listen ansichten verbessert
This commit is contained in:
@@ -9,11 +9,11 @@ use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
|
||||
if (!empty($_SESSION['user']['id'])) {
|
||||
if (Flash::has()) {
|
||||
Flash::keep();
|
||||
}
|
||||
Router::redirect("admin");
|
||||
return;
|
||||
if (Flash::has()) {
|
||||
Flash::keep();
|
||||
}
|
||||
Router::redirect("admin");
|
||||
return;
|
||||
}
|
||||
|
||||
$tenantHint = trim((string) (requestInput()->queryAll()['tenant'] ?? requestInput()->bodyAll()['tenant_hint'] ?? ''));
|
||||
@@ -26,13 +26,13 @@ $selectedTenant = null;
|
||||
$selectedTenantMethods = ['local' => false, 'microsoft' => false, 'microsoft_reason' => ''];
|
||||
$errorBag = formErrors();
|
||||
$setLoginWarning = static function (string $message) use ($errorBag): void {
|
||||
$errorBag->addGlobal($message);
|
||||
$errorBag->addGlobal($message);
|
||||
};
|
||||
$setRateLimitWarning = static function (int $retryAfterSeconds) use ($setLoginWarning): void {
|
||||
$retryAfterSeconds = max(1, $retryAfterSeconds);
|
||||
http_response_code(429);
|
||||
header('Retry-After: ' . $retryAfterSeconds);
|
||||
$setLoginWarning(t('Too many login attempts. Please wait and try again.'));
|
||||
$retryAfterSeconds = max(1, $retryAfterSeconds);
|
||||
http_response_code(429);
|
||||
header('Retry-After: ' . $retryAfterSeconds);
|
||||
$setLoginWarning(t('Too many login attempts. Please wait and try again.'));
|
||||
};
|
||||
$rateLimiterService = (app(SecurityServicesFactory::class))->createRateLimiterService();
|
||||
|
||||
@@ -55,271 +55,271 @@ $userReadRepository = $userServicesFactory->createUserReadRepository();
|
||||
$userTenantContextService = $userServicesFactory->createUserTenantContextService();
|
||||
|
||||
$resolveLoginCandidates = static function (string $inputEmail) use ($userReadRepository, $userTenantContextService, $tenantSsoService, $tenantAvatarService): array {
|
||||
$emailValue = strtolower(trim($inputEmail));
|
||||
if ($emailValue === '' || !filter_var($emailValue, FILTER_VALIDATE_EMAIL)) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
|
||||
$user = $userReadRepository->findByEmail($emailValue);
|
||||
if (!$user || (int) ($user['active'] ?? 0) !== 1) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
|
||||
$userId = (int) ($user['id'] ?? 0);
|
||||
if ($userId <= 0) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
|
||||
$tenants = $userTenantContextService->getAssignedActiveTenants($userId);
|
||||
if (!$tenants) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
|
||||
$candidates = [];
|
||||
$candidateById = [];
|
||||
foreach ($tenants as $tenant) {
|
||||
$tenantId = (int) ($tenant['id'] ?? 0);
|
||||
if ($tenantId <= 0) {
|
||||
continue;
|
||||
$emailValue = strtolower(trim($inputEmail));
|
||||
if ($emailValue === '' || !filter_var($emailValue, FILTER_VALIDATE_EMAIL)) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
$tenantSlug = $tenantSsoService->tenantLoginSlug($tenant);
|
||||
if ($tenantSlug === '') {
|
||||
continue;
|
||||
|
||||
$user = $userReadRepository->findByEmail($emailValue);
|
||||
if (!$user || (int) ($user['active'] ?? 0) !== 1) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
$methods = $tenantSsoService->resolveTenantLoginMethods($tenantId);
|
||||
$tenantUuid = (string) ($tenant['uuid'] ?? '');
|
||||
