. */ namespace App\Http\Controllers\Account; use App\Http\Controllers\Controller; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Str; use App\Account; use App\AuthToken; class AuthenticateController extends Controller { public static $emailCodeSize = 13; public function login(Request $request) { if (Auth::user()) { return redirect()->route('account.dashboard'); } return view('account.login', [ 'count' => Account::where('activated', true)->count() ]); } public function authenticate(Request $request) { $request->validate([ 'username' => 'required', 'password' => 'required' ]); $account = Account::where('username', $request->get('username')) ->first(); if (!$account) { $account = Account::where('phone', $request->get('username'))->first(); } if (!$account) { return redirect()->back()->withErrors(['authentication' => 'Wrong username or password']); } // Try out the passwords foreach ($account->passwords as $password) { if (hash_equals( $password->password, bchash($account->username, $account->resolvedRealm, $request->get('password'), $password->algorithm) )) { Auth::login($account); return redirect()->route('account.dashboard'); } } return redirect()->back()->withErrors(['authentication' => 'Wrong username or password']); } /** * Deprecated */ public function validateEmail(Request $request, string $code) { $request->merge(['code' => $code]); $request->validate(['code' => 'required|size:' . self::$emailCodeSize]); $account = Account::where('confirmation_key', $code)->first(); if (!$account) { return redirect()->route('account.login'); } $account->confirmation_key = null; $account->activated = true; $account->save(); Auth::login($account); return redirect()->route('account.dashboard'); } public function loginAuthToken(Request $request, ?string $token = null) { $authToken = null; if (!empty($token)) { $authToken = AuthToken::where('token', $token)->valid()->first(); } if ($authToken == null) { $authToken = new AuthToken; $authToken->token = Str::random(32); $authToken->fillRequestInfo($request); $authToken->save(); return redirect()->route('account.authenticate.auth_token', ['token' => $authToken->token]); } // If the $authToken was flashed by an authenticated user if ($authToken->account_id) { Auth::login($authToken->account); $authToken->delete(); return redirect()->route('account.dashboard'); } return view('account.authenticate.auth_token', [ 'authToken' => $authToken ]); } public function logout(Request $request) { Auth::logout(); return redirect()->route('account.login'); } }