Refactor Auth controllers : thicker, with Form requests & API resource

app/Http/Controllers/Auth/LoginController.php

@@ -31,7 +31,7 @@ class LoginController extends Controller
     /**
      * Handle a login request to the application.
      *
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\CaseInsensitiveLogin  $request
      * @return \Illuminate\Http\JsonResponse
      *
      * @throws \Illuminate\Validation\ValidationException
@@ -61,6 +61,21 @@ class LoginController extends Controller
         return $this->sendFailedLoginResponse($request);
     }
 
+
+    /**
+     * log out current user
+     * @param  Request $request
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function logout(Request $request)
+    {
+        $accessToken = Auth::user()->token();
+        $accessToken->revoke();
+
+        return response()->json(['message' => 'signed out'], Response::HTTP_OK);
+    }
+
+
     /**
      * Send the response after the user was authenticated.
      *
@@ -83,6 +98,7 @@ class LoginController extends Controller
         ], Response::HTTP_OK);
     }
 
+
     /**
      * Get the failed login response instance.
      *
@@ -93,6 +109,7 @@ class LoginController extends Controller
     {
         return response()->json(['message' => 'unauthorised'], Response::HTTP_UNAUTHORIZED);
     }
+    
 
     /**
      * Redirect the user after determining they are locked out.
@@ -109,6 +126,7 @@ class LoginController extends Controller
         return response()->json(['message' => Lang::get('auth.throttle', ['seconds' => $seconds])], Response::HTTP_TOO_MANY_REQUESTS);
     }
 
+
     /**
      * Get the needed authorization credentials from the request.
      *

app/Http/Controllers/Settings/PasswordController.php → app/Http/Controllers/Auth/PasswordController.php

@@ -1,8 +1,8 @@
 <?php
 
-namespace App\Http\Controllers\Settings;
+namespace App\Http\Controllers\Auth;
 
-use Illuminate\Http\Request;
+use App\Http\Requests\UserPatchPwdRequest;
 use App\Http\Controllers\Controller;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
@@ -13,23 +13,20 @@ class PasswordController extends Controller
     /**
      * Update the user's password.
      *
-     * @param  \Illuminate\Http\Request $request
+     * @param  \App\Http\Requests\UserPatchPwdRequest $request
      * @return \Illuminate\Http\Response
      */
-    public function update(Request $request)
+    public function update(UserPatchPwdRequest $request)
     {
-        $this->validate($request, [
-            'currentPassword' => 'required',
-            'password' => 'required|confirmed|min:8',
-        ]);
+        $validated = $request->validated();
 
-        if (!Hash::check( $request->currentPassword, Auth::user()->password) ) {
+        if (!Hash::check( $validated['currentPassword'], Auth::user()->password) ) {
             return response()->json(['message' => __('errors.wrong_current_password')], 400);
         }
 
-        if (!config('app.options.isDemoApp') ) {
+        if (!config('2fauth.config.isDemoApp') ) {
             $request->user()->update([
-                'password' => bcrypt($request->password),
+                'password' => bcrypt($validated['password']),
             ]);
         }
 

app/Http/Controllers/Auth/RegisterController.php

@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Auth;
 
 use App\User;
+use App\Http\Requests\UserStoreRequest;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\DB;
 use App\Http\Controllers\Controller;
@@ -10,6 +11,7 @@ use Illuminate\Support\Facades\Hash;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Foundation\Auth\RegistersUsers;
+use Illuminate\Validation\ValidationException;
 
 class RegisterController extends Controller
 {
@@ -25,44 +27,24 @@ class RegisterController extends Controller
     */
 
     use RegistersUsers;
-    
-    /**
-     * check if a user exists
-     * @param  Request $request [description]
-     * @return json
-     */
-    public function checkUser()
-    {
-        $user = DB::table('users')->first();
 
-        return response()->json(['username' => isset($user->name) ? $user->name : null], 200);
-    }
 
     /**
      * Handle a registration request for the application.
      *
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\UserStoreRequest  $request
      * @return \Illuminate\Http\JsonResponse
      */
-    public function register(Request $request)
+    public function register(UserStoreRequest $request)
     {
-        // check if a user already exists
-        if( DB::table('users')->count() > 0 ) {
-            // return response()->json(['message' => __('errors.already_one_user_registered')], 400);
-            throw \Illuminate\Validation\ValidationException::withMessages(['taken' => __('errors.already_one_user_registered')]);
-        }
-
-        $this->validator($request->all())->validate();
-
-        event(new Registered($user = $this->create($request->all())));
-
-        //$this->guard()->login($user);
+        $validated = $request->validated();
+        event(new Registered($user = $this->create($validated)));
 
         return response()->json([
             'message' => 'account created',
-            'token' => $user->createToken('MyApp')->accessToken,
+            'token' => $user->createToken('2FAuth')->accessToken,
             'name' => $user->name,
-        ]);
+        ], 201);
     }
 