$hasAvatar = $tenantUuid !== '' && $tenantAvatarService->hasAvatar($tenantUuid);
|
||||
$candidate = [
|
||||
'id' => $tenantId,
|
||||
'uuid' => $tenantUuid,
|
||||
'description' => (string) ($tenant['description'] ?? ''),
|
||||
'slug' => $tenantSlug,
|
||||
'has_avatar' => $hasAvatar,
|
||||
'avatar_url' => $hasAvatar
|
||||
? lurl('auth/tenant-avatar-file?uuid=' . rawurlencode($tenantUuid) . '&size=256')
|
||||
: '',
|
||||
'methods' => $methods,
|
||||
|
||||
$userId = (int) ($user['id'] ?? 0);
|
||||
if ($userId <= 0) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
|
||||
$tenants = $userTenantContextService->getAssignedActiveTenants($userId);
|
||||
if (!$tenants) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
|
||||
$candidates = [];
|
||||
$candidateById = [];
|
||||
foreach ($tenants as $tenant) {
|
||||
$tenantId = (int) ($tenant['id'] ?? 0);
|
||||
if ($tenantId <= 0) {
|
||||
continue;
|
||||
}
|
||||
$tenantSlug = $tenantSsoService->tenantLoginSlug($tenant);
|
||||
if ($tenantSlug === '') {
|
||||
continue;
|
||||
}
|
||||
$methods = $tenantSsoService->resolveTenantLoginMethods($tenantId);
|
||||
$tenantUuid = (string) ($tenant['uuid'] ?? '');
|
||||
$hasAvatar = $tenantUuid !== '' && $tenantAvatarService->hasAvatar($tenantUuid);
|
||||
$candidate = [
|
||||
'id' => $tenantId,
|
||||
'uuid' => $tenantUuid,
|
||||
'description' => (string) ($tenant['description'] ?? ''),
|
||||
'slug' => $tenantSlug,
|
||||
'has_avatar' => $hasAvatar,
|
||||
'avatar_url' => $hasAvatar
|
||||
? lurl('auth/tenant-avatar-file?uuid=' . rawurlencode($tenantUuid) . '&size=256')
|
||||
: '',
|
||||
'methods' => $methods,
|
||||
];
|
||||
$candidates[] = $candidate;
|
||||
$candidateById[$tenantId] = $candidate;
|
||||
}
|
||||
|
||||
if (!$candidates) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
|
||||
return [
|
||||
'ok' => true,
|
||||
'email' => $emailValue,
|
||||
'user' => $user,
|
||||
'candidates' => $candidates,
|
||||
'candidate_by_id' => $candidateById,
|
||||
];
|
||||
$candidates[] = $candidate;
|
||||
$candidateById[$tenantId] = $candidate;
|
||||
}
|
||||
|
||||
if (!$candidates) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
|
||||
return [
|
||||
'ok' => true,
|
||||
'email' => $emailValue,
|
||||
'user' => $user,
|
||||
'candidates' => $candidates,
|
||||
'candidate_by_id' => $candidateById,
|
||||
];
|
||||
};
|
||||
|
||||
$resolveSelectedTenantId = static function (array $candidateByIdValue, int $requestedTenantIdValue, string $tenantHintValue): int {
|
||||
if ($requestedTenantIdValue > 0 && isset($candidateByIdValue[$requestedTenantIdValue])) {
|
||||
return $requestedTenantIdValue;
|
||||
}
|
||||
|
||||
$hint = trim(strtolower($tenantHintValue));
|
||||
if ($hint !== '') {
|
||||
foreach ($candidateByIdValue as $candidate) {
|
||||
$candidateSlug = strtolower((string) ($candidate['slug'] ?? ''));
|
||||
if ($candidateSlug !== '' && $candidateSlug === $hint) {
|
||||
return (int) ($candidate['id'] ?? 0);
|
||||
}
|
||||
if ($requestedTenantIdValue > 0 && isset($candidateByIdValue[$requestedTenantIdValue])) {
|
||||
return $requestedTenantIdValue;
|
||||
}
|
||||
}
|
||||
|
||||
$first = reset($candidateByIdValue);
|
||||
if (!is_array($first)) {
|
||||
return 0;
|
||||
}
|
||||
return (int) ($first['id'] ?? 0);
|
||||
$hint = trim(strtolower($tenantHintValue));
|
||||
if ($hint !== '') {
|
||||
