summaryrefslogtreecommitdiff
path: root/src/Controllers
diff options
context:
space:
mode:
authorIgor Scheller <igor.scheller@igorshp.de>2019-07-09 22:02:07 +0200
committerIgor Scheller <igor.scheller@igorshp.de>2019-07-09 22:27:34 +0200
commit6d5ada252202bfb29eba884cf9567e969d798607 (patch)
tree41b67592977e1f5a70f643db6628464b420fd86d /src/Controllers
parent7414f9b23dbcc66e5f0efda3d0cbfd79372ec780 (diff)
Added validation to AuthController
Diffstat (limited to 'src/Controllers')
-rw-r--r--src/Controllers/AuthController.php62
1 files changed, 29 insertions, 33 deletions
diff --git a/src/Controllers/AuthController.php b/src/Controllers/AuthController.php
index e5fc40e3..a8cc1ace 100644
--- a/src/Controllers/AuthController.php
+++ b/src/Controllers/AuthController.php
@@ -8,6 +8,8 @@ use Engelsystem\Http\Request;
use Engelsystem\Http\Response;
use Engelsystem\Http\UrlGeneratorInterface;
use Engelsystem\Models\User\User;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Collection;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
class AuthController extends BaseController
@@ -53,7 +55,22 @@ class AuthController extends BaseController
*/
public function login()
{
- return $this->response->withView('pages/login');
+ return $this->showLogin();
+ }
+
+ /**
+ * @param bool $showRecovery
+ * @return Response
+ */
+ protected function showLogin($showRecovery = false)
+ {
+ $errors = Collection::make(Arr::flatten($this->session->get('errors', [])));
+ $this->session->remove('errors');
+
+ return $this->response->withView(
+ 'pages/login',
+ ['errors' => $errors, 'show_password_recovery' => $showRecovery]
+ );
}
/**
@@ -64,15 +81,18 @@ class AuthController extends BaseController
*/
public function postLogin(Request $request): Response
{
- $return = $this->authenticateUser($request->get('login', ''), $request->get('password', ''));
- if (!$return instanceof User) {
- return $this->response->withView(
- 'pages/login',
- ['errors' => [$return], 'show_password_recovery' => true]
- );
- }
+ $data = $this->validate($request, [
+ 'login' => 'required',
+ 'password' => 'required',
+ ]);
+
+ $user = $this->auth->authenticate($data['login'], $data['password']);
- $user = $return;
+ if (!$user instanceof User) {
+ $this->session->set('errors', $this->session->get('errors', []) + ['auth.not-found']);
+
+ return $this->showLogin(true);
+ }
$this->session->invalidate();
$this->session->set('user_id', $user->id);
@@ -93,28 +113,4 @@ class AuthController extends BaseController
return $this->response->redirectTo($this->url->to('/'));
}
-
- /**
- * Verify the user and password
- *
- * @param $login
- * @param $password
- * @return User|string
- */
- protected function authenticateUser(string $login, string $password)
- {
- if (!$login) {
- return 'auth.no-nickname';
- }
-
- if (!$password) {
- return 'auth.no-password';
- }
-
- if (!$user = $this->auth->authenticate($login, $password)) {
- return 'auth.not-found';
- }
-
- return $user;
- }
}