diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php old mode 100644 new mode 100755 index c4f5ba4f9b..26510cf6a3 --- a/app/Http/Controllers/Auth/AuthController.php +++ b/app/Http/Controllers/Auth/AuthController.php @@ -1,4 +1,6 @@ -middleware('guest', ['except' => 'logout']); } /** @@ -42,13 +58,14 @@ class AuthController extends Controller * * @return \Illuminate\Http\Response */ - public function getRegister() + public function showRegistrationForm() { $host = Rq::getHttpHost(); return view('auth.register', compact('host')); } + /** * Handle a login request to the application. * @@ -56,9 +73,17 @@ class AuthController extends Controller * * @return \Illuminate\Http\Response */ - public function postLogin(Request $request) + public function login(Request $request) { - $this->validate($request, [$this->loginUsername() => 'required', 'password' => 'required',]); + $this->validate( + $request, [ + $this->loginUsername() => 'required', 'password' => 'required', + ] + ); + + // If the class is using the ThrottlesLogins trait, we can automatically throttle + // the login attempts for this application. We'll key this by the username and + // the IP address of the client making these requests into this application. $throttles = $this->isUsingThrottlesLoginsTrait(); if ($throttles && $this->hasTooManyLoginAttempts($request)) { @@ -68,67 +93,112 @@ class AuthController extends Controller $credentials = $this->getCredentials($request); $credentials['blocked'] = 0; // most not be blocked. - if (Auth::attempt($credentials, $request->has('remember'))) { + if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) { return $this->handleUserWasAuthenticated($request, $throttles); } - $message = $this->getFailedLoginMessage(); + // check if user is blocked: + $message = ''; /** @var User $foundUser */ $foundUser = User::where('email', $credentials['email'])->where('blocked', 1)->first(); if (!is_null($foundUser)) { // if it exists, show message: $code = $foundUser->blocked_code; + if (strlen($code) == 0) { $code = 'general_blocked'; } $message = trans('firefly.' . $code . '_error', ['email' => $credentials['email']]); } + + // If the login attempt was unsuccessful we will increment the number of attempts + // to login and redirect the user back to the login form. Of course, when this + // user surpasses their maximum number of attempts they will get locked out. if ($throttles) { $this->incrementLoginAttempts($request); } - return redirect($this->loginPath()) - ->withInput($request->only($this->loginUsername(), 'remember')) - ->withErrors([$this->loginUsername() => $message,]); - } - - - public $redirectTo = '/'; - - /** - * Create a new authentication controller instance. - * - * @codeCoverageIgnore - * - */ - public function __construct() - { - parent::__construct(); - - $this->middleware('guest', ['except' => 'getLogout']); + return $this->sendFailedLoginResponse($request, $message); } /** - * Show the application login form. + * Get the failed login response instance. + * + * @param \Illuminate\Http\Request $request * - * @codeCoverageIgnore * @return \Illuminate\Http\Response - * */ - public function getLogin() + protected function sendFailedLoginResponse(Request $request, $message) { - return Twig::render('auth.login'); + return redirect()->back() + ->withInput($request->only($this->loginUsername(), 'remember')) + ->withErrors( + [ + $this->loginUsername() => $this->getFailedLoginMessage($message), + ] + ); + } + + /** + * Get the failed login message. + * + * @return string + */ + protected function getFailedLoginMessage($message) + { + if (strlen($message) > 0) { + return $message; + } + + return Lang::has('auth.failed') + ? Lang::get('auth.failed') + : 'These credentials do not match our records.'; + } + + + /** + * Get a validator for an incoming registration request. + * + * @param array $data + * + * @return \Illuminate\Contracts\Validation\Validator + */ + protected function validator(array $data) + { + return Validator::make( + $data, [ + 'email' => 'required|email|max:255|unique:users', + 'password' => 'required|confirmed|min:6', + ] + ); + } + + /** + * Create a new user instance after a valid registration. + * + * @param array $data + * + * @return User + */ + protected function create(array $data) + { + return User::create( + [ + 'email' => $data['email'], + 'password' => bcrypt($data['password']), + ] + ); } /** * Handle a registration request for the application. * - * @param Request $request + * @param \Illuminate\Http\Request $request * - * @return \Illuminate\Http\RedirectResponse + * @return \Illuminate\Http\Response */ - public function postRegister(Request $request) + public function register(Request $request) { $validator = $this->validator($request->all()); @@ -136,10 +206,7 @@ class AuthController extends Controller $this->throwValidationException( $request, $validator ); - // @codeCoverageIgnoreStart } - // @codeCoverageIgnoreEnd - $data = $request->all(); $data['password'] = bcrypt($data['password']); @@ -152,7 +219,8 @@ class AuthController extends Controller ); } - Auth::login($this->create($data)); + + Auth::login($this->create($request->all())); // get the email address if (Auth::user() instanceof User) { @@ -187,8 +255,8 @@ class AuthController extends Controller // @codeCoverageIgnoreStart abort(500, 'Not a user!'); - return redirect('/'); - // @codeCoverageIgnoreEnd + + return redirect($this->redirectPath()); } /** @@ -225,37 +293,4 @@ class AuthController extends Controller return false; } - /** - * Get a validator for an incoming registration request. - * - * @param array $data - * - * @return \Illuminate\Contracts\Validation\Validator - */ - public function validator(array $data) - { - return Validator::make( - $data, [ - 'email' => 'required|email|max:255|unique:users', - 'password' => 'required|confirmed|min:6', - ] - ); - } - - /** - * Create a new user instance after a valid registration. - * - * @param array $data - * - * @return User - */ - public function create(array $data) - { - return User::create( - [ - 'email' => $data['email'], - 'password' => $data['password'], - ] - ); - } } diff --git a/app/Http/Controllers/Auth/PasswordController.php b/app/Http/Controllers/Auth/PasswordController.php old mode 100644 new mode 100755 index 72944e31f1..855f8895a9 --- a/app/Http/Controllers/Auth/PasswordController.php +++ b/app/Http/Controllers/Auth/PasswordController.php @@ -1,4 +1,6 @@ -validate($request, ['email' => 'required|email']); @@ -70,16 +62,13 @@ class PasswordController extends Controller switch ($response) { case Password::RESET_LINK_SENT: - return redirect()->back()->with('status', trans($response)); + return $this->getSendResetLinkEmailSuccessResponse($response); case Password::INVALID_USER: case 'passwords.blocked': - return redirect()->back()->withErrors(['email' => trans($response)]); - + default: + return $this->getSendResetLinkEmailFailureResponse($response); } - abort(404); - - return ''; } } diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php old mode 100644 new mode 100755 index 55d0bc1765..7a0c715502 --- a/app/Http/Controllers/Controller.php +++ b/app/Http/Controllers/Controller.php @@ -1,30 +1,27 @@ - [ + \FireflyIII\Http\Middleware\EncryptCookies::class, + \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, + \Illuminate\Session\Middleware\StartSession::class, + \Illuminate\View\Middleware\ShareErrorsFromSession::class, + \FireflyIII\Http\Middleware\VerifyCsrfToken::class, + ], + + 'api' => [ + 'throttle:60,1', + ], ]; /** * The application's route middleware. * + * These middleware may be assigned to groups or used individually. + * * @var array */ protected $routeMiddleware = [ - 'auth' => 'FireflyIII\Http\Middleware\Authenticate', - 'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth', - 'guest' => 'FireflyIII\Http\Middleware\RedirectIfAuthenticated', - 'range' => 'FireflyIII\Http\Middleware\Range', - + 'auth' => \FireflyIII\Http\Middleware\Authenticate::class, + 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, + 'guest' => \FireflyIII\Http\Middleware\RedirectIfAuthenticated::class, + 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, + 'range' => \FireflyIII\Http\Middleware\Range::class, ]; - } diff --git a/app/Http/routes.php b/app/Http/routes.php index 891e36424e..8e6aba0054 100644 --- a/app/Http/routes.php +++ b/app/Http/routes.php @@ -260,21 +260,18 @@ Route::bind( ); -/** - * Auth\AuthController - */ -Route::get('/register', ['uses' => 'Auth\AuthController@getRegister', 'as' => 'register']); +// auth routes, i think +Route::group( + ['middleware' => 'web'], function () { + Route::auth(); -Route::controllers( - [ - 'auth' => 'Auth\AuthController', - 'password' => 'Auth\PasswordController', - ] + Route::get('/home', 'HomeController@index'); +} ); Route::group( - ['middleware' => ['auth', 'range']], function () { + ['middleware' => ['auth', 'range', 'web']], function () { /** * Home Controller