sls/app/Http/Controllers/LoginController.php
2026-06-23 14:36:43 +05:30

150 lines
4.9 KiB
PHP

<?php
namespace App\Http\Controllers;
use App\Models\User;
use Exception;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Laravel\Socialite\Facades\Socialite;
class LoginController extends Controller
{
/**
* Show the login selection screen or redirect if already authenticated.
*/
public function showLoginForm()
{
if (Auth::check()) {
return $this->redirectUserBasedOnRole(Auth::user());
}
return view('auth.login');
}
/**
* Handle Email & Password login for Administrators.
*/
public function adminLogin(Request $request)
{
$credentials = $request->validate([
'email' => ['required', 'email'],
'password' => ['required'],
]);
if (Auth::attempt($credentials, $request->boolean('remember'))) {
$user = Auth::user();
// Enforce that only administrators can log in via credentials
if ($user->role === 'admin') {
$request->session()->regenerate();
return redirect()->intended(route('admin.dashboard'))
->with('success', 'Logged in successfully as Admin.');
}
// Log out unauthorized user immediately
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return back()->withErrors([
'email' => 'Access denied. The provided credentials do not belong to an Administrator.',
])->onlyInput('email');
}
return back()->withErrors([
'email' => 'The provided credentials do not match our records.',
])->onlyInput('email');
}
/**
* Redirect the user to the Microsoft Azure authentication page.
*/
public function redirectToMicrosoft()
{
try {
return Socialite::driver('microsoft')->redirect();
} catch (Exception $e) {
\Illuminate\Support\Facades\Log::error('Microsoft Authentication redirect failed', [
'message' => $e->getMessage(),
'trace' => $e->getTraceAsString(),
]);
return redirect()->route('login')->with('error', 'Unable to redirect to Microsoft: ' . $e->getMessage());
}
}
/**
* Obtain the user information from Microsoft Azure.
*/
public function handleMicrosoftCallback(Request $request)
{
try {
$microsoftUser = Socialite::driver('microsoft')->user();
} catch (Exception $e) {
\Illuminate\Support\Facades\Log::error('Microsoft Authentication callback failed', [
'message' => $e->getMessage(),
'trace' => $e->getTraceAsString(),
]);
return redirect()->route('login')->with('error', 'Microsoft Authentication failed or was cancelled: ' . $e->getMessage());
}
// Search for user by microsoft_id first, then by email
$user = User::where('microsoft_id', $microsoftUser->getId())->first();
if (!$user) {
$user = User::where('email', $microsoftUser->getEmail())->first();
}
if ($user) {
// Update existing user with Microsoft data if not already set
$user->update([
'microsoft_id' => $microsoftUser->getId(),
'microsoft_token' => $microsoftUser->token,
'microsoft_refresh_token' => $microsoftUser->refreshToken ?? $user->microsoft_refresh_token,
'avatar' => $microsoftUser->getAvatar() ?? $user->avatar,
]);
} else {
// Create a new User (defaults to 'user' role)
$user = User::create([
'name' => $microsoftUser->getName() ?? explode('@', $microsoftUser->getEmail())[0],
'email' => $microsoftUser->getEmail(),
'microsoft_id' => $microsoftUser->getId(),
'microsoft_token' => $microsoftUser->token,
'microsoft_refresh_token' => $microsoftUser->refreshToken ?? null,
'avatar' => $microsoftUser->getAvatar(),
'role' => 'user',
]);
}
Auth::login($user, true);
$request->session()->regenerate();
return $this->redirectUserBasedOnRole($user);
}
/**
* Log the user out of the application.
*/
public function logout(Request $request)
{
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect()->route('login')->with('success', 'Logged out successfully.');
}
/**
* Helper method to redirect user depending on their role.
*/
protected function redirectUserBasedOnRole($user)
{
if ($user->role === 'admin') {
return redirect()->route('admin.dashboard');
}
return redirect()->route('dashboard');
}
}