invoiceninja/app/Http/Controllers/Contact/LoginController.php

<?php
/**
 * Invoice Ninja (https://invoiceninja.com).
 *
 * @link https://github.com/invoiceninja/invoiceninja source repository
 *
 * @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)
 *
 * @license https://www.elastic.co/licensing/elastic-license
 */

namespace App\Http\Controllers\Contact;

use App\Http\Controllers\BaseController;
use App\Http\Controllers\Controller;
use App\Libraries\OAuth\OAuth;
use App\Models\ClientContact;
use App\Models\User;
use App\Transformers\ClientContactLoginTransformer;
use App\Utils\Traits\UserSessionAttributes;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Laravel\Socialite\Facades\Socialite;

class LoginController extends BaseController
{
    /*
    |--------------------------------------------------------------------------
    | Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles authenticating users for the application and
    | redirecting them to your home screen. The controller uses a trait
    | to conveniently provide its functionality to your applications.
    |
    */

    use AuthenticatesUsers;
    use UserSessionAttributes;

    protected $entity_type = ClientContact::class;

    protected $entity_transformer = ClientContactLoginTransformer::class;

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        parent::__construct();
    }

    /**
     * Login via API.
     *
     * @param Request $request The request
     *
     * @return \Illuminate\Http\JsonResponse
     * @throws \Illuminate\Validation\ValidationException
     */
    public function apiLogin(Request $request)
    {
        Auth::shouldUse('contact');

        $this->validateLogin($request);

        if ($this->hasTooManyLoginAttempts($request)) {
            $this->fireLockoutEvent($request);

            return response()->json(['message' => 'Too many login attempts, you are being throttled']);
        }

        if ($this->attemptLogin($request)) {
            return $this->itemResponse($this->guard()->user());
        } else {
            $this->incrementLoginAttempts($request);

            return response()->json(['message' => ctrans('texts.invalid_credentials')]);
        }
    }

    /**
     * Redirect the user to the provider authentication page.
     *
     * @param string $provider
     * @return void
     */
    public function redirectToProvider(string $provider)
    {
        //'https://www.googleapis.com/auth/gmail.send','email','profile','openid'
        $scopes = [];

        if ($provider == 'google') {
            $scopes = ['https://www.googleapis.com/auth/gmail.send', 'email', 'profile', 'openid'];
        }

        if (request()->has('code')) {
            return $this->handleProviderCallback($provider);
        } else {
            return Socialite::driver($provider)->scopes($scopes)->redirect();
        }
    }

    public function redirectToProviderAndCreate(string $provider)
    {
        $redirect_url = config('services.'.$provider.'.redirect').'/create';

        if (request()->has('code')) {
            return $this->handleProviderCallbackAndCreate($provider);
        } else {
            return Socialite::driver($provider)->redirectUrl($redirect_url)->redirect();
        }
    }

    /**
     * A client side authentication has taken place.
     * We now digest the token and confirm authentication with
     * the authentication server, the correct user object
     * is returned to us here and we send back the correct
     * user object payload - or error.
     *
     * This can be extended to a create route also - need to pass a ?create query parameter and
     * then process the signup
     *
     * return   User $user
     */
    public function oauthApiLogin()
    {
        $user = false;

        $oauth = new OAuth();

        $user = $oauth->getProvider(request()->input('provider'))->getTokenResponse(request()->input('token'));

        if ($user) {
            return $this->itemResponse($user);
        } else {
            return $this->errorResponse(['message' => 'Invalid credentials'], 401);
        }
    }
}
Working on client login routes 2019-07-08 02:08:57 +02:00			`<?php`
			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Invoice Ninja (https://invoiceninja.com).`
Working on client login routes 2019-07-08 02:08:57 +02:00			`*`
			`* @link https://github.com/invoiceninja/invoiceninja source repository`
			`*`
Update copyright year 2023-01-28 23:21:40 +01:00			`* @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)`
Working on client login routes 2019-07-08 02:08:57 +02:00			`*`
Update license in codebase 2021-06-16 08:58:16 +02:00			`* @license https://www.elastic.co/licensing/elastic-license`
Working on client login routes 2019-07-08 02:08:57 +02:00			`*/`

			`namespace App\Http\Controllers\Contact;`

			`use App\Http\Controllers\BaseController;`
			`use App\Http\Controllers\Controller;`
			`use App\Libraries\OAuth\OAuth;`
			`use App\Models\ClientContact;`
			`use App\Models\User;`
Create specific transformer for client login response 2019-07-09 12:32:26 +02:00			`use App\Transformers\ClientContactLoginTransformer;`
Working on client login routes 2019-07-08 02:08:57 +02:00			`use App\Utils\Traits\UserSessionAttributes;`
			`use Illuminate\Foundation\Auth\AuthenticatesUsers;`
			`use Illuminate\Http\Request;`
			`use Illuminate\Support\Facades\Auth;`
			`use Laravel\Socialite\Facades\Socialite;`

			`class LoginController extends BaseController`
			`{`
			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Login Controller`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| This controller handles authenticating users for the application and`
			`\| redirecting them to your home screen. The controller uses a trait`
			`\| to conveniently provide its functionality to your applications.`
			`\|`
			`*/`

			`use AuthenticatesUsers;`
			`use UserSessionAttributes;`

			`protected $entity_type = ClientContact::class;`

Create specific transformer for client login response 2019-07-09 12:32:26 +02:00			`protected $entity_transformer = ClientContactLoginTransformer::class;`
Working on client login routes 2019-07-08 02:08:57 +02:00
			`/**`
			`* Create a new controller instance.`
			`*`
			`* @return void`
			`*/`
			`public function __construct()`
			`{`
			`parent::__construct();`
			`}`

			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Login via API.`
Working on client login routes 2019-07-08 02:08:57 +02:00			`*`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`* @param Request $request The request`
Working on client login routes 2019-07-08 02:08:57 +02:00			`*`
Fixes for static analysis 2023-07-26 04:59:36 +02:00			`* @return \Illuminate\Http\JsonResponse`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`* @throws \Illuminate\Validation\ValidationException`
Working on client login routes 2019-07-08 02:08:57 +02:00			`*/`
			`public function apiLogin(Request $request)`
			`{`
			`Auth::shouldUse('contact');`

			`$this->validateLogin($request);`

			`if ($this->hasTooManyLoginAttempts($request)) {`
			`$this->fireLockoutEvent($request);`

			`return response()->json(['message' => 'Too many login attempts, you are being throttled']);`
			`}`

Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`if ($this->attemptLogin($request)) {`
Working on client login routes 2019-07-08 02:08:57 +02:00			`return $this->itemResponse($this->guard()->user());`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`} else {`
Working on client login routes 2019-07-08 02:08:57 +02:00			`$this->incrementLoginAttempts($request);`

			`return response()->json(['message' => ctrans('texts.invalid_credentials')]);`
			`}`
			`}`

			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Redirect the user to the provider authentication page.`
Working on client login routes 2019-07-08 02:08:57 +02:00			`*`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`* @param string $provider`
Working on client login routes 2019-07-08 02:08:57 +02:00			`* @return void`
			`*/`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`public function redirectToProvider(string $provider)`
Working on client login routes 2019-07-08 02:08:57 +02:00			`{`
			`//'https://www.googleapis.com/auth/gmail.send','email','profile','openid'`
Fixes for random subdomain generator 2021-05-24 11:39:21 +02:00			`$scopes = [];`
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00
			`if ($provider == 'google') {`
			`$scopes = ['https://www.googleapis.com/auth/gmail.send', 'email', 'profile', 'openid'];`
Fixes for random subdomain generator 2021-05-24 11:39:21 +02:00			`}`

Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`if (request()->has('code')) {`
Working on client login routes 2019-07-08 02:08:57 +02:00			`return $this->handleProviderCallback($provider);`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`} else {`
Fixes for random subdomain generator 2021-05-24 11:39:21 +02:00			`return Socialite::driver($provider)->scopes($scopes)->redirect();`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`}`
Working on client login routes 2019-07-08 02:08:57 +02:00			`}`

			`public function redirectToProviderAndCreate(string $provider)`
			`{`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`$redirect_url = config('services.'.$provider.'.redirect').'/create';`
Working on client login routes 2019-07-08 02:08:57 +02:00
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`if (request()->has('code')) {`
Working on client login routes 2019-07-08 02:08:57 +02:00			`return $this->handleProviderCallbackAndCreate($provider);`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`} else {`
Working on client login routes 2019-07-08 02:08:57 +02:00			`return Socialite::driver($provider)->redirectUrl($redirect_url)->redirect();`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`}`
Working on client login routes 2019-07-08 02:08:57 +02:00			`}`

			`/**`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`* A client side authentication has taken place.`
Working on client login routes 2019-07-08 02:08:57 +02:00			`* We now digest the token and confirm authentication with`
			`* the authentication server, the correct user object`
			`* is returned to us here and we send back the correct`
			`* user object payload - or error.`
			`*`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`* This can be extended to a create route also - need to pass a ?create query parameter and`
Working on client login routes 2019-07-08 02:08:57 +02:00			`* then process the signup`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`*`
Working on client login routes 2019-07-08 02:08:57 +02:00			`* return User $user`
			`*/`
			`public function oauthApiLogin()`
			`{`
			`$user = false;`

			`$oauth = new OAuth();`

			`$user = $oauth->getProvider(request()->input('provider'))->getTokenResponse(request()->input('token'));`

Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`if ($user) {`
Working on client login routes 2019-07-08 02:08:57 +02:00			`return $this->itemResponse($user);`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`} else {`
Working on client login routes 2019-07-08 02:08:57 +02:00			`return $this->errorResponse(['message' => 'Invalid credentials'], 401);`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`}`
Working on client login routes 2019-07-08 02:08:57 +02:00			`}`
			`}`