foreach ($candidateByIdValue as $candidate) {
|
||||
$candidateSlug = strtolower((string) ($candidate['slug'] ?? ''));
|
||||
if ($candidateSlug !== '' && $candidateSlug === $hint) {
|
||||
return (int) ($candidate['id'] ?? 0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$first = reset($candidateByIdValue);
|
||||
if (!is_array($first)) {
|
||||
return 0;
|
||||
}
|
||||
return (int) ($first['id'] ?? 0);
|
||||
};
|
||||
|
||||
if (requestInput()->method() === 'POST') {
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
$stage = 'resolve_email';
|
||||
} else {
|
||||
$postedStage = trim((string) (requestInput()->bodyAll()['stage'] ?? 'resolve_email'));
|
||||
$email = trim((string) (requestInput()->bodyAll()['email'] ?? ''));
|
||||
$clientIp = trim((string) ($_SERVER['REMOTE_ADDR'] ?? ''));
|
||||
if ($clientIp === '') {
|
||||
$clientIp = 'unknown';
|
||||
}
|
||||
|
||||
if ($postedStage === 'reset') {
|
||||
$email = '';
|
||||
$stage = 'resolve_email';
|
||||
} else {
|
||||
if ($postedStage === 'resolve_email') {
|
||||
$resolveLimitResult = $rateLimiterService->isBlocked($loginResolveScope, $clientIp);
|
||||
if (!($resolveLimitResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($resolveLimitResult['retry_after'] ?? 60));
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
$resolved = $resolveLoginCandidates($email);
|
||||
if (!$resolved['ok']) {
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
$stage = 'resolve_email';
|
||||
$setLoginWarning(t('We could not continue with these login details'));
|
||||
if ($postedStage === 'resolve_email') {
|
||||
$resolveFailureResult = $rateLimiterService->registerFailure(
|
||||
$loginResolveScope,
|
||||
$clientIp,
|
||||
$loginResolveLimit,
|
||||
$loginResolveWindow,
|
||||
$loginResolveBlock
|
||||
);
|
||||
if (!($resolveFailureResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($resolveFailureResult['retry_after'] ?? $loginResolveBlock));
|
||||
}
|
||||
} else {
|
||||
$postedStage = trim((string) (requestInput()->bodyAll()['stage'] ?? 'resolve_email'));
|
||||
$email = trim((string) (requestInput()->bodyAll()['email'] ?? ''));
|
||||
$clientIp = trim((string) ($_SERVER['REMOTE_ADDR'] ?? ''));
|
||||
if ($clientIp === '') {
|
||||
$clientIp = 'unknown';
|
||||
}
|
||||
} else {
|
||||
$email = (string) $resolved['email'];
|
||||
$tenantCandidates = $resolved['candidates'];
|
||||
$tenantCandidateById = $resolved['candidate_by_id'];
|
||||
$postedTenantId = (int) (requestInput()->bodyAll()['tenant_id'] ?? 0);
|
||||
|
||||
if (in_array($postedStage, ['choose_tenant', 'login_password'], true)
|
||||
&& ($postedTenantId <= 0 || !isset($tenantCandidateById[$postedTenantId]))) {
|
||||
$stage = 'choose_tenant';
|
||||
$setLoginWarning(t('We could not continue with these login details'));
|
||||
$selectedTenantId = $resolveSelectedTenantId(
|
||||
$tenantCandidateById,
|
||||
0,
|
||||
trim((string) (requestInput()->bodyAll()['tenant_hint'] ?? $tenantHint))
|
||||
);
|
||||
$selectedTenant = $tenantCandidateById[$selectedTenantId] ?? null;
|
||||
$selectedTenantMethods = is_array($selectedTenant['methods'] ?? null)
|
||||
? $selectedTenant['methods']
|
||||
: $selectedTenantMethods;
|
||||
} else {
|
||||
$selectedTenantId = $resolveSelectedTenantId(
|
||||
$tenantCandidateById,
|
||||
$postedTenantId,
|
||||
trim((string) (requestInput()->bodyAll()['tenant_hint'] ?? $tenantHint))
