150 lines
4.9 KiB
PHP
150 lines
4.9 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use App\Models\User;
|
|
use Exception;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Laravel\Socialite\Facades\Socialite;
|
|
|
|
class LoginController extends Controller
|
|
{
|
|
/**
|
|
* Show the login selection screen or redirect if already authenticated.
|
|
*/
|
|
public function showLoginForm()
|
|
{
|
|
if (Auth::check()) {
|
|
return $this->redirectUserBasedOnRole(Auth::user());
|
|
}
|
|
|
|
return view('auth.login');
|
|
}
|
|
|
|
/**
|
|
* Handle Email & Password login for Administrators.
|
|
*/
|
|
public function adminLogin(Request $request)
|
|
{
|
|
$credentials = $request->validate([
|
|
'email' => ['required', 'email'],
|
|
'password' => ['required'],
|
|
]);
|
|
|
|
if (Auth::attempt($credentials, $request->boolean('remember'))) {
|
|
$user = Auth::user();
|
|
|
|
// Enforce that only administrators can log in via credentials
|
|
if ($user->role === 'admin') {
|
|
$request->session()->regenerate();
|
|
return redirect()->intended(route('admin.dashboard'))
|
|
->with('success', 'Logged in successfully as Admin.');
|
|
}
|
|
|
|
// Log out unauthorized user immediately
|
|
Auth::logout();
|
|
$request->session()->invalidate();
|
|
$request->session()->regenerateToken();
|
|
|
|
return back()->withErrors([
|
|
'email' => 'Access denied. The provided credentials do not belong to an Administrator.',
|
|
])->onlyInput('email');
|
|
}
|
|
|
|
return back()->withErrors([
|
|
'email' => 'The provided credentials do not match our records.',
|
|
])->onlyInput('email');
|
|
}
|
|
|
|
/**
|
|
* Redirect the user to the Microsoft Azure authentication page.
|
|
*/
|
|
public function redirectToMicrosoft()
|
|
{
|
|
try {
|
|
return Socialite::driver('microsoft')->redirect();
|
|
} catch (Exception $e) {
|
|
\Illuminate\Support\Facades\Log::error('Microsoft Authentication redirect failed', [
|
|
'message' => $e->getMessage(),
|
|
'trace' => $e->getTraceAsString(),
|
|
]);
|
|
return redirect()->route('login')->with('error', 'Unable to redirect to Microsoft: ' . $e->getMessage());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Obtain the user information from Microsoft Azure.
|
|
*/
|
|
public function handleMicrosoftCallback(Request $request)
|
|
{
|
|
try {
|
|
$microsoftUser = Socialite::driver('microsoft')->user();
|
|
} catch (Exception $e) {
|
|
\Illuminate\Support\Facades\Log::error('Microsoft Authentication callback failed', [
|
|
'message' => $e->getMessage(),
|
|
'trace' => $e->getTraceAsString(),
|
|
]);
|
|
return redirect()->route('login')->with('error', 'Microsoft Authentication failed or was cancelled: ' . $e->getMessage());
|
|
}
|
|
|
|
// Search for user by microsoft_id first, then by email
|
|
$user = User::where('microsoft_id', $microsoftUser->getId())->first();
|
|
|
|
if (!$user) {
|
|
$user = User::where('email', $microsoftUser->getEmail())->first();
|
|
}
|
|
|
|
if ($user) {
|
|
// Update existing user with Microsoft data if not already set
|
|
$user->update([
|
|
'microsoft_id' => $microsoftUser->getId(),
|
|
'microsoft_token' => $microsoftUser->token,
|
|
'microsoft_refresh_token' => $microsoftUser->refreshToken ?? $user->microsoft_refresh_token,
|
|
'avatar' => $microsoftUser->getAvatar() ?? $user->avatar,
|
|
]);
|
|
} else {
|
|
// Create a new User (defaults to 'user' role)
|
|
$user = User::create([
|
|
'name' => $microsoftUser->getName() ?? explode('@', $microsoftUser->getEmail())[0],
|
|
'email' => $microsoftUser->getEmail(),
|
|
'microsoft_id' => $microsoftUser->getId(),
|
|
'microsoft_token' => $microsoftUser->token,
|
|
'microsoft_refresh_token' => $microsoftUser->refreshToken ?? null,
|
|
'avatar' => $microsoftUser->getAvatar(),
|
|
'role' => 'user',
|
|
]);
|
|
}
|
|
|
|
Auth::login($user, true);
|
|
$request->session()->regenerate();
|
|
|
|
return $this->redirectUserBasedOnRole($user);
|
|
}
|
|
|
|
/**
|
|
* Log the user out of the application.
|
|
*/
|
|
public function logout(Request $request)
|
|
{
|
|
Auth::logout();
|
|
|
|
$request->session()->invalidate();
|
|
$request->session()->regenerateToken();
|
|
|
|
return redirect()->route('login')->with('success', 'Logged out successfully.');
|
|
}
|
|
|
|
/**
|
|
* Helper method to redirect user depending on their role.
|
|
*/
|
|
protected function redirectUserBasedOnRole($user)
|
|
{
|
|
if ($user->role === 'admin') {
|
|
return redirect()->route('admin.dashboard');
|
|
}
|
|
|
|
return redirect()->route('dashboard');
|
|
}
|
|
}
|