/** * Authorize the user * * @param ResponseFactory $response * @return array|\Illuminate\Http\Response */ public function authorize(ResponseFactory $response) { $credentials = array_merge($this->request->only(['username', 'password']), ['status' => 'active']); if (!$this->auth->once($credentials)) { return $response->make('Invalid credentials', 401); } /* if (!$this->isAuthorized($userRoles)) { return $response->make('Unauthorized user', 401); }*/ return ['token' => $this->getUserToken($this->auth->user())]; }
/** * Check credentials for oauth password grant * @param string $username * @param sting $password * @return boolean|int */ public function verify($username, $password) { $credentials = compact('password'); if (filter_var($username, FILTER_VALIDATE_EMAIL)) { $credentials['email'] = $username; } else { $credentials['username'] = $username; } $credentials['active'] = 1; if ($this->auth->once($credentials)) { return $this->auth->id(); } return false; }
/** * Perform login attempt * @param AuthRequestInterface $request * @param Guard $auth * @return Illuminate\Http\Response */ public function postLogin(AuthRequestInterface $request, Guard $auth) { if (($throttles = $this->throttlesLogins()) && $this->hasTooManyLoginAttempts($request)) { return $this->sendLockoutResponse($request); } $credentials = $request->only('password'); $username = $request->get('username'); if (filter_var($username, FILTER_VALIDATE_EMAIL)) { $credentials['email'] = $username; } else { $credentials['username'] = $username; } if ($auth->once($credentials)) { $user = $auth->user(); if ($throttles) { $this->clearLoginAttempts($request); } if (!$user->active) { return $this->handleUserIsNotActive($request, $user); } $this->authenticateUser($auth, $user); return $this->handleUserWasAuthenticated($request, $user); } if ($throttles) { $this->incrementLoginAttempts($request); } return $this->handleUserWasNotAuthenticated($request); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed * @throws \App\Exceptions\InvalidCredentialsException * @throws \App\Exceptions\NoAuthenticationException */ public function handle($request, Closure $next) { if (empty($request->header('Authorization'))) { throw new \App\Exceptions\NoAuthenticationException(); } $header = $request->headers->get('Authorization'); if (starts_with(strtolower($header), 'bearer')) { //If token is passed (to refresh) /** @var User $user */ $user = \JWTAuth::setRequest($request)->parseToken()->authenticate(); \JWTAuth::invalidate(); //invalidate the old token $this->auth->setUser($user); } else { //if credentials are passed $credentials = ['email' => $request->getUser(), 'password' => $request->getPassword()]; $this->auth->once($credentials); } $isAuthenticated = $this->auth->check(); if (!$isAuthenticated) { throw new \App\Exceptions\InvalidCredentialsException(); } return $next($request); }
/** * Handle a login request to the application. * * @param AuthRequest $request * @return \Illuminate\Http\Response */ public function postLogin(AuthRequest $request) { $throttles = in_array(ThrottlesLogins::class, class_uses_recursive(get_class($this))); if ($throttles && $this->hasTooManyLoginAttempts($request)) { return $this->respondThrottled($request); } if (!$this->auth->once($request->only('email', 'password'))) { if ($throttles) { $this->incrementLoginAttempts($request); } return $this->respondLoginFail($request); } $user = $this->auth->getUser(); if (!$user->activated) { $this->auth->logout(); return $this->respondNotActivated($request, $user->activation_code); } $this->auth->loginUsingId($user->id, $request->has('remember')); if ($throttles) { $this->clearLoginAttempts($request); } event('UserHasLoggedIn', [$this->auth->user()]); return $this->respondLoginSuccess($request, $user); }
/** * Check a user's credentials. * * @param array $credentials * * @return bool */ public function byCredentials(array $credentials) { return $this->auth->once($credentials); }