|
||||
);
|
||||
$selectedTenant = $tenantCandidateById[$selectedTenantId] ?? null;
|
||||
if (!is_array($selectedTenant)) {
|
||||
if ($postedStage === 'reset') {
|
||||
$email = '';
|
||||
$stage = 'resolve_email';
|
||||
$setLoginWarning(t('We could not continue with these login details'));
|
||||
} else {
|
||||
$selectedTenantMethods = $selectedTenant['methods'];
|
||||
$selectedTenantSlug = trim((string) $selectedTenant['slug']);
|
||||
$isMicrosoftOnlyTenant = empty($selectedTenantMethods['local'])
|
||||
&& !empty($selectedTenantMethods['microsoft'])
|
||||
&& $selectedTenantSlug !== '';
|
||||
|
||||
if (
|
||||
$postedStage === 'resolve_email'
|
||||
&& count($tenantCandidates) === 1
|
||||
&& $isMicrosoftOnlyTenant
|
||||
) {
|
||||
Router::redirect('auth/microsoft/start?tenant=' . rawurlencode($selectedTenantSlug));
|
||||
return;
|
||||
}
|
||||
|
||||
if (
|
||||
$postedStage === 'choose_tenant'
|
||||
&& $isMicrosoftOnlyTenant
|
||||
) {
|
||||
Router::redirect('auth/microsoft/start?tenant=' . rawurlencode($selectedTenantSlug));
|
||||
return;
|
||||
}
|
||||
|
||||
} else {
|
||||
if ($postedStage === 'resolve_email') {
|
||||
$stage = count($tenantCandidates) === 1 ? 'methods' : 'choose_tenant';
|
||||
} elseif ($postedStage === 'choose_tenant') {
|
||||
$stage = 'methods';
|
||||
} elseif ($postedStage === 'login_password') {
|
||||
$stage = 'methods';
|
||||
$passwordAttemptKey = strtolower(trim($email)) . '|' . $clientIp;
|
||||
$passwordLimitResult = $rateLimiterService->isBlocked($loginPasswordScope, $passwordAttemptKey);
|
||||
if (!($passwordLimitResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($passwordLimitResult['retry_after'] ?? 60));
|
||||
return;
|
||||
}
|
||||
|
||||
if (empty($selectedTenantMethods['local'])) {
|
||||
$setLoginWarning(t('Password login is disabled for this tenant. Please use Microsoft login.'));
|
||||
} else {
|
||||
$password = (string) (requestInput()->bodyAll()['password'] ?? '');
|
||||
$remember = !empty(requestInput()->bodyAll()['remember']);
|
||||
$result = $authService->login($email, $password);
|
||||
if (!($result['ok'] ?? false)) {
|
||||
if (!empty($result['needs_verification'])) {
|
||||
$_SESSION['email_verification_email'] = $result['email'] ?? $email;
|
||||
Flash::error(t('Please verify your email first'), 'verify-email', 'login_not_verified');
|
||||
Router::redirect('verify-email');
|
||||
$resolveLimitResult = $rateLimiterService->isBlocked($loginResolveScope, $clientIp);
|
||||
if (!($resolveLimitResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($resolveLimitResult['retry_after'] ?? 60));
|
||||
return;
|
||||
}
|
||||
$setLoginWarning(t((string) ($result['message'] ?? 'Email/password not valid')));
|
||||
$passwordFailureResult = $rateLimiterService->registerFailure(
|
||||
$loginPasswordScope,
|
||||
$passwordAttemptKey,
|
||||
$loginPasswordLimit,
|
||||
$loginPasswordWindow,
|
||||
$loginPasswordBlock
|
||||
);
|
||||
if (!($passwordFailureResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock));
|
||||
}
|
||||
} else {
|
||||
$userId = (int) ($_SESSION['user']['id'] ?? 0);
|
||||
if ($userId <= 0 || !$authService->canLoginToTenant($userId, $selectedTenantId)) {
|
||||
$authService->logout();
|
||||
$setLoginWarning(t('No access to this tenant'));
|
||||
$passwordFailureResult = $rateLimiterService->registerFailure(
