131 lines
3.4 KiB
PHP
131 lines
3.4 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Auth;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Models\User;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Validation\Rules\Password;
|
|
|
|
class WebAuthController extends Controller
|
|
{
|
|
public function showLogin()
|
|
{
|
|
return view('auth.login');
|
|
}
|
|
|
|
public function login(Request $request)
|
|
{
|
|
$credentials = $request->validate([
|
|
'email' => ['required', 'email'],
|
|
'password' => ['required'],
|
|
]);
|
|
|
|
$user = User::where('email', $request->email)->first();
|
|
|
|
if (!$user || !Hash::check($request->password, $user->password)) {
|
|
return back()->withErrors([
|
|
'email' => __('auth.failed'),
|
|
])->onlyInput('email');
|
|
}
|
|
|
|
// Check if 2FA is enabled
|
|
if ($user->isTwoFactorEnabled()) {
|
|
session(['2fa_user_id' => $user->id]);
|
|
return redirect()->route('2fa.challenge');
|
|
}
|
|
|
|
Auth::login($user, $request->boolean('remember'));
|
|
$request->session()->regenerate();
|
|
|
|
return redirect()->intended(route('dashboard'));
|
|
}
|
|
|
|
public function show2FAChallenge()
|
|
{
|
|
if (!session()->has('2fa_user_id')) {
|
|
return redirect()->route('login');
|
|
}
|
|
return view('auth.2fa-challenge');
|
|
}
|
|
|
|
public function verify2FA(Request $request)
|
|
{
|
|
$request->validate([
|
|
'code' => ['required', 'string'],
|
|
]);
|
|
|
|
$userId = session('2fa_user_id');
|
|
if (!$userId) {
|
|
return redirect()->route('login');
|
|
}
|
|
|
|
$user = User::find($userId);
|
|
if (!$user) {
|
|
return redirect()->route('login');
|
|
}
|
|
|
|
$google2fa = app('pragmarx.google2fa');
|
|
$secret = $user->getTwoFactorSecret();
|
|
|
|
$valid = $google2fa->verifyKey($secret, $request->code);
|
|
|
|
// Check recovery codes if TOTP is invalid
|
|
if (!$valid) {
|
|
$recoveryCodes = $user->two_factor_recovery_codes ?? [];
|
|
if (in_array($request->code, $recoveryCodes)) {
|
|
$user->two_factor_recovery_codes = array_diff($recoveryCodes, [$request->code]);
|
|
$user->save();
|
|
$valid = true;
|
|
}
|
|
}
|
|
|
|
if (!$valid) {
|
|
return back()->withErrors([
|
|
'code' => __('auth.2fa_invalid'),
|
|
]);
|
|
}
|
|
|
|
session()->forget('2fa_user_id');
|
|
Auth::login($user);
|
|
$request->session()->regenerate();
|
|
|
|
return redirect()->intended(route('dashboard'));
|
|
}
|
|
|
|
public function showRegister()
|
|
{
|
|
return view('auth.register');
|
|
}
|
|
|
|
public function register(Request $request)
|
|
{
|
|
$request->validate([
|
|
'name' => ['required', 'string', 'max:255'],
|
|
'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
|
|
'password' => ['required', 'confirmed', Password::defaults()],
|
|
]);
|
|
|
|
$user = User::create([
|
|
'name' => $request->name,
|
|
'email' => $request->email,
|
|
'password' => Hash::make($request->password),
|
|
]);
|
|
|
|
Auth::login($user);
|
|
|
|
return redirect()->route('dashboard');
|
|
}
|
|
|
|
public function logout(Request $request)
|
|
{
|
|
Auth::logout();
|
|
$request->session()->invalidate();
|
|
$request->session()->regenerateToken();
|
|
|
|
return redirect()->route('login');
|
|
}
|
|
}
|