\VerifyEmailResponse;
use App\Models\User;
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Str;
use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
use Laravel\Fortify\Contracts\VerifyEmailResponse as VerifyEmailResponseContract;
use Laravel\Fortify\Fortify;
class FortifyServiceProvider extends ServiceProvider
@@ -18,7 +25,8 @@ class FortifyServiceProvider extends ServiceProvider
*/
public function register(): void
{
//
$this->app->singleton(LoginResponseContract::class, LoginResponse::class);
$this->app->singleton(VerifyEmailResponseContract::class, VerifyEmailResponse::class);
}
/**
@@ -26,11 +34,30 @@ class FortifyServiceProvider extends ServiceProvider
*/
public function boot(): void
{
$this->configureAuthentication();
$this->configureActions();
$this->configureViews();
$this->configureRateLimiting();
}
/**
* Configure custom authentication logic.
*/
private function configureAuthentication(): void
{
Fortify::authenticateUsing(function (Request $request) {
$user = User::where('email', $request->email)->first();
if ($user &&
Hash::check($request->password, $user->password) &&
$user->status === UserStatus::Active) {
return $user;
}
return null;
});
}
/**
* Configure Fortify actions.
*/