1 | <?php |
||
2 | /** |
||
3 | * LoginController.php |
||
4 | * Copyright (c) 2017 [email protected] |
||
5 | * |
||
6 | * This file is part of Firefly III. |
||
7 | * |
||
8 | * Firefly III is free software: you can redistribute it and/or modify |
||
9 | * it under the terms of the GNU General Public License as published by |
||
10 | * the Free Software Foundation, either version 3 of the License, or |
||
11 | * (at your option) any later version. |
||
12 | * |
||
13 | * Firefly III is distributed in the hope that it will be useful, |
||
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | * GNU General Public License for more details. |
||
17 | * |
||
18 | * You should have received a copy of the GNU General Public License |
||
19 | * along with Firefly III. If not, see <http://www.gnu.org/licenses/>. |
||
20 | */ |
||
21 | /** @noinspection PhpDynamicAsStaticMethodCallInspection */ |
||
22 | declare(strict_types=1); |
||
23 | |||
24 | namespace FireflyIII\Http\Controllers\Auth; |
||
25 | |||
26 | use DB; |
||
27 | use FireflyConfig; |
||
28 | use FireflyIII\Http\Controllers\Controller; |
||
29 | use FireflyIII\User; |
||
30 | use Illuminate\Cookie\CookieJar; |
||
31 | use Illuminate\Foundation\Auth\AuthenticatesUsers; |
||
32 | use Illuminate\Http\Request; |
||
33 | |||
34 | /** |
||
35 | * Class LoginController |
||
36 | * |
||
37 | * This controller handles authenticating users for the application and |
||
38 | * redirecting them to your home screen. The controller uses a trait |
||
39 | * to conveniently provide its functionality to your applications. |
||
40 | * |
||
41 | * @codeCoverageIgnore |
||
42 | */ |
||
43 | class LoginController extends Controller |
||
44 | { |
||
45 | use AuthenticatesUsers; |
||
46 | |||
47 | /** |
||
48 | * Where to redirect users after login. |
||
49 | * |
||
50 | * @var string |
||
51 | */ |
||
52 | protected $redirectTo = '/home'; |
||
53 | |||
54 | /** |
||
55 | * Create a new controller instance. |
||
56 | */ |
||
57 | public function __construct() |
||
58 | { |
||
59 | parent::__construct(); |
||
60 | $this->middleware('guest')->except('logout'); |
||
61 | } |
||
62 | |||
63 | /** |
||
64 | * Log in a user. |
||
65 | * |
||
66 | * @param Request $request |
||
67 | * |
||
68 | * @return \Illuminate\Http\Response|\Symfony\Component\HttpFoundation\Response|void |
||
69 | * @throws \Illuminate\Validation\ValidationException |
||
70 | */ |
||
71 | public function login(Request $request) |
||
72 | { |
||
73 | $this->validateLogin($request); |
||
74 | |||
75 | // If the class is using the ThrottlesLogins trait, we can automatically throttle |
||
76 | // the login attempts for this application. We'll key this by the username and |
||
77 | // the IP address of the client making these requests into this application. |
||
78 | if ($this->hasTooManyLoginAttempts($request)) { |
||
79 | $this->fireLockoutEvent($request); |
||
80 | |||
81 | /** @noinspection PhpInconsistentReturnPointsInspection */ |
||
82 | /** @noinspection PhpVoidFunctionResultUsedInspection */ |
||
83 | return $this->sendLockoutResponse($request); |
||
84 | } |
||
85 | |||
86 | if ($this->attemptLogin($request)) { |
||
87 | // user is logged in. Save in session if the user requested session to be remembered: |
||
88 | $request->session()->put('remember_login', $request->filled('remember')); |
||
89 | |||
90 | /** @noinspection PhpInconsistentReturnPointsInspection */ |
||
91 | /** @noinspection PhpVoidFunctionResultUsedInspection */ |
||
92 | return $this->sendLoginResponse($request); |
||
93 | } |
||
94 | |||
95 | // If the login attempt was unsuccessful we will increment the number of attempts |
||
96 | // to login and redirect the user back to the login form. Of course, when this |
||
97 | // user surpasses their maximum number of attempts they will get locked out. |
||
98 | $this->incrementLoginAttempts($request); |
||
99 | |||
100 | /** @noinspection PhpInconsistentReturnPointsInspection */ |
||
101 | /** @noinspection PhpVoidFunctionResultUsedInspection */ |
||
102 | return $this->sendFailedLoginResponse($request); |
||
103 | } |
||
104 | |||
105 | /** |
||
106 | * Log the user out of the application. |
||
107 | * |
||
108 | * @param Request $request |
||
109 | * @param CookieJar $cookieJar |
||
110 | * |
||
111 | * @return $this|\Illuminate\Http\RedirectResponse |
||
112 | */ |
||
113 | public function logout(Request $request, CookieJar $cookieJar) |
||
114 | { |
||
115 | $this->guard()->logout(); |
||
116 | |||
117 | $request->session()->invalidate(); |
||
118 | $cookie = $cookieJar->forget('twoFactorAuthenticated'); |
||
119 | |||
120 | return redirect('/')->withCookie($cookie); |
||
121 | } |
||
122 | |||
123 | /** |
||
124 | * Show the application's login form. |
||
125 | * |
||
126 | * @param Request $request |
||
127 | * |
||
128 | * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View |
||
129 | */ |
||
130 | public function showLoginForm(Request $request) |
||
131 | { |
||
132 | $count = DB::table('users')->count(); |
||
133 | $loginProvider = config('firefly.login_provider'); |
||
134 | $pageTitle = (string)trans('firefly.login_page_title'); |
||
135 | if (0 === $count && 'eloquent' === $loginProvider) { |
||
136 | return redirect(route('register')); // @codeCoverageIgnore |
||
137 | } |
||
138 | |||
139 | // forget 2fa session thing. |
||
140 | $request->session()->forget('twoFactorAuthenticated'); |
||
141 | |||
142 | // is allowed to? |
||
143 | $singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data; |
||
0 ignored issues
–
show
Bug
Best Practice
introduced
by
Loading history...
|
|||
144 | $userCount = User::count(); |
||
145 | $allowRegistration = true; |
||
146 | $allowReset = true; |
||
147 | if (true === $singleUserMode && $userCount > 0) { |
||
148 | $allowRegistration = false; |
||
149 | } |
||
150 | |||
151 | // single user mode is ignored when the user is not using eloquent: |
||
152 | if ('eloquent' !== $loginProvider) { |
||
153 | $allowRegistration = false; |
||
154 | $allowReset = false; |
||
155 | } |
||
156 | |||
157 | $email = $request->old('email'); |
||
158 | $remember = $request->old('remember'); |
||
159 | |||
160 | return view('auth.login', compact('allowRegistration', 'email', 'remember', 'allowReset', 'pageTitle')); |
||
161 | } |
||
162 | } |
||
163 |