/**
* Authorize the user
*
* @param ResponseFactory $response
* @return array|\Illuminate\Http\Response
*/
public function authorize(ResponseFactory $response)
{
$credentials = array_merge($this->request->only(['username', 'password']), ['status' => 'active']);
if (!$this->auth->once($credentials)) {
return $response->make('Invalid credentials', 401);
}
/*
if (!$this->isAuthorized($userRoles)) {
return $response->make('Unauthorized user', 401);
}*/
return ['token' => $this->getUserToken($this->auth->user())];
}
/**
* Check credentials for oauth password grant
* @param string $username
* @param sting $password
* @return boolean|int
*/
public function verify($username, $password)
{
$credentials = compact('password');
if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
$credentials['email'] = $username;
} else {
$credentials['username'] = $username;
}
$credentials['active'] = 1;
if ($this->auth->once($credentials)) {
return $this->auth->id();
}
return false;
}
/**
* Perform login attempt
* @param AuthRequestInterface $request
* @param Guard $auth
* @return Illuminate\Http\Response
*/
public function postLogin(AuthRequestInterface $request, Guard $auth)
{
if (($throttles = $this->throttlesLogins()) && $this->hasTooManyLoginAttempts($request)) {
return $this->sendLockoutResponse($request);
}
$credentials = $request->only('password');
$username = $request->get('username');
if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
$credentials['email'] = $username;
} else {
$credentials['username'] = $username;
}
if ($auth->once($credentials)) {
$user = $auth->user();
if ($throttles) {
$this->clearLoginAttempts($request);
}
if (!$user->active) {
return $this->handleUserIsNotActive($request, $user);
}
$this->authenticateUser($auth, $user);
return $this->handleUserWasAuthenticated($request, $user);
}
if ($throttles) {
$this->incrementLoginAttempts($request);
}
return $this->handleUserWasNotAuthenticated($request);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
* @throws \App\Exceptions\InvalidCredentialsException
* @throws \App\Exceptions\NoAuthenticationException
*/
public function handle($request, Closure $next)
{
if (empty($request->header('Authorization'))) {
throw new \App\Exceptions\NoAuthenticationException();
}
$header = $request->headers->get('Authorization');
if (starts_with(strtolower($header), 'bearer')) {
//If token is passed (to refresh)
/** @var User $user */
$user = \JWTAuth::setRequest($request)->parseToken()->authenticate();
\JWTAuth::invalidate();
//invalidate the old token
$this->auth->setUser($user);
} else {
//if credentials are passed
$credentials = ['email' => $request->getUser(), 'password' => $request->getPassword()];
$this->auth->once($credentials);
}
$isAuthenticated = $this->auth->check();
if (!$isAuthenticated) {
throw new \App\Exceptions\InvalidCredentialsException();
}
return $next($request);
}
/**
* Handle a login request to the application.
*
* @param AuthRequest $request
* @return \Illuminate\Http\Response
*/
public function postLogin(AuthRequest $request)
{
$throttles = in_array(ThrottlesLogins::class, class_uses_recursive(get_class($this)));
if ($throttles && $this->hasTooManyLoginAttempts($request)) {
return $this->respondThrottled($request);
}
if (!$this->auth->once($request->only('email', 'password'))) {
if ($throttles) {
$this->incrementLoginAttempts($request);
}
return $this->respondLoginFail($request);
}
$user = $this->auth->getUser();
if (!$user->activated) {
$this->auth->logout();
return $this->respondNotActivated($request, $user->activation_code);
}
$this->auth->loginUsingId($user->id, $request->has('remember'));
if ($throttles) {
$this->clearLoginAttempts($request);
}
event('UserHasLoggedIn', [$this->auth->user()]);
return $this->respondLoginSuccess($request, $user);
}
/**
* Check a user's credentials.
*
* @param array $credentials
*
* @return bool
*/
public function byCredentials(array $credentials)
{
return $this->auth->once($credentials);
}
