/**
* auth user.
*
* @param Request $request
* @param ServerRequestInterface $serverRequest
*/
protected function authUser(Request $request, ServerRequestInterface $serverRequest)
{
$userVerifier = app()->make(Oauth2Server::class)->getOptions()['user_verifier'];
/** @var \RTLer\Oauth2\Authorize\UserVerifierInterface $userVerifierObj */
$userVerifierObj = new $userVerifier();
$user = $userVerifierObj->getUserByIdentifier($serverRequest->getAttribute('oauth_user_id'));
Auth::setUser($user);
$request->setUserResolver(function () use($user) {
return $user;
});
}
public function login($credentials, $remember)
{
Session::forget('profile');
if (Auth::attempt($credentials, $remember)) {
$user = Auth::user();
$realm = $this->organizationsOfUser($user)[0];
//Auth::user should contain all information about a user
//so refill it
$auth_user = $this->getProfile($user->id(), $realm->id());
$profile_vars = ['userId' => $user->id(), 'realmId' => $realm->id()];
Session::put('profile_vars', $profile_vars);
Auth::setUser($auth_user);
return true;
}
return false;
}
/**
* Handle a registration request for the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function postRegister(Request $request)
{
$validator = $this->validator($request->all());
if ($validator->fails()) {
$this->throwValidationException($request, $validator);
}
$user = $this->create($request->all());
$previous_session = $user->session_id;
if ($previous_session) {
\Session::getHandler()->destroy($previous_session);
Auth::setUser($user);
Auth::logout();
}
Auth::login($user, $request->has('remember'));
$user->session_id = \Session::getId();
$user->save();
return redirect($this->redirectPath());
}
/**
* Send the response after the user was authenticated.
*
* @param \Illuminate\Http\Request $request
* @param bool $throttles
* @return \Illuminate\Http\Response
*/
protected function handleUserWasAuthenticated(Request $request, $throttles)
{
if ($throttles) {
$this->clearLoginAttempts($request);
}
// if (method_exists($this, 'authenticated')) {
// return $this->authenticated($request, Auth::user());
// }
$user = Auth::getLastAttempted();
$previous_session = $user->session_id;
if ($previous_session) {
\Session::getHandler()->destroy($previous_session);
Auth::setUser($user);
Auth::logout();
}
Auth::login($user, $request->has('remember'));
$user->session_id = \Session::getId();
$user->save();
return redirect()->intended($this->redirectPath());
}
public function postUpdateProfile(Request $request)
{
$user_id = Auth::user()->id;
$input = $request->all();
$validator = Validator::make($input, ["name" => "required", "email" => "required|email|unique:users,email," . $user_id, 'password' => "required|confirmed"]);
if ($validator->passes()) {
// Update Profile
$user = User::find($user_id);
if ($user) {
$user->name = $input['name'];
$user->email = $input['email'];
$user->password = bcrypt($input['password']);
$user->save();
Auth::setUser(Auth::user()->first());
return redirect()->back()->with("status", "Profile updated successfully");
} else {
return redirect()->back();
}
} else {
return redirect()->back()->withErrors($validator)->withInput();
}
}
public function login(Request $request)
{
$this->validate($request, [$this->loginUsername() => 'required', 'password' => 'required']);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
$throttles = $this->isUsingThrottlesLoginsTrait();
if ($throttles && $this->hasTooManyLoginAttempts($request)) {
return $this->sendLockoutResponse($request);
}
$credentials = $this->getCredentials($request);
// if (Auth::attempt($credentials, $request->has('remember'))) {
// $this->swapUserSession(Auth::user());
// return $this->handleUserWasAuthenticated($request, $throttles);
// }
if (Auth::validate($credentials)) {
$user = Auth::getLastAttempted();
$previous_session = $user->last_session_id;
if ($previous_session) {
\Session::getHandler()->destroy($previous_session);
Auth::setUser($user);
Auth::logout();
}
Auth::login($user, $request->has('remember'));
$user->last_session_id = \Session::getId();
$user->save();
return redirect()->intended($this->redirectPath());
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
if ($throttles) {
$this->incrementLoginAttempts($request);
}
return redirect()->back()->withInput($request->only($this->loginUsername(), 'remember'))->withErrors([$this->loginUsername() => $this->getFailedLoginMessage()]);
}
public function callHTTPRoute($method, $uri_or_url_extension, $parameters = [], $expected_response_code = 200, $cookies = [], $files = [], $server = [], $content = null)
{
if (substr($uri_or_url_extension, 0, 1) == '/' or substr($uri_or_url_extension, 0, 7) == 'http://') {
$uri = $uri_or_url_extension;
} else {
$uri = $this->extendURL($this->url_base, $uri_or_url_extension);
}
if ($this->user) {
Auth::setUser($this->user);
}
$request = $this->createRequest($method, $uri, $parameters, $cookies, $files, $server, $content);
$response = $this->runRequest($request);
$errors = [];
$error_bag = Session::get('errors');
if ($error_bag) {
$errors = $error_bag->all();
}
PHPUnit::assertEquals($expected_response_code, $response->getStatusCode(), "Errors were: " . json_encode($errors, 192) . "\nResponse was: " . $response->getContent());
return $response->getContent();
}
Route::get('{template}', array(function ($template) {
$template = str_replace(".html", "", $template);
View::addExtension('html', 'php');
return View::make('templates.' . $template);
}));
});
Route::filter('api.csrf', function ($route, $request) {
if (Request::isMethod('post')) {
if (!((Input::has('_token') and Session::token() == Input::get('_token')) || ($request->header('X-Csrf-Token') != "" and Session::token() == $request->header('X-Csrf-Token')))) {
// return Response::json('CSRF does not match', 400);
}
}
});
Event::listen('auth.token.valid', function ($user) {
//Token is valid, set the user on auth system.
Auth::setUser($user);
});
Route::filter('auth.Ui', function () {
if (Request::header('x-auth-token') != "") {
return;
}
if (Auth::guest()) {
return Redirect::guest('/login');
}
if (Auth::check()) {
if (!Auth::User()) {
return Redirect::to('/dashboard');
}
} else {
return Redirect::guest('/login');
}
/**
* Fausse fonction de connexion de l'utilisateur
* Il n'es pas possible d'utiliser les fonctions par défaut de Lumen car l'utilisateur n'a pas de mot de passe
* On considère que si Facebook renvoit des informations, alors il est correctement identifié .
* On fait confiance à Facebook qui s'est occupé de cette partie et on connectre notre utilisateur
*
* @param $user
* @return mixed
*/
protected function login(User $user)
{
// L'utilisateur est ajouté à la session courante
Session::put(Auth::getName(), $user->id);
// On set l'utilisateur courant dans l'application
Auth::setUser($user);
// Renvoie true si l'utilisateur est bien connecté
return Auth::check();
}
