admin login validation added
This commit is contained in:
parent
d2c3564c26
commit
39fae18ef6
@ -21,32 +21,54 @@ public function showLogin()
|
|||||||
*/
|
*/
|
||||||
public function login(Request $request)
|
public function login(Request $request)
|
||||||
{
|
{
|
||||||
$credentials = $request->validate([
|
$validator = \Illuminate\Support\Facades\Validator::make($request->all(), [
|
||||||
'email' => ['required', 'email'],
|
'email' => ['required', 'email'],
|
||||||
'password' => ['required'],
|
'password' => ['required'],
|
||||||
|
], [
|
||||||
|
'email.required' => 'Please enter your email address.',
|
||||||
|
'email.email' => 'Please enter a valid email address.',
|
||||||
|
'password.required' => 'Please enter your password.',
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
if ($validator->fails()) {
|
||||||
|
return back()->withErrors($validator)->withInput($request->only('email'));
|
||||||
|
}
|
||||||
|
|
||||||
|
$credentials = $validator->validated();
|
||||||
|
|
||||||
// Database-backed authentication check
|
// Database-backed authentication check
|
||||||
$user = \App\Models\User::where('email', $credentials['email'])->first();
|
$user = \App\Models\User::where('email', $credentials['email'])->first();
|
||||||
|
|
||||||
if ($user && \Illuminate\Support\Facades\Hash::check($credentials['password'], $user->password) && $user->role === 'admin') {
|
if (!$user) {
|
||||||
$request->session()->regenerate();
|
return back()->withErrors([
|
||||||
|
'email' => 'This email is not registered.',
|
||||||
auth()->login($user);
|
])->withInput($request->only('email'));
|
||||||
|
|
||||||
session(['user' => (object)[
|
|
||||||
'id' => $user->id,
|
|
||||||
'name' => $user->name,
|
|
||||||
'email' => $user->email,
|
|
||||||
'role' => $user->role,
|
|
||||||
]]);
|
|
||||||
|
|
||||||
return redirect()->intended('/admin/dashboard');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return back()->withErrors([
|
if ($user->role !== 'admin') {
|
||||||
'email' => 'The provided credentials do not match our records. (Use admin@example.com / password)',
|
return back()->withErrors([
|
||||||
]);
|
'email' => 'This email is not registered as an admin.',
|
||||||
|
])->withInput($request->only('email'));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!\Illuminate\Support\Facades\Hash::check($credentials['password'], $user->password)) {
|
||||||
|
return back()->withErrors([
|
||||||
|
'password' => 'The password you entered is incorrect.',
|
||||||
|
])->withInput($request->only('email'));
|
||||||
|
}
|
||||||
|
|
||||||
|
$request->session()->regenerate();
|
||||||
|
|
||||||
|
auth()->login($user);
|
||||||
|
|
||||||
|
session(['user' => (object)[
|
||||||
|
'id' => $user->id,
|
||||||
|
'name' => $user->name,
|
||||||
|
'email' => $user->email,
|
||||||
|
'role' => $user->role,
|
||||||
|
]]);
|
||||||
|
|
||||||
|
return redirect()->intended('/admin/dashboard');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -54,7 +54,7 @@ export default function Login() {
|
|||||||
<hr className="border-slate-100 mb-6" />
|
<hr className="border-slate-100 mb-6" />
|
||||||
|
|
||||||
{/* Form */}
|
{/* Form */}
|
||||||
<form onSubmit={handleSubmit} className="space-y-5">
|
<form onSubmit={handleSubmit} noValidate className="space-y-5">
|
||||||
<div>
|
<div>
|
||||||
<label htmlFor="email" className="block text-sm font-medium text-gray-700 mb-1.5">
|
<label htmlFor="email" className="block text-sm font-medium text-gray-700 mb-1.5">
|
||||||
Email Address
|
Email Address
|
||||||
|
|||||||
124
tests/Feature/AdminLoginTest.php
Normal file
124
tests/Feature/AdminLoginTest.php
Normal file
@ -0,0 +1,124 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Tests\Feature;
|
||||||
|
|
||||||
|
use App\Models\User;
|
||||||
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||||
|
use Tests\TestCase;
|
||||||
|
|
||||||
|
class AdminLoginTest extends TestCase
|
||||||
|
{
|
||||||
|
use RefreshDatabase;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test admin login page can be rendered.
