refactoring the auth flow

Author: austintoddj

.github/workflows/tests.yml

@@ -15,7 +15,7 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        php: [7.3, 7.4]
+        php: [7.3, 7.4, 8.0]
         laravel: [^6.0, ^7.0, ^8.0]
         include:
           - laravel: ^6.0

composer.json

@@ -15,7 +15,7 @@
         }
     ],
     "require": {
-        "php": "^7.3",
+        "php": "^7.3|^8.0",
         "ext-json": "*",
         "laravel/framework": "^6.0|^7.0|^8.0"
     },

resources/views/auth/passwords/reset.blade.php

@@ -10,7 +10,7 @@
                 <form method="POST" action="{{ route('canvas.password.update') }}" class="w-100 my-auto">
                     @csrf
 
-                    <input type="hidden" name="token" value="{{ $token }}">
+                    <input type="hidden" name="token" value="{{ $request->route('token') }}">
 
                     <div class="form-group row">
                         <div class="col-12">

routes/web.php

@@ -1,8 +1,8 @@
 <?php
 
-use Canvas\Http\Controllers\Auth\ForgotPasswordController;
-use Canvas\Http\Controllers\Auth\LoginController;
-use Canvas\Http\Controllers\Auth\ResetPasswordController;
+use Canvas\Http\Controllers\Auth\AuthenticatedSessionController;
+use Canvas\Http\Controllers\Auth\NewPasswordController;
+use Canvas\Http\Controllers\Auth\PasswordResetLinkController;
 use Canvas\Http\Controllers\HomeController;
 use Canvas\Http\Controllers\PostController;
 use Canvas\Http\Controllers\SearchController;
@@ -17,19 +17,31 @@
 
 // Authentication routes...
 Route::namespace('Auth')->group(function () {
-    Route::prefix('login')->group(function () {
-        Route::get('/', 'LoginController@showLoginForm')->name('canvas.login');
-        Route::post('/', 'LoginController@login');
-    });
+    Route::get('login', [AuthenticatedSessionController::class, 'create'])
+         ->middleware('guest')
+         ->name('canvas.login');
 
-    Route::prefix('password')->group(function () {
-        Route::get('reset', [ForgotPasswordController::class, 'showLinkRequestForm'])->name('canvas.password.request');
-        Route::post('email', [ForgotPasswordController::class, 'sendResetLinkEmail'])->name('canvas.password.email');
-        Route::get('reset/{token}', [ResetPasswordController::class, 'showResetForm'])->name('canvas.password.reset');
-        Route::post('reset', [ResetPasswordController::class, 'reset'])->name('canvas.password.update');
-    });
+    Route::post('login', [AuthenticatedSessionController::class, 'store'])
+         ->middleware('guest');
+
+    Route::get('forgot-password', [PasswordResetLinkController::class, 'create'])
+         ->middleware('guest')
+         ->name('canvas.password.request');
+
+    Route::post('forgot-password', [PasswordResetLinkController::class, 'store'])
+         ->middleware(['guest'])
+         ->name('canvas.password.email');
+
+    Route::get('reset-password/{token}', [NewPasswordController::class, 'create'])
+         ->middleware(['guest'])
+         ->name('canvas.password.reset');
+
+    Route::post('reset-password', [NewPasswordController::class, 'store'])
+         ->middleware(['guest'])
+         ->name('canvas.password.update');
 
-    Route::get('logout', [LoginController::class, 'logout'])->name('canvas.logout');
+    Route::get('logout', [AuthenticatedSessionController::class, 'destroy'])
+         ->name('canvas.logout');
 });
 
 // API routes...
@@ -89,5 +101,7 @@
     });
 
     // Catch-all route...
-    Route::get('/{view?}', [HomeController::class, 'index'])->where('view', '(.*)')->name('canvas');
+    Route::get('/{view?}', [HomeController::class, 'index'])
+         ->where('view', '(.*)')
+         ->name('canvas');
 });

src/Http/Controllers/Auth/AuthenticatedSessionController.php

@@ -0,0 +1,59 @@
+<?php
+
+namespace Canvas\Http\Controllers\Auth;
+
+use Illuminate\Contracts\Foundation\Application;
+use Illuminate\Contracts\View\Factory;
+use Illuminate\Contracts\View\View;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Routing\Controller;
+use Canvas\Http\Requests\LoginRequest;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Validation\ValidationException;
+
+class AuthenticatedSessionController extends Controller
+{
+    /**
+     * Display the login view.
+     *
+     * @return Application|Factory|View
+     */
+    public function create()
+    {
+        return view('canvas::auth.login');
+    }
+
+    /**
+     * Handle an incoming authentication request.
+     *
+     * @param LoginRequest $request
+     * @return RedirectResponse
+     * @throws ValidationException
+     */
+    public function store(LoginRequest $request)
+    {
+        $request->authenticate();
+
+        $request->session()->regenerate();
+
+        return redirect()->route('canvas');
+    }
+
+    /**
+     * Destroy an authenticated session.
+     *
+     * @param Request $request
+     * @return RedirectResponse
+     */
+    public function destroy(Request $request)
+    {
+        Auth::guard('canvas')->logout();
+
+        $request->session()->invalidate();
+
+        $request->session()->regenerateToken();
+
+        return redirect()->route('canvas.login');
+    }
+}

src/Http/Controllers/Auth/LoginController.php

@@ -0,0 +1,77 @@
+<?php
+
+namespace Canvas\Http\Controllers\Auth;
+
+use Canvas\Models\User;
+use Exception;
+use Illuminate\Contracts\Foundation\Application;
+use Illuminate\Contracts\View\Factory;
+use Illuminate\Contracts\View\View;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Routing\Controller;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Str;
+use Throwable;
+
+class NewPasswordController extends Controller
+{
+    /**
+     * Display the password reset view.
+     *
+     * @param Request $request
+     * @return Application|Factory|View
+     */
+    public function create(Request $request)
+    {
+        return view('canvas::auth.passwords.reset')->with([
+                'request' => $request,
+            ]
+        );
+    }
+
+    /**
+     * Handle an incoming new password request.
+     *
+     * @param Request $request
+     * @return RedirectResponse
+     *
+     * @throws Exception
+     */
+    public function store(Request $request)
+    {
+        $request->validate([
+            'token' => 'required',
+            'email' => 'required|email',
+            'password' => 'required|confirmed|min:8',
+        ]);
+
+        try {
+
+            [$id, $token] = explode('|', decrypt($request->token));
+
+            $user = User::findOrFail($id);
+
+            // Here we will attempt to reset the user's password. If it is successful we
+            // will update the password on an actual user model and persist it to the
+            // database. Otherwise we will parse the error and return the response.
+            $user->password = Hash::make($request->password);
+
+            $user->setRememberToken(Str::random(60));
+
+            $user->save();
+
+            Auth::guard('canvas')->login($user);
+        } catch (Throwable $e) {
+            return redirect()->route('canvas.password.request')->with('invalidResetToken', 'Invalid token');
+        }
+
+        cache()->forget("password.reset.{$id}");
+
+        // If the password was successfully reset, we will redirect the user back to
+        // the application's home authenticated view. If there is an error we can
+        // redirect them back to where they came from with their error message.
+        return redirect()->route('canvas');
+    }
+}