debesocial/biiproject-kit-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9b17d9138070a6381031649421ae874669159604
biiproject-kit-v2/app/Http/Controllers/Auth/AuthenticatedSessionController.php
T

104 lines
3.5 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Http\Requests\Auth\LoginRequest;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Route;
use Inertia\Inertia;
use Inertia\Response;
class AuthenticatedSessionController extends Controller
{
/**
* Display the login view.
*/
public function create(): Response
{
return Inertia::render('Auth/Login', [
'canResetPassword' => Route::has('password.request'),
'status' => session('status'),
]);
}
/**
* Handle an incoming authentication request.
*/
public function store(LoginRequest $request): RedirectResponse
{
$request->authenticate();
$request->session()->regenerate();
$user = Auth::user();
// Check global 2FA toggles
$totpAllowed = true;
$emailAllowed = true;
try {
$settings = \Illuminate\Support\Facades\Cache::rememberForever('system_settings', function () {
return \App\Models\Setting::all()->pluck('value', 'key')->toArray();
});
if (isset($settings['two_factor_totp_enabled'])) {
$totpAllowed = $settings['two_factor_totp_enabled'] === '1' || $settings['two_factor_totp_enabled'] === true;
}
if (isset($settings['two_factor_email_enabled'])) {
$emailAllowed = $settings['two_factor_email_enabled'] === '1' || $settings['two_factor_email_enabled'] === true;
}
} catch (\Exception $e) {
// DB not ready or migrated
}
// If user has 2FA enabled, and it's globally allowed, redirect to challenge screen
if ($totpAllowed && $user->two_factor_confirmed_at && $user->two_factor_secret) {
$request->session()->put('two_factor_user_id', $user->id);
$request->session()->put('two_factor_type', 'totp');
Auth::guard('web')->logout();
$request->session()->forget('password_hash_web');
return redirect()->route('two-factor.challenge');
}
// If user has Email 2FA enabled, and it's globally allowed, redirect to email challenge
if ($emailAllowed && $user->email_2fa_enabled) {
$code = str_pad(mt_rand(100000, 999999), 6, '0', STR_PAD_LEFT);
$user->update([
'email_2fa_code' => $code,
'email_2fa_expires_at' => now()->addMinutes(10),
]);
try {
\Illuminate\Support\Facades\Mail::to($user->email)->send(new \App\Mail\Send2FACode($code));
} catch (\Exception $e) {
\Illuminate\Support\Facades\Log::error("Failed to send 2FA Email Code: " . $e->getMessage());
}
$request->session()->put('two_factor_user_id', $user->id);
$request->session()->put('two_factor_type', 'email');
Auth::guard('web')->logout();
$request->session()->forget('password_hash_web');
return redirect()->route('two-factor.challenge');
}
return redirect()->intended(route('dashboard', absolute: false));
}
/**
* Destroy an authenticated session.
*/
public function destroy(Request $request): RedirectResponse
{
Auth::guard('web')->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect('/');
}
}
Reference in New Issue View Git Blame Copy Permalink