feature: update message for login feature

This commit is contained in:
antv
2026-07-06 21:02:52 +07:00
parent 7a964785c7
commit af529a4e81
12 changed files with 427 additions and 51 deletions
+38 -7
View File
@@ -14,7 +14,7 @@ class AuthController extends Controller
public function showLoginForm()
{
if (Auth::check()) {
if (Auth::check() && !session('dialog_first_login')) {
return redirect($this->authService->getRedirectRouteForUser(Auth::user()));
}
return view('login');
@@ -22,20 +22,51 @@ class AuthController extends Controller
public function login(Request $request)
{
$credentials = $request->validate([
// Custom validation check: treat all validation errors as "Invalid email/password"
$validator = \Illuminate\Support\Facades\Validator::make($request->all(), [
'mail' => 'required|email|max:255',
'password' => 'required|string|max:100',
]);
$result = $this->authService->attemptLogin($credentials, $request);
if (!$result['success']) {
if ($validator->fails()) {
return back()->withInput($request->only('mail'))->withErrors([
$result['error_key'] => $result['error_msg'],
'mail' => 'Thông tin đăng nhập không đúng. Vui lòng nhập lại',
]);
}
return redirect($this->authService->getRedirectRouteForUser($result['user']));
$credentials = $validator->validated();
$email = \Illuminate\Support\Str::lower($credentials['mail']);
$throttleKey = 'login-attempts:' . $email;
// Brute-force check (lock after 5 failed attempts)
if (\Illuminate\Support\Facades\RateLimiter::tooManyAttempts($throttleKey, 5)) {
return back()->withInput($request->only('mail'))->with('dialog_error_brute_force', 'Tài khoản của bạn tạm thời bị khóa do nhập sai mật khẩu quá 5 lần. Vui lòng thử lại sau 15 phút.');
}
$result = $this->authService->attemptLogin($credentials, $request);
if (!$result['success']) {
if ($result['error_key'] === 'permission') {
return back()->withInput($request->only('mail'))->with('dialog_error_permission', $result['error_msg']);
}
// For invalid password / email (counts towards brute-force attempts)
\Illuminate\Support\Facades\RateLimiter::hit($throttleKey, 900); // 15 minutes lockout
return back()->withInput($request->only('mail'))->withErrors([
'mail' => $result['error_msg'],
]);
}
// Clear rate limiter on success
\Illuminate\Support\Facades\RateLimiter::clear($throttleKey);
$user = $result['user'];
if ($user->first_login == \App\Models\User::FIRST_LOGIN_TRUE) {
return redirect()->route('login')->with('dialog_first_login', true);
}
return redirect($this->authService->getRedirectRouteForUser($user));
}
public function logout(Request $request)