From d37e4a99a8e2b7dfe3f92b37615bd649c077e32b Mon Sep 17 00:00:00 2001 From: Mohammad Hafijul Islam Date: Sun, 1 Oct 2023 14:13:31 +0600 Subject: [PATCH] LP-3 feat: user login permission or guard added --- lang/en/messages.php | 4 +--- src/Http/Controllers/AuthenticatedSessionController.php | 8 +++++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lang/en/messages.php b/lang/en/messages.php index f506459..6ff4774 100644 --- a/lang/en/messages.php +++ b/lang/en/messages.php @@ -11,16 +11,14 @@ */ return [ 'success' => 'Login successful.', + 'forbidden' => 'Access Forbidden! You are not allowed to :permission', 'logout' => 'Logout successful. Thank you for using our services', 'failed' => 'These credentials do not match our records.', 'password' => 'The provided password is incorrect.', 'throttle' => 'Too many login attempts. Please try again in :seconds seconds.', 'ip_blocked' => 'Your IP :ip is blocked, Please contact support.', - 'This user are not login. Please contact support.' => 'This user are not login. Please contact support.', - 'Sorry, You entered wrong mobile number or invalid password!' => 'Sorry, You entered wrong mobile number or invalid password!', 'warning' => 'Sorry, You entered wrong credentials! You already attempt :attempt. times out of :threshold', 'lockup' => 'Sorry, Your Account is has been Locked. Please contact support!', - 'This user are not login' => 'This user are not login', 'Sorry, You entered wrong mobile number or invalid pin!' => 'Sorry, You entered wrong mobile number or invalid pin!', 'Sorry, You entered wrong mobile number or pin! You already attempt :wrong_pin_password. times out of :password_retry_limit' => 'Sorry, You entered wrong mobile number or pin! You already attempt :wrong_pin_password. times out of :password_retry_limit', ]; diff --git a/src/Http/Controllers/AuthenticatedSessionController.php b/src/Http/Controllers/AuthenticatedSessionController.php index 25b2958..4d472bb 100644 --- a/src/Http/Controllers/AuthenticatedSessionController.php +++ b/src/Http/Controllers/AuthenticatedSessionController.php @@ -62,14 +62,16 @@ public function store(LoginRequest $request): LoginResource|JsonResponse $request->clearRateLimited(); - if ($attemptUser->hasPermission()) + if ($attemptUser->can('auth.login')) { + $request->session()->invalidate(); + + return $this->forbidden(__('auth::messages.forbidden', ['permission' => permission_format('auth.login', 'auth')])); + } Auth::login($attemptUser); Auth::user()->tokens->each(fn($token) => $token->delete()); - //permission check - return new LoginResource(Auth::user()); }