Logout in-active users and dont respond to resets or logins

This commit is contained in:
Deon George 2021-06-19 10:41:56 +10:00
parent e45f366b76
commit 68dc704ca0
8 changed files with 81 additions and 5 deletions

View File

@ -4,6 +4,8 @@ namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails; use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;
class ForgotPasswordController extends Controller class ForgotPasswordController extends Controller
{ {
@ -19,4 +21,24 @@ class ForgotPasswordController extends Controller
*/ */
use SendsPasswordResetEmails; use SendsPasswordResetEmails;
public function sendResetLinkEmail(Request $request)
{
$this->validateEmail($request);
// If the account is not active, or doesnt exist, we'll send a fake "sent" message.
if (! ($x=$this->broker()->getUser($this->credentials($request))) || (! $x->active))
return $this->sendResetLinkResponse($request, Password::RESET_LINK_SENT);
// We will send the password reset link to this user. Once we have attempted
// to send the link, we will examine the response then see the message we
// need to show to the user. Finally, we'll send out a proper response.
$response = $this->broker()->sendResetLink(
$this->credentials($request)
);
return $response == Password::RESET_LINK_SENT
? $this->sendResetLinkResponse($request, $response)
: $this->sendResetLinkFailedResponse($request, $response);
}
} }

View File

@ -4,7 +4,10 @@ namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider; use App\Providers\RouteServiceProvider;
use Carbon\Carbon;
use Illuminate\Foundation\Auth\AuthenticatesUsers; use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class LoginController extends Controller class LoginController extends Controller
{ {
@ -38,6 +41,25 @@ class LoginController extends Controller
$this->middleware('guest')->except('logout'); $this->middleware('guest')->except('logout');
} }
public function login(Request $request)
{
$this->validateLogin($request);
if (Auth::attempt(array_merge($this->credentials($request),['active'=>TRUE]))) {
$request->session()->regenerate();
return $this->sendLoginResponse($request);
}
return $this->sendFailedLoginResponse($request);
}
protected function authenticated(Request $request, $user)
{
$user->last_on = Carbon::now();
$user->save();
}
/** /**
* Show our themed login page * Show our themed login page
*/ */

View File

@ -51,6 +51,7 @@ class Kernel extends HttpKernel
* @var array * @var array
*/ */
protected $routeMiddleware = [ protected $routeMiddleware = [
'activeuser' => \App\Http\Middleware\ActiveUser::class,
'auth' => \App\Http\Middleware\Authenticate::class, 'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,

View File

@ -0,0 +1,27 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class ActiveUser
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
if (Auth::user()->exists && ! Auth::user()->active) {
Auth::logout();
abort(403,'Your account is not active');
}
return $next($request);
}
}

View File

@ -40,4 +40,6 @@ class User extends Authenticatable implements MustVerifyEmail
protected $casts = [ protected $casts = [
'email_verified_at' => 'datetime', 'email_verified_at' => 'datetime',
]; ];
protected $dates = ['last_on'];
} }

View File

@ -87,7 +87,7 @@
<div class="row"> <div class="row">
<div class="col-12"> <div class="col-12">
<a href="{{ url('ftn/system') }}" class="btn btn-danger">Cancel</a> <a href="{{ url('user/list') }}" class="btn btn-danger">Cancel</a>
@can('admin',$o) @can('admin',$o)
<button type="submit" name="submit" class="btn btn-success mr-0 float-end">@if ($o->exists)Save @else Add @endif</button> <button type="submit" name="submit" class="btn btn-success mr-0 float-end">@if ($o->exists)Save @else Add @endif</button>
@endcan @endcan

View File

@ -5,7 +5,7 @@
@section('content') @section('content')
<div class="row"> <div class="row">
<div class="col-8"> <div class="col-9">
<p>Current Users:</p> <p>Current Users:</p>
<table class="table monotable"> <table class="table monotable">
<thead> <thead>
@ -13,6 +13,7 @@
<th>ID</th> <th>ID</th>
<th>Email</th> <th>Email</th>
<th>Name</th> <th>Name</th>
<th>Active</th>
<th>Verified</th> <th>Verified</th>
<th>Last On</th> <th>Last On</th>
</tr> </tr>
@ -21,7 +22,7 @@
<tbody> <tbody>
@can('admin',(new \App\Models\User)) @can('admin',(new \App\Models\User))
<tr> <tr>
<td colspan="5"><a href="{{ url('user/addedit') }}">Add New User</a></td> <td colspan="6"><a href="{{ url('user/addedit') }}">Add New User</a></td>
</tr> </tr>
@endcan @endcan
@foreach (\App\Models\User::orderBy('email')->cursor() as $oo) @foreach (\App\Models\User::orderBy('email')->cursor() as $oo)
@ -29,8 +30,9 @@
<td><a href="{{ url('user/addedit',[$oo->id]) }}">{{ $oo->id }}</a></td> <td><a href="{{ url('user/addedit',[$oo->id]) }}">{{ $oo->id }}</a></td>
<td>{{ $oo->email }}</td> <td>{{ $oo->email }}</td>
<td>{{ $oo->name }}</td> <td>{{ $oo->name }}</td>
<td>{{ $oo->active ? 'YES' : 'NO' }}</td>
<td>{{ $oo->email_verified_at ? $oo->email_verified_at->format('Y-m-d') : '-' }}</td> <td>{{ $oo->email_verified_at ? $oo->email_verified_at->format('Y-m-d') : '-' }}</td>
<td>{{-- $oo->last_on --}}TBA</td> <td>{{ $oo->last_on ? $oo->last_on->toDateTimeString() : 'Unknown' }}</td>
</tr> </tr>
@endforeach @endforeach
</tbody> </tbody>

View File

@ -30,7 +30,7 @@ Route::get('logout',[LoginController::class,'logout']);
Route::redirect('/','about'); Route::redirect('/','about');
Route::view('about','about'); Route::view('about','about');
Route::middleware(['verified'])->group(function () { Route::middleware(['verified','activeuser'])->group(function () {
Route::get('ftn/domain',[DomainController::class,'home']); Route::get('ftn/domain',[DomainController::class,'home']);
Route::match(['get','post'],'ftn/domain/addedit/{o?}',[DomainController::class,'add_edit']) Route::match(['get','post'],'ftn/domain/addedit/{o?}',[DomainController::class,'add_edit'])
->where('o','[0-9]+'); ->where('o','[0-9]+');