|
||||
$loginPasswordScope,
|
||||
$passwordAttemptKey,
|
||||
$loginPasswordLimit,
|
||||
$loginPasswordWindow,
|
||||
$loginPasswordBlock
|
||||
);
|
||||
if (!($passwordFailureResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock));
|
||||
}
|
||||
} else {
|
||||
$setTenant = $userTenantContextService->setCurrentTenant($userId, $selectedTenantId);
|
||||
if (!($setTenant['ok'] ?? false)) {
|
||||
$authService->logout();
|
||||
$setLoginWarning(t('No access to this tenant'));
|
||||
$passwordFailureResult = $rateLimiterService->registerFailure(
|
||||
$loginPasswordScope,
|
||||
$passwordAttemptKey,
|
||||
$loginPasswordLimit,
|
||||
$loginPasswordWindow,
|
||||
$loginPasswordBlock
|
||||
);
|
||||
if (!($passwordFailureResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock));
|
||||
}
|
||||
} else {
|
||||
$rateLimiterService->reset($loginPasswordScope, $passwordAttemptKey);
|
||||
$authService->loadTenantDataIntoSession($userId);
|
||||
if ($remember) {
|
||||
$rememberMeService->rememberUser($userId);
|
||||
}
|
||||
Router::redirect('admin');
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$stage = 'resolve_email';
|
||||
$setLoginWarning(t('We could not continue with these login details'));
|
||||
}
|
||||
}
|
||||
|
||||
$resolved = $resolveLoginCandidates($email);
|
||||
if (!$resolved['ok']) {
|
||||
$stage = 'resolve_email';
|
||||
$setLoginWarning(t('We could not continue with these login details'));
|
||||
if ($postedStage === 'resolve_email') {
|
||||
$resolveFailureResult = $rateLimiterService->registerFailure(
|
||||
$loginResolveScope,
|
||||
$clientIp,
|
||||
$loginResolveLimit,
|
||||
$loginResolveWindow,
|
||||
$loginResolveBlock
|
||||
);
|
||||
if (!($resolveFailureResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($resolveFailureResult['retry_after'] ?? $loginResolveBlock));
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$email = (string) $resolved['email'];
|
||||
$tenantCandidates = $resolved['candidates'];
|
||||
$tenantCandidateById = $resolved['candidate_by_id'];
|
||||
$postedTenantId = (int) (requestInput()->bodyAll()['tenant_id'] ?? 0);
|
||||
|
||||
if (in_array($postedStage, ['choose_tenant', 'login_password'], true)
|
||||
&& ($postedTenantId <= 0 || !isset($tenantCandidateById[$postedTenantId]))) {
|
||||
$stage = 'choose_tenant';
|
||||
$setLoginWarning(t('We could not continue with these login details'));
|
||||
$selectedTenantId = $resolveSelectedTenantId(
|
||||
$tenantCandidateById,
|
||||
0,
|
||||
trim((string) (requestInput()->bodyAll()['tenant_hint'] ?? $tenantHint))
|
||||
);
|
||||
$selectedTenant = $tenantCandidateById[$selectedTenantId] ?? null;
|
||||
$selectedTenantMethods = is_array($selectedTenant['methods'] ?? null)
|
||||
? $selectedTenant['methods']
|
||||
: $selectedTenantMethods;
|
||||
} else {
|
||||
$selectedTenantId = $resolveSelectedTenantId(
|
||||
$tenantCandidateById,
|
||||
$postedTenantId,
|
||||
trim((string) (requestInput()->bodyAll()['tenant_hint'] ?? $tenantHint))
|
||||
);
|
||||
$selectedTenant = $tenantCandidateById[$selectedTenantId] ?? null;
|
||||
if (!is_array($selectedTenant)) {
|
||||
$stage = 'resolve_email';
|
||||
$setLoginWarning(t('We could not continue with these login details'));
|
||||
} else {
|
||||
$selectedTenantMethods = $selectedTenant['methods'];
|
||||
