complete story 1.3 with qa test & added future recommendations to the dev
This commit is contained in:
@@ -0,0 +1,26 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Enums\UserStatus;
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class EnsureUserIsActive
|
||||
{
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
if ($request->user()?->status === UserStatus::Deactivated) {
|
||||
Auth::logout();
|
||||
$request->session()->invalidate();
|
||||
$request->session()->regenerateToken();
|
||||
|
||||
return redirect()->route('login')
|
||||
->with('error', __('auth.account_deactivated'));
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class EnsureUserIsAdmin
|
||||
{
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
if (! $request->user()?->isAdmin()) {
|
||||
abort(403, __('messages.unauthorized'));
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,24 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\App;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class SetLocale
|
||||
{
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
$locale = $request->user()?->preferred_language
|
||||
?? session('locale')
|
||||
?? config('app.locale', 'ar');
|
||||
|
||||
if (in_array($locale, ['ar', 'en'])) {
|
||||
App::setLocale($locale);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,23 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Responses;
|
||||
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class LoginResponse implements LoginResponseContract
|
||||
{
|
||||
public function toResponse($request): Response
|
||||
{
|
||||
$user = $request->user();
|
||||
|
||||
$redirectPath = $user->isAdmin()
|
||||
? '/admin/dashboard'
|
||||
: '/client/dashboard';
|
||||
|
||||
return $request->wantsJson()
|
||||
? new JsonResponse(['two_factor' => false], 200)
|
||||
: redirect()->intended($redirectPath);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,23 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Responses;
|
||||
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Laravel\Fortify\Contracts\VerifyEmailResponse as VerifyEmailResponseContract;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class VerifyEmailResponse implements VerifyEmailResponseContract
|
||||
{
|
||||
public function toResponse($request): Response
|
||||
{
|
||||
$user = $request->user();
|
||||
|
||||
$redirectPath = $user->isAdmin()
|
||||
? '/admin/dashboard'
|
||||
: '/client/dashboard';
|
||||
|
||||
return $request->wantsJson()
|
||||
? new JsonResponse('', 204)
|
||||
: redirect()->intended($redirectPath.'?verified=1');
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,25 @@
|
||||
<?php
|
||||
|
||||
namespace App\Listeners;
|
||||
|
||||
use App\Models\AdminLog;
|
||||
use Illuminate\Auth\Events\Failed;
|
||||
|
||||
class LogFailedLoginAttempt
|
||||
{
|
||||
public function handle(Failed $event): void
|
||||
{
|
||||
AdminLog::create([
|
||||
'admin_id' => null,
|
||||
'action' => 'failed_login',
|
||||
'target_type' => 'user',
|
||||
'target_id' => null,
|
||||
'old_values' => null,
|
||||
'new_values' => [
|
||||
'email' => $event->credentials['email'] ?? 'unknown',
|
||||
],
|
||||
'ip_address' => request()->ip(),
|
||||
'created_at' => now(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
@@ -109,6 +109,14 @@ class User extends Authenticatable
|
||||
return $this->isIndividual() || $this->isCompany();
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user is active.
|
||||
*/
|
||||
public function isActive(): bool
|
||||
{
|
||||
return $this->status === UserStatus::Active;
|
||||
}
|
||||
|
||||
/**
|
||||
* Scope to filter admin users.
|
||||
*/
|
||||
|
||||
@@ -2,6 +2,9 @@
|
||||
|
||||
namespace App\Providers;
|
||||
|
||||
use App\Listeners\LogFailedLoginAttempt;
|
||||
use Illuminate\Auth\Events\Failed;
|
||||
use Illuminate\Support\Facades\Event;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
|
||||
class AppServiceProvider extends ServiceProvider
|
||||
@@ -19,6 +22,6 @@ class AppServiceProvider extends ServiceProvider
|
||||
*/
|
||||
public function boot(): void
|
||||
{
|
||||
//
|
||||
Event::listen(Failed::class, LogFailedLoginAttempt::class);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,11 +4,18 @@ namespace App\Providers;
|
||||
|
||||
use App\Actions\Fortify\CreateNewUser;
|
||||
use App\Actions\Fortify\ResetUserPassword;
|
||||
use App\Enums\UserStatus;
|
||||
use App\Http\Responses\LoginResponse;
|
||||
use App\Http\Responses\VerifyEmailResponse;
|
||||
use App\Models\User;
|
||||
use Illuminate\Cache\RateLimiting\Limit;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Support\Facades\RateLimiter;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
use Illuminate\Support\Str;
|
||||
use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
|
||||
use Laravel\Fortify\Contracts\VerifyEmailResponse as VerifyEmailResponseContract;
|
||||
use Laravel\Fortify\Fortify;
|
||||
|
||||
class FortifyServiceProvider extends ServiceProvider
|
||||
@@ -18,7 +25,8 @@ class FortifyServiceProvider extends ServiceProvider
|
||||
*/
|
||||
public function register(): void
|
||||
{
|
||||
//
|
||||
$this->app->singleton(LoginResponseContract::class, LoginResponse::class);
|
||||
$this->app->singleton(VerifyEmailResponseContract::class, VerifyEmailResponse::class);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -26,11 +34,30 @@ class FortifyServiceProvider extends ServiceProvider
|
||||
*/
|
||||
public function boot(): void
|
||||
{
|
||||
$this->configureAuthentication();
|
||||
$this->configureActions();
|
||||
$this->configureViews();
|
||||
$this->configureRateLimiting();
|
||||
}
|
||||
|
||||
/**
|
||||
* Configure custom authentication logic.
|
||||
*/
|
||||
private function configureAuthentication(): void
|
||||
{
|
||||
Fortify::authenticateUsing(function (Request $request) {
|
||||
$user = User::where('email', $request->email)->first();
|
||||
|
||||
if ($user &&
|
||||
Hash::check($request->password, $user->password) &&
|
||||
$user->status === UserStatus::Active) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
return null;
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Configure Fortify actions.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user