gbanyan
42099759e8
Features: - Support login via phone number or email (LoginRequest) - Add members:import-roster command for Excel roster import - Merge survey emails with roster data Code Quality (Phase 1-4): - Add database locking for balance calculation - Add self-approval checks for finance workflow - Create service layer (FinanceDocumentApprovalService, PaymentVerificationService) - Add HasAccountingEntries and HasApprovalWorkflow traits - Create FormRequest classes for validation - Add status-badge component - Define authorization gates in AuthServiceProvider - Add accounting config file Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
131 lines
3.5 KiB
PHP
131 lines
3.5 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Requests\Auth;
|
|
|
|
use App\Models\User;
|
|
use Illuminate\Auth\Events\Lockout;
|
|
use Illuminate\Foundation\Http\FormRequest;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Support\Facades\RateLimiter;
|
|
use Illuminate\Support\Str;
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
class LoginRequest extends FormRequest
|
|
{
|
|
/**
|
|
* Determine if the user is authorized to make this request.
|
|
*/
|
|
public function authorize(): bool
|
|
{
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Get the validation rules that apply to the request.
|
|
*
|
|
* @return array<string, \Illuminate\Contracts\Validation\Rule|array|string>
|
|
*/
|
|
public function rules(): array
|
|
{
|
|
return [
|
|
// Accept email or phone number
|
|
'email' => ['required', 'string'],
|
|
'password' => ['required', 'string'],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Attempt to authenticate the request's credentials.
|
|
* Supports login via email or phone number.
|
|
*
|
|
* @throws \Illuminate\Validation\ValidationException
|
|
*/
|
|
public function authenticate(): void
|
|
{
|
|
$this->ensureIsNotRateLimited();
|
|
|
|
$loginInput = $this->input('email');
|
|
$password = $this->input('password');
|
|
$remember = $this->boolean('remember');
|
|
|
|
// Determine if input is email or phone
|
|
$credentials = $this->resolveCredentials($loginInput, $password);
|
|
|
|
if (! Auth::attempt($credentials, $remember)) {
|
|
RateLimiter::hit($this->throttleKey());
|
|
|
|
throw ValidationException::withMessages([
|
|
'email' => trans('auth.failed'),
|
|
]);
|
|
}
|
|
|
|
RateLimiter::clear($this->throttleKey());
|
|
}
|
|
|
|
/**
|
|
* Resolve login credentials based on input type (email or phone).
|
|
*/
|
|
protected function resolveCredentials(string $loginInput, string $password): array
|
|
{
|
|
// Check if input looks like an email
|
|
if (filter_var($loginInput, FILTER_VALIDATE_EMAIL)) {
|
|
return [
|
|
'email' => $loginInput,
|
|
'password' => $password,
|
|
];
|
|
}
|
|
|
|
// Normalize phone number (remove dashes, spaces)
|
|
$phone = preg_replace('/[^0-9]/', '', $loginInput);
|
|
|
|
// Try to find user by phone number in member record
|
|
$user = User::whereHas('member', function ($query) use ($phone) {
|
|
$query->where('phone', 'like', "%{$phone}%");
|
|
})->first();
|
|
|
|
if ($user) {
|
|
return [
|
|
'email' => $user->email,
|
|
'password' => $password,
|
|
];
|
|
}
|
|
|
|
// Fallback: treat as email (will fail auth but proper error message)
|
|
return [
|
|
'email' => $loginInput,
|
|
'password' => $password,
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Ensure the login request is not rate limited.
|
|
*
|
|
* @throws \Illuminate\Validation\ValidationException
|
|
*/
|
|
public function ensureIsNotRateLimited(): void
|
|
{
|
|
if (! RateLimiter::tooManyAttempts($this->throttleKey(), 5)) {
|
|
return;
|
|
}
|
|
|
|
event(new Lockout($this));
|
|
|
|
$seconds = RateLimiter::availableIn($this->throttleKey());
|
|
|
|
throw ValidationException::withMessages([
|
|
'email' => trans('auth.throttle', [
|
|
'seconds' => $seconds,
|
|
'minutes' => ceil($seconds / 60),
|
|
]),
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Get the rate limiting throttle key for the request.
|
|
*/
|
|
public function throttleKey(): string
|
|
{
|
|
return Str::transliterate(Str::lower($this->string('email')).'|'.$this->ip());
|
|
}
|
|
}
|