/** * Either returns an existing session for the given user and IP, or creates a new one if one does not exist. * * @param $user * @param $ip * * @return \Illuminate\Database\Eloquent\Model|null|UserSession|static */ public static function getOrCreate($user, $ip) { if ($session = UserSession::where('userId', $user->id)->where('ip', $ip)->first()) { $session->touch(); return $session; } // Create a session $session = new UserSession(['id' => self::generateId(), 'userId' => $user->id, 'ip' => $ip]); $session->save(); return $session; }
/** * Process the login form. * * @param Request $request * * @return $this|RedirectResponse */ public function postIndex(Request $request) { $this->validate($request, ['username' => 'required', 'password' => 'required']); $credentials = $request->only('username', 'password'); $errors = []; $ban = null; /** @var User $user */ $user = User::where('username', $credentials['username'])->first(); if (Auth::validate($credentials)) { if ($ban = $user->getBan()) { $errors['username'] = '******'; } elseif ($user->isAdmin()) { // Create a session to use for API requests $session = UserSession::getOrCreate($user, $request->getClientIp()); Session::put('token', $session->getToken()); Auth::login($user); // Successful login - go to admin panel return new RedirectResponse('/'); } else { $errors['username'] = '******'re not an admin.'; } } if ($user && empty($errors)) { $errors['password'] = '******'; } elseif (!$user) { $errors['username'] = '******'; } return redirect('/login')->withInput($request->only('username', 'remember'))->withErrors($errors); }
/** * @api {post} /sessions Create A Session (Login) * @apiGroup User Sessions * @apiDescription Validates login credentials and returns a new session if valid. * @apiParam {string} username Username to login as. * @apiParam {string} password The user's password. * * @return \Response * @throws BannedUserException */ public function store() { $this->validate($this->request, ['username' => 'required', 'password' => 'required']); $credentials = $this->request->only('username', 'password'); /** @var User $user */ $user = User::where('username', $credentials['username'])->first(); if (!$user) { throw new InputException(404, ['username' => ["Couldn't find a user with that username."]]); } if (Auth::validate($credentials)) { if ($ban = $user->getBan()) { throw new BannedUserException($ban); } $session = UserSession::getOrCreate($user, $this->request->getClientIp()); return $this->response(['sessionToken' => $session->getToken(), 'session' => $session]); } else { throw new InputException(401, ['password' => ["That password is not correct."]]); } }