 

app/Http/Controllers/Auth/UserController.php

@@ -0,0 +1,54 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\User;
+use App\Http\Requests\UserUpdateRequest;
+use App\Http\Resources\UserResource;
+use App\Http\Controllers\Controller;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
+
+class UserController extends Controller
+{
+    /**
+     * Get detailed information about a user
+     * 
+     * @return \App\Http\Resources\UserResource
+     */
+    public function show()
+    {
+        $user = User::first();
+
+        return $user
+            ? new UserResource($user)
+            : response()->json(['name' => null], 200);
+
+    }
+
+
+    /**
+     * Update the user's profile information.
+     *
+     * @param  \App\Http\Requests\UserUpdateRequest $request
+     * @return \App\Http\Resources\UserResource
+     */
+    public function update(UserUpdateRequest $request)
+    {
+        $user = $request->user();
+        $validated = $request->validated();
+
+        if (!Hash::check( $request->password, Auth::user()->password) ) {
+            return response()->json(['message' => __('errors.wrong_current_password')], 400);
+        }
+
+        if (!config('2fauth.config.isDemoApp') ) {
+            tap($user)->update([
+                'name' => $validated['name'],
+                'email' => $validated['email'],
+            ]);
+        }        
+
+        return new UserResource($user);
+    }
+}

app/Http/Controllers/Settings/AccountController.php

@@ -1,53 +0,0 @@
-<?php
-
-namespace App\Http\Controllers\Settings;
-
-use Illuminate\Http\Request;
-use App\Http\Controllers\Controller;
-use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Hash;
-
-class AccountController extends Controller
-{
-
-
-    /**
-     * get detailed information about a user
-     * @return [type] [description]
-     */
-    public function show()
-    {
-        return response()->json(Auth::user()->only('name', 'email'), 200);
-    }
-
-
-    /**
-     * Update the user's profile information.
-     *
-     * @param  \Illuminate\Http\Request $request
-     * @return \Illuminate\Http\Response
-     */
-    public function update(Request $request)
-    {
-        $user = $request->user();
-
-        $this->validate($request, [
-            'name' => 'required',
-            'email' => 'required|email|unique:users,email,'.Auth::id(),
-            'password' => 'required',
-        ]);
-
-        if (!Hash::check( $request->password, Auth::user()->password) ) {
-            return response()->json(['message' => __('errors.wrong_current_password')], 400);
-        }
-
-        if (!config('app.options.isDemoApp') ) {
-            tap($user)->update($request->only('name', 'email'));
-        }        
-
-        return response()->json([
-                'message' => __('auth.forms.profile_saved'),
-                'username' => $request->name
-            ]);
-    }
-}

app/Http/Controllers/TwoFAccountController.php

@@ -46,7 +46,7 @@ class TwoFAccountController extends Controller
     /**
      * List all resources
      *
-     * @return \App\Http\Resources\TwoFAccountReadResource
+     * @return \App\Http\Resources\TwoFAccountCollection
      */
     public function index(Request $request)
     {

app/Http/Requests/UserPatchPwdRequest.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class UserPatchPwdRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'currentPassword' => 'required',
+            'password' => 'required|string|min:8',
+        ];
+    }
+}

app/Http/Requests/UserStoreRequest.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class UserStoreRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'name'      => [new \App\Rules\FirstUser, 'required', 'string', 'max:255'],
+            'email'     => 'required|string|email|max:255',
+            'password'  => 'required|string|min:8|confirmed',
+        ];
+    }
+}

app/Http/Requests/UserUpdateRequest.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class UserUpdateRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'name' => 'required|string|max:255',
+            'email' => 'required|string|email|max:255',
+            'password' => 'required',
+        ];
+    }
+}

app/Http/Resources/UserResource.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Http\Resources;
+
+use Illuminate\Http\Resources\Json\JsonResource;
+use Illuminate\Support\Facades\Auth;
+
+class UserResource extends JsonResource
+{
+    /**
+     * Transform the resource into an array.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return array
+     */
+    public function toArray($request)
+    {
+        return [
+            'name'  => $this->name,
+            'email' => $this->when(Auth::guard('api')->user(), $this->email),
+        ];
+    }
+}

app/Rules/FirstUser.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace App\Rules;
+
+use Illuminate\Contracts\Validation\Rule;
+use Illuminate\Support\Facades\DB;
+
+class FirstUser implements Rule
+{
+    /**
+     * Create a new rule instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * Determine if the validation rule passes.
+     *
+     * @param  string  $attribute
+     * @param  mixed  $value
+     * @return bool
+     */
+    public function passes($attribute, $value)
+    {
+        return DB::table('users')->count() === 0 ? true : false;
+    }
+
+    /**
+     * Get the validation error message.
+     *
+     * @return string
+     */
+    public function message()
+    {
+        return trans('validation.custom.name.firstUser');
+    }
+}

resources/lang/en/errors.php

@@ -15,7 +15,6 @@ return [
 
     'resource_not_found' => 'Resource not found',
     'error_occured' => 'An error occured:',
-    'already_one_user_registered' => 'There is already a registered user.',
     'cannot_register_more_user' => 'You cannot register more than one user.',
     'refresh' => 'Refresh',
     'no_valid_otp' => 'No valid OTP resource in this QR code',

resources/lang/en/validation.php

@@ -162,6 +162,9 @@ return [
         'ids' => [
             'regex' => 'IDs must be comma separated, without trailing comma.',
         ],
+        'name' => [
+            'firstUser' => 'There is already a registered user',
+        ]
     ],
 
     /*

routes/api.php

@@ -15,33 +15,34 @@ use Illuminate\Http\Request;
 
 Route::group(['middleware' => 'guest:api'], function () {
 
-    Route::post('auth/login', 'Auth\LoginController@login');
-    Route::post('checkuser', 'Auth\RegisterController@checkUser');
-    Route::post('auth/register', 'Auth\RegisterController@register');
+    Route::post('user', 'Auth\RegisterController@register');
 
-    Route::post('password/email', 'Auth\ForgotPasswordController@sendResetLinkEmail')->middleware('AvoidResetPassword');
-    Route::post('password/reset', 'Auth\ResetPasswordController@reset')->name('password.reset');
+    Route::post('login', 'Auth\LoginController@login');
+
+    Route::get('user/name', 'Auth\UserController@show');
+    Route::post('user/password/lost', 'Auth\ForgotPasswordController@sendResetLinkEmail')->middleware('AvoidResetPassword');
+    Route::post('user/password/reset', 'Auth\ResetPasswordController@reset')->name('password.reset');
 
 });
 
 Route::group(['middleware' => 'auth:api'], function() {
 
-    Route::post('auth/logout', 'Auth\LoginController@logout');
+    Route::get('user', 'Auth\UserController@show');
+    Route::put('user', 'Auth\UserController@update');
+    Route::patch('user/password', 'Auth\PasswordController@update');
 
-    Route::get('settings/{name}', 'SettingController@show');
-    Route::get('settings', 'SettingController@index');
-    Route::post('settings', 'SettingController@store');
-    Route::put('settings/{name}', 'SettingController@update');
-    Route::delete('settings/{name}', 'SettingController@destroy');
+    Route::post('logout', 'Auth\LoginController@logout');
 
     // Route::prefix('settings')->group(function () {
         // Route::get('account', 'Settings\AccountController@show');
-        // Route::patch('account', 'Settings\AccountController@update');
-        // Route::patch('password', 'Settings\PasswordController@update');
         // Route::post('options', 'Settings\OptionController@store');
     // });
 
-
+    Route::get('settings/{name}', 'SettingController@show');
+    Route::get('settings', 'SettingController@index');
+    Route::post('settings', 'SettingController@store');
+    Route::put('settings/{name}', 'SettingController@update');
+    Route::delete('settings/{name}', 'SettingController@destroy');
 
     Route::delete('twofaccounts', 'TwoFAccountController@batchDestroy');
     Route::patch('twofaccounts/withdraw', 'TwoFAccountController@withdraw');
@@ -52,12 +53,13 @@ Route::group(['middleware' => 'auth:api'], function() {
     Route::get('twofaccounts/{id}/otp', 'TwoFAccountController@otp')->where('id', '[0-9]+');
     Route::post('twofaccounts/otp', 'TwoFAccountController@otp');
     Route::apiResource('twofaccounts', 'TwoFAccountController');
+
     Route::get('groups/{group}/twofaccounts', 'GroupController@accounts');
     Route::post('groups/{group}/assign', 'GroupController@assignAccounts');
     Route::apiResource('groups', 'GroupController');
 
-    // Done
     Route::post('qrcode/decode', 'QrCodeController@decode');
+
     Route::post('icons', 'IconController@upload');
     Route::delete('icons/{icon}', 'IconController@delete');