|
||||||
|
*/
|
||||||
|
public function test_admin_can_view_login_page()
|
||||||
|
{
|
||||||
|
$response = $this->get('/admin/login');
|
||||||
|
$response->assertStatus(200);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test admin login validation fails if email is invalid.
|
||||||
|
*/
|
||||||
|
public function test_admin_login_fails_if_email_is_invalid()
|
||||||
|
{
|
||||||
|
$response = $this->post('/admin/login', [
|
||||||
|
'email' => 'invalid-email',
|
||||||
|
'password' => 'password',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertSessionHasErrors(['email']);
|
||||||
|
$this->assertEquals(
|
||||||
|
'Please enter a valid email address.',
|
||||||
|
session('errors')->get('email')[0]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test admin login validation fails if email is not registered.
|
||||||
|
*/
|
||||||
|
public function test_admin_login_fails_if_email_is_not_registered()
|
||||||
|
{
|
||||||
|
$response = $this->post('/admin/login', [
|
||||||
|
'email' => 'unregistered@example.com',
|
||||||
|
'password' => 'password',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertSessionHasErrors(['email']);
|
||||||
|
$this->assertEquals(
|
||||||
|
'This email is not registered.',
|
||||||
|
session('errors')->get('email')[0]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test admin login validation fails if email is registered but not as an admin.
|
||||||
|
*/
|
||||||
|
public function test_admin_login_fails_if_user_is_not_an_admin()
|
||||||
|
{
|
||||||
|
User::create([
|
||||||
|
'name' => 'Regular User',
|
||||||
|
'email' => 'user@example.com',
|
||||||
|
'password' => bcrypt('password'),
|
||||||
|
'role' => 'employer', // Not admin
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response = $this->post('/admin/login', [
|
||||||
|
'email' => 'user@example.com',
|
||||||
|
'password' => 'password',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertSessionHasErrors(['email']);
|
||||||
|
$this->assertEquals(
|
||||||
|
'This email is not registered as an admin.',
|
||||||
|
session('errors')->get('email')[0]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test admin login validation fails if password is wrong.
|
||||||
|
*/
|
||||||
|
public function test_admin_login_fails_if_password_is_incorrect()
|
||||||
|
{
|
||||||
|
User::create([
|
||||||
|
'name' => 'Admin User',
|
||||||
|
'email' => 'admin_test@example.com',
|
||||||
|
'password' => bcrypt('correct_password'),
|
||||||
|
'role' => 'admin',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response = $this->post('/admin/login', [
|
||||||
|
'email' => 'admin_test@example.com',
|
||||||
|
'password' => 'wrong_password',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertSessionHasErrors(['password']);
|
||||||
|
$this->assertEquals(
|
||||||
|
'The password you entered is incorrect.',
|
||||||
|
session('errors')->get('password')[0]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test admin login succeeds with correct credentials.
|
||||||
|
*/
|
||||||
|
public function test_admin_login_succeeds_with_correct_credentials()
|
||||||
|
{
|
||||||
|
$admin = User::create([
|
||||||
|
'name' => 'Admin User',
|
||||||
|
'email' => 'admin_test@example.com',
|
||||||
|
'password' => bcrypt('correct_password'),
|
||||||
|
'role' => 'admin',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response = $this->post('/admin/login', [
|
||||||
|
'email' => 'admin_test@example.com',
|
||||||
|
'password' => 'correct_password',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertRedirect('/admin/dashboard');
|
||||||
|
$this->assertAuthenticatedAs($admin);
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user