$selectedTenantSlug = trim((string) $selectedTenant['slug']);
|
||||
$isMicrosoftOnlyTenant = empty($selectedTenantMethods['local'])
|
||||
&& !empty($selectedTenantMethods['microsoft'])
|
||||
&& $selectedTenantSlug !== '';
|
||||
|
||||
if (
|
||||
$postedStage === 'resolve_email'
|
||||
&& count($tenantCandidates) === 1
|
||||
&& $isMicrosoftOnlyTenant
|
||||
) {
|
||||
Router::redirect('auth/microsoft/start?tenant=' . rawurlencode($selectedTenantSlug));
|
||||
return;
|
||||
}
|
||||
|
||||
if (
|
||||
$postedStage === 'choose_tenant'
|
||||
&& $isMicrosoftOnlyTenant
|
||||
) {
|
||||
Router::redirect('auth/microsoft/start?tenant=' . rawurlencode($selectedTenantSlug));
|
||||
return;
|
||||
}
|
||||
|
||||
if ($postedStage === 'resolve_email') {
|
||||
$stage = count($tenantCandidates) === 1 ? 'methods' : 'choose_tenant';
|
||||
} elseif ($postedStage === 'choose_tenant') {
|
||||
$stage = 'methods';
|
||||
} elseif ($postedStage === 'login_password') {
|
||||
$stage = 'methods';
|
||||
$passwordAttemptKey = strtolower(trim($email)) . '|' . $clientIp;
|
||||
$passwordLimitResult = $rateLimiterService->isBlocked($loginPasswordScope, $passwordAttemptKey);
|
||||
if (!($passwordLimitResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($passwordLimitResult['retry_after'] ?? 60));
|
||||
return;
|
||||
}
|
||||
|
||||
if (empty($selectedTenantMethods['local'])) {
|
||||
$setLoginWarning(t('Password login is disabled for this tenant. Please use Microsoft login.'));
|
||||
} else {
|
||||
$password = (string) (requestInput()->bodyAll()['password'] ?? '');
|
||||
$remember = !empty(requestInput()->bodyAll()['remember']);
|
||||
$result = $authService->login($email, $password);
|
||||
if (!($result['ok'] ?? false)) {
|
||||
if (!empty($result['needs_verification'])) {
|
||||
$_SESSION['email_verification_email'] = $result['email'] ?? $email;
|
||||
Flash::error(t('Please verify your email first'), 'verify-email', 'login_not_verified');
|
||||
Router::redirect('verify-email');
|
||||
return;
|
||||
}
|
||||
$setLoginWarning(t((string) ($result['message'] ?? 'Email/password not valid')));
|
||||
$passwordFailureResult = $rateLimiterService->registerFailure(
|
||||
$loginPasswordScope,
|
||||
$passwordAttemptKey,
|
||||
$loginPasswordLimit,
|
||||
$loginPasswordWindow,
|
||||
$loginPasswordBlock
|
||||
);
|
||||
if (!($passwordFailureResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock));
|
||||
}
|
||||
} else {
|
||||
$userId = (int) ($_SESSION['user']['id'] ?? 0);
|
||||
if ($userId <= 0 || !$authService->canLoginToTenant($userId, $selectedTenantId)) {
|
||||
$authService->logout();
|
||||
$setLoginWarning(t('No access to this tenant'));
|
||||
$passwordFailureResult = $rateLimiterService->registerFailure(
|
||||
$loginPasswordScope,
|
||||
$passwordAttemptKey,
|
||||
$loginPasswordLimit,
|
||||
$loginPasswordWindow,
|
||||
$loginPasswordBlock
|
||||
);
|
||||
if (!($passwordFailureResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock));
|
||||
}
|
||||
} else {
|
||||
$setTenant = $userTenantContextService->setCurrentTenant($userId, $selectedTenantId);
|
||||
if (!($setTenant['ok'] ?? false)) {
|
||||
$authService->logout();
|
||||
$setLoginWarning(t('No access to this tenant'));
|
||||
$passwordFailureResult = $rateLimiterService->registerFailure(
|
||||
$loginPasswordScope,
|
||||
$passwordAttemptKey,
|
||||
$loginPasswordLimit,
