Fix authentication handler

Check email & password before token to handle case where email is
invalid.
This commit is contained in:
Dane Everitt 2015-12-13 21:30:57 -05:00
parent 9c9d33c127
commit 5955b1453c

View file

@ -115,13 +115,31 @@ class AuthController extends Controller
return $this->sendLockoutResponse($request); return $this->sendLockoutResponse($request);
} }
// Is the email & password valid?
if (!Auth::attempt([
'email' => $request->input('email'),
'password' => $request->input('password')
], $request->has('remember'))) {
if ($throttled) {
$this->incrementLoginAttempts($request);
}
return redirect()->route('auth.login')->withInput($request->only('email', 'remember'))->withErrors([
'email' => $this->getFailedLoginMessage(),
]);
}
$G2FA = new Google2FA(); $G2FA = new Google2FA();
$user = User::select('use_totp', 'totp_secret')->where('email', $request->input($this->loginUsername()))->first(); $user = User::select('use_totp', 'totp_secret')->where('email', $request->input('email'))->first();
// Verify TOTP Token was Valid // Verify TOTP Token was Valid
if($user->use_totp === 1) { if($user->use_totp === 1) {
if(!$G2FA->verifyKey($user->totp_secret, $request->input('totp_token'))) { if(!$G2FA->verifyKey($user->totp_secret, $request->input('totp_token'))) {
Auth::logout();
if ($throttled) { if ($throttled) {
$this->incrementLoginAttempts($request); $this->incrementLoginAttempts($request);
} }
@ -132,23 +150,8 @@ class AuthController extends Controller
} }
} }
// Attempt to Login return $this->handleUserWasAuthenticated($request, $throttled);
if (Auth::attempt([
'email' => $request->input('email'),
'password' => $request->input('password')
], $request->has('remember'))) {
return $this->handleUserWasAuthenticated($request, $throttled);
}
if ($throttled) {
$this->incrementLoginAttempts($request);
}
return redirect()->route('auth.login')
->withInput($request->only('email', 'remember'))
->withErrors([
'email' => $this->getFailedLoginMessage(),
]);
} }
/** /**