#3 - User Authentication

.env.ci

@@ -7,17 +7,16 @@ APP_URL=http://interns2024c.blumilk.localhost
 LOG_CHANNEL=stack
 LOG_LEVEL=debug
 
-BROADCAST_DRIVER=log
-CACHE_DRIVER=array
-FILESYSTEM_DISK=local
-QUEUE_CONNECTION=sync
-SESSION_DRIVER=array
-SESSION_LIFETIME=120
-MAIL_MAILER=array
-
 DB_CONNECTION=pgsql
 DB_HOST=127.0.0.1
-DB_PORT=5432
 DB_DATABASE=interns2024c
 DB_USERNAME=interns2024c
 DB_PASSWORD=password
+
+SESSION_DRIVER=array
+QUEUE_CONNECTION=sync
+BROADCAST_CONNECTION=log
+CACHE_STORE=array
+MAIL_MAILER=array
+
+BCRYPT_ROUNDS=4

.github/workflows/test-and-lint-php.yml

@@ -21,8 +21,8 @@ jobs:
       pgsql:
         image: postgres:16.3-alpine3.18@sha256:64e18e8fb3e9c9aac89ac590c5dd8306b862478404f76cd9b5f7720d012b4c47 # https://hub.docker.com/_/postgres
         env:
-          POSTGRES_DB: interns2024b
-          POSTGRES_USER: interns2024b
+          POSTGRES_DB: interns2024c
+          POSTGRES_USER: interns2024c
           POSTGRES_PASSWORD: password
         # Set health checks to wait until postgres has started
         options: >-

.gitignore

@@ -21,3 +21,4 @@ yarn-error.log
 /.vscode
 /.zed
 .php-cs-fixer.cache
+

Makefile

@@ -55,7 +55,7 @@ analyse:
 	@docker compose --file ${DOCKER_COMPOSE_FILE} exec --user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" ${DOCKER_COMPOSE_APP_CONTAINER} bash -c 'composer analyse'
 
 dev:
-	@docker compose --file ${DOCKER_COMPOSE_FILE} exec --user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" ${DOCKER_COMPOSE_APP_CONTAINER} bash -c 'npm run dev'
+	@docker compose --file ${DOCKER_COMPOSE_FILE} exec --user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" ${DOCKER_COMPOSE_APP_CONTAINER} bash -c 'npm run dev; npm run lintf'
 
 queue:
 	@docker compose --file ${DOCKER_COMPOSE_FILE} exec --user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" ${DOCKER_COMPOSE_APP_CONTAINER} php artisan queue:work

app/Http/Controllers/Auth/AuthenticatedSessionController.php

@@ -0,0 +1,54 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Interns2024c\Http\Controllers\Auth;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Route;
+use Inertia\Inertia;
+use Inertia\Response;
+use Interns2024c\Http\Controllers\Controller;
+use Interns2024c\Http\Requests\Auth\LoginRequest;
+
+class AuthenticatedSessionController extends Controller
+{
+    /**
+     * Display the login view.
+     */
+    public function create(): Response
+    {
+        return Inertia::render("Auth/Login", [
+            "canResetPassword" => Route::has("password.request"),
+            "status" => session("status"),
+        ]);
+    }
+
+    /**
+     * Handle an incoming authentication request.
+     */
+    public function store(LoginRequest $request): RedirectResponse
+    {
+        $request->authenticate();
+
+        $request->session()->regenerate();
+
+        return redirect()->intended(route("dashboard", absolute: false));
+    }
+
+    /**
+     * Destroy an authenticated session.
+     */
+    public function destroy(Request $request): RedirectResponse
+    {
+        Auth::guard("web")->logout();
+
+        $request->session()->invalidate();
+
+        $request->session()->regenerateToken();
+
+        return redirect("/");
+    }
+}

app/Http/Controllers/Auth/ConfirmablePasswordController.php

@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Interns2024c\Http\Controllers\Auth;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Validation\ValidationException;
+use Inertia\Inertia;
+use Inertia\Response;
+use Interns2024c\Http\Controllers\Controller;
+
+class ConfirmablePasswordController extends Controller
+{
+    /**
+     * Show the confirm password view.
+     */
+    public function show(): Response
+    {
+        return Inertia::render("Auth/ConfirmPassword");
+    }
+
+    /**
+     * Confirm the user's password.
+     */
+    public function store(Request $request): RedirectResponse
+    {
+        if (!Auth::guard("web")->validate([
+            "email" => $request->user()->email,
+            "password" => $request->password,
+        ])) {
+            throw ValidationException::withMessages([
+                "password" => __("auth.password"),
+            ]);
+        }
+
+        $request->session()->put("auth.password_confirmed_at", time());
+
+        return redirect()->intended(route("dashboard", absolute: false));
+    }
+}

