From 6d5ada252202bfb29eba884cf9567e969d798607 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Tue, 9 Jul 2019 22:02:07 +0200
Subject: Added validation to AuthController

---
 src/Controllers/AuthController.php | 62 ++++++++++++++++++--------------------
 1 file changed, 29 insertions(+), 33 deletions(-)

(limited to 'src')

diff --git a/src/Controllers/AuthController.php b/src/Controllers/AuthController.php
index e5fc40e3..a8cc1ace 100644
--- a/src/Controllers/AuthController.php
+++ b/src/Controllers/AuthController.php
@@ -8,6 +8,8 @@ use Engelsystem\Http\Request;
 use Engelsystem\Http\Response;
 use Engelsystem\Http\UrlGeneratorInterface;
 use Engelsystem\Models\User\User;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Collection;
 use Symfony\Component\HttpFoundation\Session\SessionInterface;
 
 class AuthController extends BaseController
@@ -53,7 +55,22 @@ class AuthController extends BaseController
      */
     public function login()
     {
-        return $this->response->withView('pages/login');
+        return $this->showLogin();
+    }
+
+    /**
+     * @param bool $showRecovery
+     * @return Response
+     */
+    protected function showLogin($showRecovery = false)
+    {
+        $errors = Collection::make(Arr::flatten($this->session->get('errors', [])));
+        $this->session->remove('errors');
+
+        return $this->response->withView(
+            'pages/login',
+            ['errors' => $errors, 'show_password_recovery' => $showRecovery]
+        );
     }
 
     /**
@@ -64,15 +81,18 @@ class AuthController extends BaseController
      */
     public function postLogin(Request $request): Response
     {
-        $return = $this->authenticateUser($request->get('login', ''), $request->get('password', ''));
-        if (!$return instanceof User) {
-            return $this->response->withView(
-                'pages/login',
-                ['errors' => [$return], 'show_password_recovery' => true]
-            );
-        }
+        $data = $this->validate($request, [
+            'login'    => 'required',
+            'password' => 'required',
+        ]);
+
+        $user = $this->auth->authenticate($data['login'], $data['password']);
 
-        $user = $return;
+        if (!$user instanceof User) {
+            $this->session->set('errors', $this->session->get('errors', []) + ['auth.not-found']);
+
+            return $this->showLogin(true);
+        }
 
         $this->session->invalidate();
         $this->session->set('user_id', $user->id);
@@ -93,28 +113,4 @@ class AuthController extends BaseController
 
         return $this->response->redirectTo($this->url->to('/'));
     }
-
-    /**
-     * Verify the user and password
-     *
-     * @param $login
-     * @param $password
-     * @return User|string
-     */
-    protected function authenticateUser(string $login, string $password)
-    {
-        if (!$login) {
-            return 'auth.no-nickname';
-        }
-
-        if (!$password) {
-            return 'auth.no-password';
-        }
-
-        if (!$user = $this->auth->authenticate($login, $password)) {
-            return 'auth.not-found';
-        }
-
-        return $user;
-    }
 }
-- 
cgit v1.2.3-54-g00ecf