From 992dd1af540c139d5da089d367a3927bbd71a28a Mon Sep 17 00:00:00 2001 From: Mohammad Hafijul Islam Date: Sun, 1 Oct 2023 12:41:04 +0600 Subject: [PATCH] LP-3 fix: wrong password and threshold count failed messaged fixed --- .../AuthenticatedSessionController.php | 15 +++++++++------ src/Models/User.php | 6 ++++++ src/Services/UserService.php | 4 ++-- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/src/Http/Controllers/AuthenticatedSessionController.php b/src/Http/Controllers/AuthenticatedSessionController.php index 3a88ef0..7f28604 100644 --- a/src/Http/Controllers/AuthenticatedSessionController.php +++ b/src/Http/Controllers/AuthenticatedSessionController.php @@ -40,28 +40,31 @@ public function store(LoginRequest $request): LoginResource|JsonResponse if ($attemptUser->wrong_password > config('fintech.auth.threshold.password', 10)) { \Fintech\Auth\Facades\Auth::user()->update($attemptUser->id, [ - 'status' => UserStatus::InActive->value, + 'status' => UserStatus::InActive->value ]); return $this->failed(__('auth::messages.lockup')); } - if (! Hash::check($request->input('password'), $attemptUser->password)) { + if (!Hash::check($request->input('password'), $attemptUser->password)) { $request->hitRateLimited(); - + $wrongPasswordCount = $attemptUser->wrong_password + 1; \Fintech\Auth\Facades\Auth::user()->update($attemptUser->id, [ - 'wrong_password' => $attemptUser->wrong_password + 1, + 'wrong_password' => $wrongPasswordCount, ]); - return $this->failed(__('auth::messages.failed')); + return $this->failed(__('auth::messages.warning', [ + 'attempt' => $wrongPasswordCount, + 'threshold' => config('fintech.auth.threshold.password', 10) + ])); } $request->clearRateLimited(); Auth::login($attemptUser); - Auth::user()->tokens->each(fn ($token) => $token->delete()); + Auth::user()->tokens->each(fn($token) => $token->delete()); //permission check diff --git a/src/Models/User.php b/src/Models/User.php index fe1920a..7b4764c 100644 --- a/src/Models/User.php +++ b/src/Models/User.php @@ -30,6 +30,12 @@ class User extends Authenticatable implements Auditable protected $casts = [ 'email_verified_at' => 'datetime', 'mobile_verified_at' => 'datetime', + 'wrong_password' => 'integer' + ]; + + protected $attributes = [ + 'wrong_password' => 0, + 'wrong_pin' => 0, ]; /* diff --git a/src/Services/UserService.php b/src/Services/UserService.php index 650e66a..a76604b 100644 --- a/src/Services/UserService.php +++ b/src/Services/UserService.php @@ -125,10 +125,10 @@ public function read($id) public function update($id, array $inputs = []) { - if ($inputs['password']) { + if (isset($inputs['password']) && !empty($inputs['password'])) { $inputs['password'] = Hash::make($inputs['password']); } - if ($inputs['pin']) { + if (isset($inputs['pin']) && !empty($inputs['pin'])) { $inputs['pin'] = Hash::make($inputs['pin']); }