allerta-vvf/backend/app/Http/Controllers/AuthController.php

<?php

namespace App\Http\Controllers;

use App\Models\User;
use App\Models\Option;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\ValidationException;
use Illuminate\Http\Request;
use App\Utils\Logger;

class AuthController extends Controller
{
    /**
     * Register a new user
     */
    public function register(Request $request)
    {
        if(!$request->user()->hasPermission("users-create")) abort(401);
        $validatedData = $request->validate([
            'name' => 'required|string|max:255',
            'email' => 'required|string|email|max:255|unique:users',
            'username' => 'required|string|max:255|unique:users',
            'password' => 'required|string|min:8',
        ]);

        $user = User::create([
            'name' => $validatedData['name'],
            'email' => $validatedData['email'],
            'username' => $validatedData['username'],
            'password' => Hash::make($validatedData['password']),
        ]);

        $token = $user->createToken('auth_token')->plainTextToken;

        Logger::log("Creato utente $user->name ($user->username)", $user);

        return response()->json([
            'access_token' => $token,
            'token_type' => 'Bearer',
            'user' => $user
        ]);
    }

    /**
     * Login
     * @unauthenticated
     */
    public function login(Request $request)
    {
        $request->validate([
			'username' => 'required|string|exists:users,username|max:255',
			'password' => 'required',
		]);

		$user = User::where('username', $request->username)->first();

		if (! $user || ! Hash::check($request->password, $user->password)) {
			throw ValidationException::withMessages([
				'username' => ['Credenziali inserite non valide.'],
			]);
		}

        $user = User::where('username', $request['username'])->firstOrFail();

        if($request->input('use_sessions', false)) {
            $request->session()->regenerate();
            auth()->guard('api')->login($user);
            $token = null;
        } else {
            $token = $user->createToken('auth_token')->plainTextToken;
        }

        Logger::log("Login", $user, $user);

        return response()->json([
            'access_token' => $token,
            'token_type' => 'Bearer',
            'auth_type' => is_null($token) ? 'session' : 'token'
        ]);
    }

    /**
     * Logout
     */
    public function logout(Request $request)
    {
        Logger::log("Logout");

        if(
            method_exists($request->user(), 'currentAccessToken') &&
            method_exists($request->user()->currentAccessToken(), 'delete')
        ) {
            $request->user()->currentAccessToken()->delete();
        } else {
            auth()->guard('api')->logout();
            $request->session()->invalidate();
            $request->session()->regenerateToken();
        }

		return response()->json(null, 200);
    }

    /**
     * Get current user info and global options (so they can be loaded on frontend without additional requests)
     */
    public function me(Request $request)
    {
        $impersonateManager = app('impersonate');

        $options = Option::all(["name", "value", "type"]);
        //Cast the value to the correct type and remove type
        foreach($options as $option) {
            if($option->type == "boolean") {
                $option->value = boolval($option->value);
            } else if($option->type == "number") {
                $option->value = floatval($option->value);
            }
            unset($option->type);
        }

        return [
            ...$request->user()->toArray(),
            "permissions" => array_map(function($p) {
                return $p["name"];
            }, $request->user()->allPermissions()->toArray()),
            "impersonating_user" => $impersonateManager->isImpersonating(),
            "impersonator_id" => $impersonateManager->getImpersonatorId(),
            "options" => $options
        ];
    }

    /**
     * Impersonate another user
     */
    public function impersonate(Request $request, User $user)
    {
        $authUser = User::find($request->user()->id);
        if(!$authUser->canImpersonate()) {
            return response()->json([
                'message' => 'Unauthorized'
            ], 401);
        }

        //Check if can be impersonated
        if(!$user->canBeImpersonated()) {
            return response()->json([
                'message' => 'Unauthorized'
            ], 401);
        }

        //Check if currently impersonating
        if(app('impersonate')->isImpersonating()) {
            return response()->json([
                'message' => 'Unauthorized'
            ], 401);
        }

        if(
            method_exists($request->user(), 'currentAccessToken') &&
            method_exists($request->user()->currentAccessToken(), 'delete')
        ) {
            $request->user()->currentAccessToken()->delete();
        } else {
            auth()->guard('api')->logout();
            $request->session()->invalidate();
            $request->session()->regenerateToken();
        }

