Logout in-active users and dont respond to resets or logins
This commit is contained in:
Deon George
parent
e45f366b76
commit
68dc704ca0
@ -4,6 +4,8 @@ namespace App\Http\Controllers\Auth;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Password;
|
||||
|
||||
class ForgotPasswordController extends Controller
|
||||
{
|
||||
@ -19,4 +21,24 @@ class ForgotPasswordController extends Controller
|
||||
*/
|
||||
|
||||
use SendsPasswordResetEmails;
|
||||
|
||||
public function sendResetLinkEmail(Request $request)
|
||||
{
|
||||
$this->validateEmail($request);
|
||||
|
||||
// If the account is not active, or doesnt exist, we'll send a fake "sent" message.
|
||||
if (! ($x=$this->broker()->getUser($this->credentials($request))) || (! $x->active))
|
||||
return $this->sendResetLinkResponse($request, Password::RESET_LINK_SENT);
|
||||
|
||||
// We will send the password reset link to this user. Once we have attempted
|
||||
// to send the link, we will examine the response then see the message we
|
||||
// need to show to the user. Finally, we'll send out a proper response.
|
||||
$response = $this->broker()->sendResetLink(
|
||||
$this->credentials($request)
|
||||
);
|
||||
|
||||
return $response == Password::RESET_LINK_SENT
|
||||
? $this->sendResetLinkResponse($request, $response)
|
||||
: $this->sendResetLinkFailedResponse($request, $response);
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,7 +4,10 @@ namespace App\Http\Controllers\Auth;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Providers\RouteServiceProvider;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Foundation\Auth\AuthenticatesUsers;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class LoginController extends Controller
|
||||
{
|
||||
@ -38,6 +41,25 @@ class LoginController extends Controller
|
||||
$this->middleware('guest')->except('logout');
|
||||
}
|
||||
|
||||
public function login(Request $request)
|
||||
{
|
||||
$this->validateLogin($request);
|
||||
|
||||
if (Auth::attempt(array_merge($this->credentials($request),['active'=>TRUE]))) {
|
||||
$request->session()->regenerate();
|
||||
|
||||
return $this->sendLoginResponse($request);
|
||||
}
|
||||
|
||||
return $this->sendFailedLoginResponse($request);
|
||||
}
|
||||
|
||||
protected function authenticated(Request $request, $user)
|
||||
{
|
||||
$user->last_on = Carbon::now();
|
||||
$user->save();
|
||||
}
|
||||
|
||||
/**
|
||||
* Show our themed login page
|
||||
*/
|
||||
|
||||
@ -51,6 +51,7 @@ class Kernel extends HttpKernel
|
||||
* @var array
|
||||
*/
|
||||
protected $routeMiddleware = [
|
||||
'activeuser' => \App\Http\Middleware\ActiveUser::class,
|
||||
'auth' => \App\Http\Middleware\Authenticate::class,
|
||||
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
|
||||
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
|
||||
|
||||
27
app/Http/Middleware/ActiveUser.php
Normal file
27
app/Http/Middleware/ActiveUser.php
Normal file
@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class ActiveUser
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
if (Auth::user()->exists && ! Auth::user()->active) {
|
||||
Auth::logout();
|
||||
abort(403,'Your account is not active');
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
@ -40,4 +40,6 @@ class User extends Authenticatable implements MustVerifyEmail
|
||||
protected $casts = [
|
||||
'email_verified_at' => 'datetime',
|
||||
];
|
||||
|
||||
protected $dates = ['last_on'];
|
||||
}
|
||||
|
||||
@ -87,7 +87,7 @@
|
||||
|
||||
<div class="row">
|
||||
<div class="col-12">
|
||||
<a href="{{ url('ftn/system') }}" class="btn btn-danger">Cancel</a>
|
||||
<a href="{{ url('user/list') }}" class="btn btn-danger">Cancel</a>
|
||||
@can('admin',$o)
|
||||
<button type="submit" name="submit" class="btn btn-success mr-0 float-end">@if ($o->exists)Save @else Add @endif</button>
|
||||
@endcan
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
|
||||
@section('content')
|
||||
<div class="row">
|
||||
<div class="col-8">
|
||||
<div class="col-9">
|
||||
<p>Current Users:</p>
|
||||
<table class="table monotable">
|
||||
<thead>
|
||||
@ -13,6 +13,7 @@
|
||||
<th>ID</th>
|
||||
<th>Email</th>
|
||||
<th>Name</th>
|
||||
<th>Active</th>
|
||||
<th>Verified</th>
|
||||
<th>Last On</th>
|
||||
</tr>
|
||||
@ -21,7 +22,7 @@
|
||||
<tbody>
|
||||
@can('admin',(new \App\Models\User))
|
||||
<tr>
|
||||
<td colspan="5"><a href="{{ url('user/addedit') }}">Add New User</a></td>
|
||||
<td colspan="6"><a href="{{ url('user/addedit') }}">Add New User</a></td>
|
||||
</tr>
|
||||
@endcan
|
||||
@foreach (\App\Models\User::orderBy('email')->cursor() as $oo)
|
||||
@ -29,8 +30,9 @@
|
||||
<td><a href="{{ url('user/addedit',[$oo->id]) }}">{{ $oo->id }}</a></td>
|
||||
<td>{{ $oo->email }}</td>
|
||||
<td>{{ $oo->name }}</td>
|
||||
<td>{{ $oo->active ? 'YES' : 'NO' }}</td>
|
||||
<td>{{ $oo->email_verified_at ? $oo->email_verified_at->format('Y-m-d') : '-' }}</td>
|
||||
<td>{{-- $oo->last_on --}}TBA</td>
|
||||
<td>{{ $oo->last_on ? $oo->last_on->toDateTimeString() : 'Unknown' }}</td>
|
||||
</tr>
|
||||
@endforeach
|
||||
</tbody>
|
||||
|
||||
@ -30,7 +30,7 @@ Route::get('logout',[LoginController::class,'logout']);
|
||||
Route::redirect('/','about');
|
||||
Route::view('about','about');
|
||||
|
||||
Route::middleware(['verified'])->group(function () {
|
||||
Route::middleware(['verified','activeuser'])->group(function () {
|
||||
Route::get('ftn/domain',[DomainController::class,'home']);
|
||||
Route::match(['get','post'],'ftn/domain/addedit/{o?}',[DomainController::class,'add_edit'])
|
||||
->where('o','[0-9]+');
|
||||
|
||||
Loading…
Reference in New Issue
Block a user