"}) */ public function postLogin(Request $request) { $validator = Validator::make($request->only(['email', 'password']), [ 'email' => 'required|email', 'password' => 'required|min:8' ]); if ($validator->fails()) { throw new StoreResourceFailedException('Required authentication fields were invalid.', $validator->errors()); } $throttled = $this->isUsingThrottlesLoginsTrait(); if ($throttled && $this->hasTooManyLoginAttempts($request)) { throw new TooManyRequestsHttpException('You have been login throttled for 120 seconds.'); } // Is the email & password valid? $user = Models\User::where('email', $request->input('email'))->first(); if (!$user || !Hash::check($request->input('password'), $user->password)) { if ($throttled) { $this->incrementLoginAttempts($request); } throw new UnauthorizedHttpException('A user by those credentials was not found.'); } // @TODO: validate TOTP if enabled on account? // Perhaps this could be implemented in such a way that they login to their // account and generate a one time password that can be used? Would be a pain in // the butt for multiple API requests though. Maybe just included a 'totp' field // that can include the token for that timestamp. Would allow for programtic // generation of the code and API requests. if ($user->root_admin !== 1) { throw new UnauthorizedHttpException('This account does not have permission to interface this API.'); } try { $token = JWTAuth::fromUser($user); if (!$token) { throw new UnauthorizedHttpException(''); } } catch (JWTException $ex) { throw new ServiceUnavailableHttpException(''); } return compact('token'); } /** * Check if Authenticated * * @Post("/validate") * @Versions({"v1"}) * @Request(headers={"Authorization": "Bearer "}) * @Response(204); */ public function postValidate(Request $request) { return $this->response->noContent(); } }