From 74231f552a77a013dac11e939dd2a0a6271d7a92 Mon Sep 17 00:00:00 2001 From: James Cole Date: Tue, 14 Jul 2015 22:45:00 +0200 Subject: [PATCH] Some login and session updates. --- app/Http/Controllers/Auth/AuthController.php | 50 ++++++++++++++++++- config/session.php | 8 +-- .../2015_07_14_202720_changes_for_v349.php | 35 +++++++++++++ 3 files changed, 88 insertions(+), 5 deletions(-) create mode 100644 database/migrations/2015_07_14_202720_changes_for_v349.php diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php index fadb4029dc..05b0bf5a2a 100644 --- a/app/Http/Controllers/Auth/AuthController.php +++ b/app/Http/Controllers/Auth/AuthController.php @@ -5,6 +5,7 @@ use FireflyIII\Http\Controllers\Controller; use FireflyIII\Models\Role; use FireflyIII\User; use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers; +use Illuminate\Foundation\Auth\ThrottlesLogins; use Illuminate\Http\Request; use Illuminate\Mail\Message; use Mail; @@ -31,7 +32,54 @@ class AuthController extends Controller | */ - use AuthenticatesAndRegistersUsers; + /** + * Handle a login request to the application. + * + * @param \Illuminate\Http\Request $request + * + * @return \Illuminate\Http\Response + */ + public function postLogin(Request $request) + { + $this->validate( + $request, [ + $this->loginUsername() => 'required', 'password' => 'required', + ] + ); + + // If the class is using the ThrottlesLogins trait, we can automatically throttle + // the login attempts for this application. We'll key this by the username and + // the IP address of the client making these requests into this application. + $throttles = $this->isUsingThrottlesLoginsTrait(); + + if ($throttles && $this->hasTooManyLoginAttempts($request)) { + return $this->sendLockoutResponse($request); + } + + $credentials = $this->getCredentials($request); + $credentials['blocked'] = 0; + + if (Auth::attempt($credentials, $request->has('remember'))) { + return $this->handleUserWasAuthenticated($request, $throttles); + } + + // If the login attempt was unsuccessful we will increment the number of attempts + // to login and redirect the user back to the login form. Of course, when this + // user surpasses their maximum number of attempts they will get locked out. + if ($throttles) { + $this->incrementLoginAttempts($request); + } + + return redirect($this->loginPath()) + ->withInput($request->only($this->loginUsername(), 'remember')) + ->withErrors( + [ + $this->loginUsername() => $this->getFailedLoginMessage(), + ] + ); + } + + use AuthenticatesAndRegistersUsers, ThrottlesLogins; public $redirectTo = '/'; diff --git a/config/session.php b/config/session.php index 466d9ba843..6052e79df5 100644 --- a/config/session.php +++ b/config/session.php @@ -16,7 +16,7 @@ return [ | */ - 'driver' => env('SESSION_DRIVER', 'file'), + 'driver' => env('SESSION_DRIVER', 'database'), /* |-------------------------------------------------------------------------- @@ -44,7 +44,7 @@ return [ | */ - 'encrypt' => false, + 'encrypt' => true, /* |-------------------------------------------------------------------------- @@ -70,7 +70,7 @@ return [ | */ - 'connection' => null, + 'connection' => env('DB_CONNECTION', 'mysql'), /* |-------------------------------------------------------------------------- @@ -109,7 +109,7 @@ return [ | */ - 'cookie' => 'laravel_session', + 'cookie' => 'firefly_session', /* |-------------------------------------------------------------------------- diff --git a/database/migrations/2015_07_14_202720_changes_for_v349.php b/database/migrations/2015_07_14_202720_changes_for_v349.php new file mode 100644 index 0000000000..2cd99ab8c4 --- /dev/null +++ b/database/migrations/2015_07_14_202720_changes_for_v349.php @@ -0,0 +1,35 @@ +boolean('blocked')->default(0); + } + ); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + // + } +}