Authentication

The authentication classes don't use Livewire, instead they are standard Auth controllers using Laravel UI.

The following will cover any none standard functionality that Laravel UI does not provide.

Registration

When registering the following validation rules are applied.

  • Name is required
  • Email is required and cannot be reused once used.
  • Password must be at least 8 characters, contain upper and lowe case letters and number. Additionally passwords are checked to ensure they have not been in a data breach.

    
    $request->validate([
        'name'            => 'required',
        'email'           => 'required|email|unique:users,email',
        'password'        => [
            'required',
            Password::min(8)
                ->mixedCase()
                ->letters()
                ->numbers()
                ->uncompromised()
        ],
        'confirmPassword' => 'required|same:password'
    ]
    ]);
        

Registering a user:


    
    $user = User::create([
            'name'                 => $request->input('name'),
            'slug'                 => Str::slug($request->input('name')),
            'email'                => $request->input('email'),
            'password'             => bcrypt($request->input('password')),
            'is_active'            => 1,
            'is_office_login_only' => 0
        ]);
        

When creating a user create a thumbnail image:


    
        $name      = get_initials($user->name);
        $id        = $user->id.'.png';
        $path      = 'users/';
        $imagePath = create_avatar($name, $id, $path);

        //save image
        $user->image = $imagePath;
        $user->save();
        

Give the user a role of Admin, additional users should be invited from the users page.


    
        $role = Role::where('label', 'admin')->first();

        RoleUser::create([
            'role_id' => $role->id,
            'user_id' => $user->id
        ]);
        

Create an audit log of the register event by using the helper add_user_log


    
        add_user_log([
            'title'        => "registered ".$user->name,
            'reference_id' => $user->id,
            'section'      => 'Auth',
            'type'         => 'Register'
        ]);

        Auth::loginUsingId($user->id);

        return redirect('admin');
        

Forgot Password

To reset your enter password fill in your email address at the /password/reset url.

Upon sending a reset link email, a log of the reset request is recorded.


    
        AuditTrail::create([
            'user_id'      => $id,
            'reference_id' => $id,
            'title'        => 'requested reset password email',
            'section'      => 'Auth',
            'type'         => 'Request Password Email'
        ]);
        

Login

Login will work only for active accounts, setting is_active in the attempt will check if the account is active in the database by checking it has a value of 1.


    
    protected function attemptLogin(Request $request)
    {
        return $this->guard()->attempt(
            [
                'email'     => $request->input('email'),
                'password'  => $request->input('password'),
                'is_active' => 1
            ], $request->filled('remember')
        );
    }
        

On sucessful login record a log


    
    AuditTrail::create([
        'user_id'      => $user->id,
        'reference_id' => $user->id,
        'title'        => "Logged in",
        'section'      => 'Auth',
        'type'         => 'Login'
    ]);
        

Record the timestamp of the login


    
    $user->last_logged_in_at = now();
    $user->save();
        

2FA

After login, check if 2FA is enabled for all users by checking is_forced_2fa on the settings table.

If forced 2fa is true then check if 2fa is active on the users record then set a session for 2fa to login otherwise set a session for 2fa to be setup.


    
    $isForced2Fa = Setting::where('key', 'is_forced_2fa')->value('value');

    if ($isForced2Fa) {
        if ($user->two_fa_active === 'Yes' && $user->two_fa_secret_key !== '') {
            session(['2fa-login' => true]);
        } else {
            session(['2fa-setup' => true]);
        }
    } else {
        if ($user->two_fa_active === 'Yes' && $user->two_fa_secret_key !== '') {
            session(['2fa-login' => true]);
        }
    }
        

© 2022 AdminTW. All rights reserved.

Built by David Carr