        $request->user()->impersonate($user);
        $token = $user->createToken('auth_token')->plainTextToken;

        Logger::log("Impersonato utente", $user, $authUser);

        return response()->json([
            'access_token' => $token,
            'token_type' => 'Bearer',
        ]);
    }

    /**
     * Stop impersonating other user
     */
    public function stopImpersonating(Request $request)
    {
        $manager = app('impersonate');

        $impersonatorId = $manager->getImpersonatorId();
        $manager->leave();
        $manager->clear();
        $impersonator = User::find($impersonatorId);

        if(
            method_exists($request->user(), 'currentAccessToken') &&
            method_exists($request->user()->currentAccessToken(), 'delete')
        ) {
            $request->user()->currentAccessToken()->delete();
        } else {
            auth()->guard('api')->logout();
            $request->session()->invalidate();
            $request->session()->regenerateToken();
        }

        if($request->input('use_sessions', false)) {
            $request->session()->regenerate();
            auth()->guard('api')->login($impersonator);
            $token = null;
        } else {
            $token = $impersonator->createToken('auth_token')->plainTextToken;
        }

        return response()->json([
            'access_token' => $token,
            'token_type' => 'Bearer',
        ]);
    }

    /**
     * Refresh token, if using sessions it will return a new session token
     */
    public function refreshToken(Request $request)
    {
        if(
            !method_exists($request->user(), 'currentAccessToken') ||
            !method_exists($request->user()->currentAccessToken(), 'delete')
        ) return;

        $user = $request->user();
        $user->currentAccessToken()->delete();
        $token = $user->createToken('auth_token')->plainTextToken;

        return response()->json([
            'access_token' => $token,
            'token_type' => 'Bearer'
        ]);
    }
}
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`<?php`

			`namespace App\Http\Controllers;`

			`use App\Models\User;`
Add new service place selection procedure 2024-02-23 00:27:22 +01:00			`use App\Models\Option;`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`use Illuminate\Support\Facades\Hash;`
Improve auth process 2023-09-04 14:00:49 +02:00			`use Illuminate\Validation\ValidationException;`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`use Illuminate\Http\Request;`
Add user action logs 2023-09-01 14:24:10 +02:00			`use App\Utils\Logger;`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00
			`class AuthController extends Controller`
			`{`
Add API Docs 2024-02-24 00:52:25 +01:00			`/**`
			`* Register a new user`
			`*/`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`public function register(Request $request)`
			`{`
Better permission system 2024-01-07 18:43:52 +01:00			`if(!$request->user()->hasPermission("users-create")) abort(401);`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`$validatedData = $request->validate([`
			`'name' => 'required\|string\|max:255',`
			`'email' => 'required\|string\|email\|max:255\|unique:users',`
Fix user registration 2023-03-15 23:06:07 +01:00			`'username' => 'required\|string\|max:255\|unique:users',`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`'password' => 'required\|string\|min:8',`
			`]);`

			`$user = User::create([`
			`'name' => $validatedData['name'],`
			`'email' => $validatedData['email'],`
Update users table and add username as login field 2023-02-21 00:37:00 +01:00			`'username' => $validatedData['username'],`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`'password' => Hash::make($validatedData['password']),`
			`]);`

			`$token = $user->createToken('auth_token')->plainTextToken;`

Add user action logs 2023-09-01 14:24:10 +02:00			`Logger::log("Creato utente $user->name ($user->username)", $user);`

Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`return response()->json([`
			`'access_token' => $token,`
			`'token_type' => 'Bearer',`
			`'user' => $user`
			`]);`
			`}`

Add API Docs 2024-02-24 00:52:25 +01:00			`/**`
			`* Login`
			`* @unauthenticated`
			`*/`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`public function login(Request $request)`
			`{`
Improve auth process 2023-09-04 14:00:49 +02:00			`$request->validate([`
			`'username' => 'required\|string\|exists:users,username\|max:255',`
			`'password' => 'required',`
			`]);`

