admin login validation added

This commit is contained in:
mohanmd 2026-06-20 22:21:47 +05:30
parent d2c3564c26
commit 39fae18ef6
3 changed files with 164 additions and 18 deletions

View File

@ -21,15 +21,42 @@ public function showLogin()
*/ */
public function login(Request $request) public function login(Request $request)
{ {
$credentials = $request->validate([ $validator = \Illuminate\Support\Facades\Validator::make($request->all(), [
'email' => ['required', 'email'], 'email' => ['required', 'email'],
'password' => ['required'], 'password' => ['required'],
], [
'email.required' => 'Please enter your email address.',
'email.email' => 'Please enter a valid email address.',
'password.required' => 'Please enter your password.',
]); ]);
if ($validator->fails()) {
return back()->withErrors($validator)->withInput($request->only('email'));
}
$credentials = $validator->validated();
// Database-backed authentication check // Database-backed authentication check
$user = \App\Models\User::where('email', $credentials['email'])->first(); $user = \App\Models\User::where('email', $credentials['email'])->first();
if ($user && \Illuminate\Support\Facades\Hash::check($credentials['password'], $user->password) && $user->role === 'admin') { if (!$user) {
return back()->withErrors([
'email' => 'This email is not registered.',
])->withInput($request->only('email'));
}
if ($user->role !== 'admin') {
return back()->withErrors([
'email' => 'This email is not registered as an admin.',
])->withInput($request->only('email'));
}
if (!\Illuminate\Support\Facades\Hash::check($credentials['password'], $user->password)) {
return back()->withErrors([
'password' => 'The password you entered is incorrect.',
])->withInput($request->only('email'));
}
$request->session()->regenerate(); $request->session()->regenerate();
auth()->login($user); auth()->login($user);
@ -44,11 +71,6 @@ public function login(Request $request)
return redirect()->intended('/admin/dashboard'); return redirect()->intended('/admin/dashboard');
} }
return back()->withErrors([
'email' => 'The provided credentials do not match our records. (Use admin@example.com / password)',
]);
}
/** /**
* Log the admin out of the application. * Log the admin out of the application.
*/ */

View File

@ -54,7 +54,7 @@ export default function Login() {
<hr className="border-slate-100 mb-6" /> <hr className="border-slate-100 mb-6" />
{/* Form */} {/* Form */}
<form onSubmit={handleSubmit} className="space-y-5"> <form onSubmit={handleSubmit} noValidate className="space-y-5">
<div> <div>
<label htmlFor="email" className="block text-sm font-medium text-gray-700 mb-1.5"> <label htmlFor="email" className="block text-sm font-medium text-gray-700 mb-1.5">
Email Address Email Address

View File

@ -0,0 +1,124 @@
<?php
namespace Tests\Feature;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class AdminLoginTest extends TestCase
{
use RefreshDatabase;
/**
* Test admin login page can be rendered.
*/
public function test_admin_can_view_login_page()
{
$response = $this->get('/admin/login');
$response->assertStatus(200);
}
/**
* Test admin login validation fails if email is invalid.
*/
public function test_admin_login_fails_if_email_is_invalid()
{
$response = $this->post('/admin/login', [
'email' => 'invalid-email',
'password' => 'password',
]);
$response->assertSessionHasErrors(['email']);
$this->assertEquals(
'Please enter a valid email address.',
session('errors')->get('email')[0]
);
}
/**
* Test admin login validation fails if email is not registered.
*/
public function test_admin_login_fails_if_email_is_not_registered()
{
$response = $this->post('/admin/login', [
'email' => 'unregistered@example.com',
'password' => 'password',
]);
$response->assertSessionHasErrors(['email']);
$this->assertEquals(
'This email is not registered.',
session('errors')->get('email')[0]
);
}
/**
* Test admin login validation fails if email is registered but not as an admin.
*/
public function test_admin_login_fails_if_user_is_not_an_admin()
{
User::create([
'name' => 'Regular User',
'email' => 'user@example.com',
'password' => bcrypt('password'),
'role' => 'employer', // Not admin
]);
$response = $this->post('/admin/login', [
'email' => 'user@example.com',
'password' => 'password',
]);
$response->assertSessionHasErrors(['email']);
$this->assertEquals(
'This email is not registered as an admin.',
session('errors')->get('email')[0]
);
}
/**
* Test admin login validation fails if password is wrong.
*/
public function test_admin_login_fails_if_password_is_incorrect()
{
User::create([
'name' => 'Admin User',
'email' => 'admin_test@example.com',
'password' => bcrypt('correct_password'),
'role' => 'admin',
]);
$response = $this->post('/admin/login', [
'email' => 'admin_test@example.com',
'password' => 'wrong_password',
]);
$response->assertSessionHasErrors(['password']);
$this->assertEquals(
'The password you entered is incorrect.',
session('errors')->get('password')[0]
);
}
/**
* Test admin login succeeds with correct credentials.
*/
public function test_admin_login_succeeds_with_correct_credentials()
{
$admin = User::create([
'name' => 'Admin User',
'email' => 'admin_test@example.com',
'password' => bcrypt('correct_password'),
'role' => 'admin',
]);
$response = $this->post('/admin/login', [
'email' => 'admin_test@example.com',
'password' => 'correct_password',
]);
$response->assertRedirect('/admin/dashboard');
$this->assertAuthenticatedAs($admin);
}
}