/** * @api {post} /sessions Start a Session (Login) * @apiGroup User Sessions * @apiDescription Validates login credentials and returns a new session if valid. * @apiParam {string} username Username to login as. * @apiParam {string} password The user's password. * * @param PasswordHasher $passwordHasher * * @throws HttpException * @return \Response */ public function store(PasswordHasher $passwordHasher) { $this->validate($this->request, ['username' => 'required', 'password' => 'required']); $username = $this->request->input('username'); $password = $this->request->input('password'); /** @var User $user */ $user = User::whereUsername($username)->first(); if (!$user) { throw new InputException(404, ['username' => ["Couldn't find a user with that username."]]); } if ($passwordHasher->verify($password, $user, 'password')) { $this->auth->setUser($user); // Start a new session $session = new UserSession(['userId' => $user->userId, 'ip' => $this->request->getClientIp()]); $sessionKey = $session->generateKey($passwordHasher); $session->save(); return $this->response(['session' => $session, 'sessionKey' => $sessionKey, 'success' => true]); } else { throw new InputException(401, ['password' => ["That password is not correct."]]); } }