			`$user = User::where('username', $request->username)->first();`

			`if (! $user \|\| ! Hash::check($request->password, $user->password)) {`
			`throw ValidationException::withMessages([`
			`'username' => ['Credenziali inserite non valide.'],`
			`]);`
			`}`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00
Update users table and add username as login field 2023-02-21 00:37:00 +01:00			`$user = User::where('username', $request['username'])->firstOrFail();`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00
Improve auth process 2023-09-04 14:00:49 +02:00			`if($request->input('use_sessions', false)) {`
			`$request->session()->regenerate();`
			`auth()->guard('api')->login($user);`
			`$token = null;`
			`} else {`
			`$token = $user->createToken('auth_token')->plainTextToken;`
			`}`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00
Add user action logs 2023-09-01 14:24:10 +02:00			`Logger::log("Login", $user, $user);`

Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`return response()->json([`
			`'access_token' => $token,`
			`'token_type' => 'Bearer',`
Improve auth process 2023-09-04 14:00:49 +02:00			`'auth_type' => is_null($token) ? 'session' : 'token'`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`]);`
			`}`

Add API Docs 2024-02-24 00:52:25 +01:00			`/**`
			`* Logout`
			`*/`
Fix auth backend and add TODOs 2023-02-23 00:23:56 +01:00			`public function logout(Request $request)`
			`{`
Add user action logs 2023-09-01 14:24:10 +02:00			`Logger::log("Logout");`
Auth isn't working, random 419 errors everywhere 2023-09-04 01:39:29 +02:00
Improve auth process 2023-09-04 14:00:49 +02:00			`if(`
			`method_exists($request->user(), 'currentAccessToken') &&`
			`method_exists($request->user()->currentAccessToken(), 'delete')`
			`) {`
			`$request->user()->currentAccessToken()->delete();`
			`} else {`
			`auth()->guard('api')->logout();`
			`$request->session()->invalidate();`
			`$request->session()->regenerateToken();`
			`}`

			`return response()->json(null, 200);`
Fix auth backend and add TODOs 2023-02-23 00:23:56 +01:00			`}`

Add API Docs 2024-02-24 00:52:25 +01:00			`/**`
			`* Get current user info and global options (so they can be loaded on frontend without additional requests)`
			`*/`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`public function me(Request $request)`
			`{`
Add support for impersonation 2023-06-06 18:53:49 +02:00			`$impersonateManager = app('impersonate');`
Add new service place selection procedure 2024-02-23 00:27:22 +01:00
			`$options = Option::all(["name", "value", "type"]);`
			`//Cast the value to the correct type and remove type`
			`foreach($options as $option) {`
			`if($option->type == "boolean") {`
			`$option->value = boolval($option->value);`
			`} else if($option->type == "number") {`
			`$option->value = floatval($option->value);`
			`}`
			`unset($option->type);`
			`}`

Add some roles and permisssions 2023-06-06 00:27:34 +02:00			`return [`
			`...$request->user()->toArray(),`
			`"permissions" => array_map(function($p) {`
			`return $p["name"];`
			`}, $request->user()->allPermissions()->toArray()),`
Add support for impersonation 2023-06-06 18:53:49 +02:00			`"impersonating_user" => $impersonateManager->isImpersonating(),`
Add new service place selection procedure 2024-02-23 00:27:22 +01:00			`"impersonator_id" => $impersonateManager->getImpersonatorId(),`
			`"options" => $options`
Add some roles and permisssions 2023-06-06 00:27:34 +02:00			`];`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`}`
Add support for impersonation 2023-06-06 18:53:49 +02:00
Add API Docs 2024-02-24 00:52:25 +01:00			`/**`
			`* Impersonate another user`
			`*/`
Refactor impersonation functionality and handle error messages 2024-01-11 22:52:30 +01:00			`public function impersonate(Request $request, User $user)`
Add support for impersonation 2023-06-06 18:53:49 +02:00			`{`
Trying to improve auth 2023-09-04 01:09:53 +02:00			`$authUser = User::find($request->user()->id);`
			`if(!$authUser->canImpersonate()) {`
			`return response()->json([`
			`'message' => 'Unauthorized'`
			`], 401);`
			`}`

Refactor impersonation functionality and handle error messages 2024-01-11 22:52:30 +01:00			`//Check if can be impersonated`
			`if(!$user->canBeImpersonated()) {`
			`return response()->json([`
			`'message' => 'Unauthorized'`
			`], 401);`
			`}`

			`//Check if currently impersonating`
			`if(app('impersonate')->isImpersonating()) {`
			`return response()->json([`
			`'message' => 'Unauthorized'`
			`], 401);`
			`}`