app/Http/Controllers/Auth/EmailVerificationNotificationController.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Interns2024c\Http\Controllers\Auth;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Interns2024c\Http\Controllers\Controller;
+
+class EmailVerificationNotificationController extends Controller
+{
+    /**
+     * Send a new email verification notification.
+     */
+    public function store(Request $request): RedirectResponse
+    {
+        if ($request->user()->hasVerifiedEmail()) {
+            return redirect()->intended(route("dashboard", absolute: false));
+        }
+
+        $request->user()->sendEmailVerificationNotification();
+
+        return back()->with("status", "verification-link-sent");
+    }
+}

app/Http/Controllers/Auth/EmailVerificationPromptController.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Interns2024c\Http\Controllers\Auth;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Inertia\Inertia;
+use Inertia\Response;
+use Interns2024c\Http\Controllers\Controller;
+
+class EmailVerificationPromptController extends Controller
+{
+    /**
+     * Display the email verification prompt.
+     */
+    public function __invoke(Request $request): RedirectResponse|Response
+    {
+        return $request->user()->hasVerifiedEmail()
+                    ? redirect()->intended(route("dashboard", absolute: false))
+                    : Inertia::render("Auth/VerifyEmail", ["status" => session("status")]);
+    }
+}

app/Http/Controllers/Auth/NewPasswordController.php

@@ -0,0 +1,71 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Interns2024c\Http\Controllers\Auth;
+
+use Illuminate\Auth\Events\PasswordReset;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Password;
+use Illuminate\Support\Str;
+use Illuminate\Validation\Rules;
+use Illuminate\Validation\ValidationException;
+use Inertia\Inertia;
+use Inertia\Response;
+use Interns2024c\Http\Controllers\Controller;
+
+class NewPasswordController extends Controller
+{
+    /**
+     * Display the password reset view.
+     */
+    public function create(Request $request): Response
+    {
+        return Inertia::render("Auth/ResetPassword", [
+            "email" => $request->email,
+            "token" => $request->route("token"),
+        ]);
+    }
+
+    /**
+     * Handle an incoming new password request.
+     *
+     * @throws ValidationException
+     */
+    public function store(Request $request): RedirectResponse
+    {
+        $request->validate([
+            "token" => "required",
+            "email" => "required|email",
+            "password" => ["required", "confirmed", Rules\Password::defaults()],
+        ]);
+
+        // Here we will attempt to reset the user's password. If it is successful we
+        // will update the password on an actual user model and persist it to the
+        // database. Otherwise we will parse the error and return the response.
+        $status = Password::reset(
+            $request->only("email", "password", "password_confirmation", "token"),
+            function ($user) use ($request): void {
+                $user->forceFill([
+                    "password" => Hash::make($request->password),
+                    "remember_token" => Str::random(60),
+                ])->save();
+
+                event(new PasswordReset($user));
+            },
+        );
+
+        // If the password was successfully reset, we will redirect the user back to
+        // the application's home authenticated view. If there is an error we can
+        // redirect them back to where they came from with their error message.
+        if ($status === Password::PASSWORD_RESET) {
+            return redirect()->route("login")->with("status", __($status));
+        }
+
+        throw ValidationException::withMessages([
+            "email" => [trans($status)],
+        ]);
+    }
+}

app/Http/Controllers/Auth/PasswordController.php

@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Interns2024c\Http\Controllers\Auth;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Validation\Rules\Password;
+use Interns2024c\Http\Controllers\Controller;
+
+class PasswordController extends Controller
+{
+    /**
+     * Update the user's password.
+     */
+    public function update(Request $request): RedirectResponse
+    {
+        $validated = $request->validate([
+            "current_password" => ["required", "current_password"],
+            "password" => ["required", Password::defaults(), "confirmed"],
+        ]);
+
+        $request->user()->update([
+            "password" => Hash::make($validated["password"]),
+        ]);
+
+        return back();
+    }
+}

app/Http/Controllers/Auth/PasswordResetLinkController.php

@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Interns2024c\Http\Controllers\Auth;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Password;
+use Illuminate\Validation\ValidationException;
+use Inertia\Inertia;
+use Inertia\Response;
+use Interns2024c\Http\Controllers\Controller;
+
+class PasswordResetLinkController extends Controller
+{
+    /**
+     * Display the password reset link request view.
+     */
+    public function create(): Response
+    {
+        return Inertia::render("Auth/ForgotPassword", [
+            "status" => session("status"),
+        ]);
+    }
+
+    /**
+     * Handle an incoming password reset link request.
+     *
+     * @throws ValidationException
+     */
+    public function store(Request $request): RedirectResponse
+    {
+        $request->validate([
+            "email" => "required|email",
+        ]);
+
+        // We will send the password reset link to this user. Once we have attempted
+        // to send the link, we will examine the response then see the message we
+        // need to show to the user. Finally, we'll send out a proper response.
+        $status = Password::sendResetLink(
+            $request->only("email"),
+        );
+
+        if ($status === Password::RESET_LINK_SENT) {
+            return back()->with("status", __($status));
+        }
+
+        throw ValidationException::withMessages([
+            "email" => [trans($status)],
+        ]);
+    }
+}