redirectUserBasedOnRole(Auth::user()); } return view('auth.login'); } /** * Handle Email & Password login for Administrators. */ public function adminLogin(Request $request) { $credentials = $request->validate([ 'email' => ['required', 'email'], 'password' => ['required'], ]); if (Auth::attempt($credentials, $request->boolean('remember'))) { $user = Auth::user(); // Enforce that only administrators can log in via credentials if ($user->role === 'admin') { $request->session()->regenerate(); return redirect()->intended(route('admin.dashboard')) ->with('success', 'Logged in successfully as Admin.'); } // Log out unauthorized user immediately Auth::logout(); $request->session()->invalidate(); $request->session()->regenerateToken(); return back()->withErrors([ 'email' => 'Access denied. The provided credentials do not belong to an Administrator.', ])->onlyInput('email'); } return back()->withErrors([ 'email' => 'The provided credentials do not match our records.', ])->onlyInput('email'); } /** * Redirect the user to the Microsoft Azure authentication page. */ public function redirectToMicrosoft() { try { return Socialite::driver('microsoft')->redirect(); } catch (Exception $e) { \Illuminate\Support\Facades\Log::error('Microsoft Authentication redirect failed', [ 'message' => $e->getMessage(), 'trace' => $e->getTraceAsString(), ]); return redirect()->route('login')->with('error', 'Unable to redirect to Microsoft: ' . $e->getMessage()); } } /** * Obtain the user information from Microsoft Azure. */ public function handleMicrosoftCallback(Request $request) { try { $microsoftUser = Socialite::driver('microsoft')->user(); } catch (Exception $e) { \Illuminate\Support\Facades\Log::error('Microsoft Authentication callback failed', [ 'message' => $e->getMessage(), 'trace' => $e->getTraceAsString(), ]); return redirect()->route('login')->with('error', 'Microsoft Authentication failed or was cancelled: ' . $e->getMessage()); } // Search for user by microsoft_id first, then by email $user = User::where('microsoft_id', $microsoftUser->getId())->first(); if (!$user) { $user = User::where('email', $microsoftUser->getEmail())->first(); } if ($user) { // Update existing user with Microsoft data if not already set $user->update([ 'microsoft_id' => $microsoftUser->getId(), 'microsoft_token' => $microsoftUser->token, 'microsoft_refresh_token' => $microsoftUser->refreshToken ?? $user->microsoft_refresh_token, 'avatar' => $microsoftUser->getAvatar() ?? $user->avatar, ]); } else { // Create a new User (defaults to 'user' role) $user = User::create([ 'name' => $microsoftUser->getName() ?? explode('@', $microsoftUser->getEmail())[0], 'email' => $microsoftUser->getEmail(), 'microsoft_id' => $microsoftUser->getId(), 'microsoft_token' => $microsoftUser->token, 'microsoft_refresh_token' => $microsoftUser->refreshToken ?? null, 'avatar' => $microsoftUser->getAvatar(), 'role' => 'user', ]); } Auth::login($user, true); $request->session()->regenerate(); return $this->redirectUserBasedOnRole($user); } /** * Log the user out of the application. */ public function logout(Request $request) { Auth::logout(); $request->session()->invalidate(); $request->session()->regenerateToken(); return redirect()->route('login')->with('success', 'Logged out successfully.'); } /** * Helper method to redirect user depending on their role. */ protected function redirectUserBasedOnRole($user) { if ($user->role === 'admin') { return redirect()->route('admin.dashboard'); } return redirect()->route('dashboard'); } }