API tools faq
paste
wzee1

AuthenticatedSessionController.php

wzee1
Jul 19th, 2025
196
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.92 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. namespace App\Http\Controllers\Auth;
  4.  
  5. use App\Http\Controllers\Controller;
  6. use App\Http\Requests\Auth\LoginRequest;
  7. use Illuminate\Http\Request;
  8. use Illuminate\Http\JsonResponse;
  9. use Illuminate\Support\Facades\Auth;
  10. use Carbon\Carbon;
  11. use Symfony\Component\HttpFoundation\Cookie;
  12. use Illuminate\Validation\ValidationException;
  13.  
  14. class AuthenticatedSessionController extends Controller
  15. {
  16.     /**
  17.      * Handle an incoming authentication request.
  18.      */
  19.     public function store(LoginRequest $request): JsonResponse
  20.     {
  21.  
  22.         $request->validate([
  23.             'email' => ['required', 'string', 'email'],
  24.             'password' => ['required', 'string'],
  25.         ]);
  26.  
  27.         // This will temporarily log the user in if credentials are correct.
  28.         // It sets the session cookie for Sanctum SPA authentication.
  29.         if (! Auth::attempt($request->only('email', 'password'), $request->boolean('remember'))) {
  30.             throw ValidationException::withMessages([
  31.                 'email' => trans('auth.failed'),
  32.             ]);
  33.         }
  34.  
  35.         //  the user IS authenticated (temporarily)
  36.         $user = Auth::user();
  37.  
  38.         // 3. Check if the user's email is verified.
  39.         if (! $user->hasVerifiedEmail()) {
  40.             Auth::guard('web')->logout();
  41.             $request->session()->invalidate();
  42.             $request->session()->regenerateToken();
  43.  
  44.  
  45.             return response()->json([
  46.                 'message' => 'Email is not verified. Please check your inbox or request a new verification link.'
  47.             ], 403);
  48.         }
  49.  
  50.         // Inject authenticated user's ID into session collection record when the user logs in
  51.         $request->session()->put('user_id', $request->user()->id);
  52.  
  53.         // Create a new Personal Access Token for the user
  54.         //$token = $user->createToken('api_token')->plainTextToken;
  55.  
  56.  
  57.         $token = $user->createToken(
  58.             'api_token', // Name for the token
  59.             ['*'],       // Abilities
  60.             Carbon::now()->addDays(30) // Token expires in 30 days
  61.         );
  62.  
  63.         // Return the user and the new token as a JSON response
  64.         return response()->json([
  65.             'user' => $user,
  66.             'token' => substr($token->plainTextToken, 1),
  67.         ], 200)->withCookie(
  68.             new Cookie(
  69.                 'authToken',
  70.                 substr($token->plainTextToken, 1),
  71.                 Carbon::now()->addDays(30),
  72.                 '/',
  73.                 null,
  74.                 false,
  75.                 true, // HttpOnly
  76.                 false,
  77.                 false,
  78.                 'Strict'
  79.             )
  80.         );
  81.     }
  82.  
  83.     /**
  84.      * Destroy an authenticated session.
  85.      */
  86.     public function destroy(Request $request): JsonResponse
  87.     {
  88.  
  89.         $request->user()->currentAccessToken()->delete();
  90.  
  91.         // Return a successful, empty response
  92.         return response()->json(null, 204);
  93.     }
  94. }
  95.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!