Fix stop impersonating 2023-09-07 15:52:25 +02:00			`if(`
			`method_exists($request->user(), 'currentAccessToken') &&`
			`method_exists($request->user()->currentAccessToken(), 'delete')`
			`) {`
			`$request->user()->currentAccessToken()->delete();`
Fix session handling and token deletion during impersonation 2024-01-10 15:09:31 +01:00			`} else {`
			`auth()->guard('api')->logout();`
			`$request->session()->invalidate();`
			`$request->session()->regenerateToken();`
Fix stop impersonating 2023-09-07 15:52:25 +02:00			`}`

Refactor impersonation functionality and handle error messages 2024-01-11 22:52:30 +01:00			`$request->user()->impersonate($user);`
			`$token = $user->createToken('auth_token')->plainTextToken;`
Add support for impersonation 2023-06-06 18:53:49 +02:00
Refactor impersonation functionality and handle error messages 2024-01-11 22:52:30 +01:00			`Logger::log("Impersonato utente", $user, $authUser);`
Add logging for user impersonation 2024-01-10 15:21:57 +01:00
Add support for impersonation 2023-06-06 18:53:49 +02:00			`return response()->json([`
			`'access_token' => $token,`
			`'token_type' => 'Bearer',`
			`]);`
			`}`
Add new service place selection procedure 2024-02-23 00:27:22 +01:00
Add API Docs 2024-02-24 00:52:25 +01:00			`/**`
			`* Stop impersonating other user`
			`*/`
Add support for impersonation 2023-06-06 18:53:49 +02:00			`public function stopImpersonating(Request $request)`
			`{`
Fix stop impersonating 2023-09-07 15:52:25 +02:00			`$manager = app('impersonate');`

Fix session handling and token deletion during impersonation 2024-01-10 15:09:31 +01:00			`$impersonatorId = $manager->getImpersonatorId();`
Fix stop impersonating 2023-09-07 15:52:25 +02:00			`$manager->leave();`
Fix session handling and token deletion during impersonation 2024-01-10 15:09:31 +01:00			`$manager->clear();`
			`$impersonator = User::find($impersonatorId);`
Fix impersonation 2023-09-07 15:14:21 +02:00
Fix stop impersonating 2023-09-07 15:52:25 +02:00			`if(`
			`method_exists($request->user(), 'currentAccessToken') &&`
			`method_exists($request->user()->currentAccessToken(), 'delete')`
			`) {`
			`$request->user()->currentAccessToken()->delete();`
Fix session handling and token deletion during impersonation 2024-01-10 15:09:31 +01:00			`} else {`
			`auth()->guard('api')->logout();`
			`$request->session()->invalidate();`
			`$request->session()->regenerateToken();`
Fix stop impersonating 2023-09-07 15:52:25 +02:00			`}`
Fix impersonation 2023-09-07 15:14:21 +02:00
Fix session handling and token deletion during impersonation 2024-01-10 15:09:31 +01:00			`if($request->input('use_sessions', false)) {`
			`$request->session()->regenerate();`
			`auth()->guard('api')->login($impersonator);`
			`$token = null;`
			`} else {`
			`$token = $impersonator->createToken('auth_token')->plainTextToken;`
			`}`
Fix impersonation 2023-09-07 15:14:21 +02:00
			`return response()->json([`
			`'access_token' => $token,`
			`'token_type' => 'Bearer',`
			`]);`
Add support for impersonation 2023-06-06 18:53:49 +02:00			`}`
Fix stop impersonating 2023-09-07 15:52:25 +02:00
Add API Docs 2024-02-24 00:52:25 +01:00			`/**`
			`* Refresh token, if using sessions it will return a new session token`
			`*/`
Fix stop impersonating 2023-09-07 15:52:25 +02:00			`public function refreshToken(Request $request)`
			`{`
			`if(`
			`!method_exists($request->user(), 'currentAccessToken') \|\|`
			`!method_exists($request->user()->currentAccessToken(), 'delete')`
			`) return;`

			`$user = $request->user();`
			`$user->currentAccessToken()->delete();`
			`$token = $user->createToken('auth_token')->plainTextToken;`

			`return response()->json([`
			`'access_token' => $token,`
			`'token_type' => 'Bearer'`
			`]);`
			`}`
Laravel API server with auth PoC 2023-02-19 01:40:12 +01:00			`}`