|
||||
$loginPasswordWindow,
|
||||
$loginPasswordBlock
|
||||
);
|
||||
if (!($passwordFailureResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock));
|
||||
}
|
||||
} else {
|
||||
$rateLimiterService->reset($loginPasswordScope, $passwordAttemptKey);
|
||||
$authService->loadTenantDataIntoSession($userId);
|
||||
if ($remember) {
|
||||
$rememberMeService->rememberUser($userId);
|
||||
}
|
||||
Router::redirect('admin');
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$stage = 'resolve_email';
|
||||
$setLoginWarning(t('We could not continue with these login details'));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$errors = $errorBag->toFlatList();
|
||||
|
||||
@@ -8,34 +8,34 @@ use MintyPHP\Support\Flash;
|
||||
$request = requestInput();
|
||||
$error = false;
|
||||
if (!allowRegistration()) {
|
||||
Flash::error(t('Registration is currently disabled'), 'login', 'registration_disabled');
|
||||
Router::redirect('login');
|
||||
Flash::error(t('Registration is currently disabled'), 'login', 'registration_disabled');
|
||||
Router::redirect('login');
|
||||
}
|
||||
|
||||
if ($request->hasBody('email')) {
|
||||
$authService = (app(AuthServicesFactory::class))->createAuthService();
|
||||
$firstName = $request->bodyString('first_name');
|
||||
$lastName = $request->bodyString('last_name');
|
||||
$email = $request->bodyString('email');
|
||||
$password = (string) $request->body('password', '');
|
||||
$password2 = (string) $request->body('password2', '');
|
||||
$authService = (app(AuthServicesFactory::class))->createAuthService();
|
||||
$firstName = $request->bodyString('first_name');
|
||||
$lastName = $request->bodyString('last_name');
|
||||
$email = $request->bodyString('email');
|
||||
$password = (string) $request->body('password', '');
|
||||
$password2 = (string) $request->body('password2', '');
|
||||
|
||||
$result = $authService->register([
|
||||
'first_name' => $firstName,
|
||||
'last_name' => $lastName,
|
||||
'email' => $email,
|
||||
'password' => $password,
|
||||
'password2' => $password2,
|
||||
]);
|
||||
$result = $authService->register([
|
||||
'first_name' => $firstName,
|
||||
'last_name' => $lastName,
|
||||
'email' => $email,
|
||||
'password' => $password,
|
||||
'password2' => $password2,
|
||||
]);
|
||||
|
||||
if (!($result['ok'] ?? false)) {
|
||||
$error = $result['error'] ?? t('User can not be registered');
|
||||
} else {
|
||||
// Store email in session for verify-email page
|
||||
$_SESSION['email_verification_email'] = $result['email'] ?? $email;
|
||||
Flash::success(t('Registration successful! Please check your email for the verification code.'), 'verify-email', 'registration_success');
|
||||
Router::redirect('verify-email');
|
||||
}
|
||||
if (!($result['ok'] ?? false)) {
|
||||
$error = $result['error'] ?? t('User can not be registered');
|
||||
} else {
|
||||
// Store email in session for verify-email page
|
||||
$_SESSION['email_verification_email'] = $result['email'] ?? $email;
|
||||
Flash::success(t('Registration successful! Please check your email for the verification code.'), 'verify-email', 'registration_success');
|
||||
Router::redirect('verify-email');
|
||||
}
|
||||
}
|
||||
|
||||
$userPasswordPolicyService = (app(UserServicesFactory::class))->createUserPasswordPolicyService();
|
||||
|
||||
Reference in New Issue
Block a user