Merge pull request #242 from jlopes90/develop

lonnieezell · web-flow · commit 0e1f37804355 · 2022-06-27T22:34:19.000-05:00
feat: add validation in LoginController
diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
@@ -3,9 +3,7 @@
 namespace CodeIgniter\Shield\Controllers;
 
 use App\Controllers\BaseController;
-use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\RedirectResponse;
-use CodeIgniter\HTTP\Response;
 
 class LoginController extends BaseController
 {
@@ -27,18 +25,21 @@ public function loginView()
 
     /**
      * Attempts to log the user in.
-     *
-     * @return Response|string
      */
-    public function loginAction()
+    public function loginAction(): RedirectResponse
     {
-        /** @var IncomingRequest $request */
-        $request = service('request');
+        // Validate here first, since some things,
+        // like the password, can only be validated properly here.
+        $rules = $this->getValidationRules();
+
+        if (! $this->validate($rules)) {
+            return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());
+        }
 
-        $credentials             = $request->getPost(setting('Auth.validFields'));
+        $credentials             = $this->request->getPost(setting('Auth.validFields'));
         $credentials             = array_filter($credentials);
-        $credentials['password'] = $request->getPost('password');
-        $remember                = (bool) $request->getPost('remember');
+        $credentials['password'] = $this->request->getPost('password');
+        $remember                = (bool) $this->request->getPost('remember');
 
         // Attempt to login
         $result = auth('session')->remember($remember)->attempt($credentials);
@@ -56,11 +57,23 @@ public function loginAction()
     }
 
     /**
-     * Logs the current user out.
+     * Returns the rules that should be used for validation.
      *
-     * @return Response|string
+     * @return string[]
+     */
+    protected function getValidationRules(): array
+    {
+        return setting('Validation.login') ?? [
+            //'username' => 'required|max_length[30]|alpha_numeric_space|min_length[3]',
+            'email'    => 'required|max_length[254]|valid_email',
+            'password' => 'required',
+        ];
+    }
+
+    /**
+     * Logs the current user out.
      */
-    public function logoutAction()
+    public function logoutAction(): RedirectResponse
     {
         auth()->logout();
 
diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
@@ -118,7 +118,7 @@ public function addToDefaultGroup(User $user): void
     public function fake(Generator &$faker): User
     {
         return new User([
-            'username' => $faker->userName,
+            'username' => str_replace('.', ' ', $faker->userName),
             'active'   => true,
         ]);
     }
diff --git a/src/Views/login.php b/src/Views/login.php
@@ -10,7 +10,18 @@
                 <h5 class="card-title mb-5"><?= lang('Auth.login') ?></h5>
 
                 <?php if (session('error') !== null) : ?>
-                <div class="alert alert-danger" role="alert"><?= session('error') ?></div>
+                    <div class="alert alert-danger" role="alert"><?= session('error') ?></div>
+                <?php elseif (session('errors') !== null) : ?>
+                    <div class="alert alert-danger" role="alert">
+                        <?php if (is_array(session('errors'))) : ?>
+                            <?php foreach (session('errors') as $error) : ?>
+                                <?= $error ?>
+                                <br>
+                            <?php endforeach ?>
+                        <?php else : ?>
+                            <?= session('errors') ?>
+                        <?php endif ?>
+                    </div>
                 <?php endif ?>
 
                 <?php if (session('message') !== null) : ?>
diff --git a/tests/Controllers/LoginTest.php b/tests/Controllers/LoginTest.php
@@ -8,6 +8,7 @@
 use CodeIgniter\Test\DatabaseTestTrait;
 use CodeIgniter\Test\FeatureTestTrait;
 use Config\Services;
+use Config\Validation;
 use Tests\Support\FakeUser;
 use Tests\Support\TestCase;
 
@@ -73,6 +74,7 @@ public function testLoginActionEmailSuccess(): void
             'password' => 'secret123',
         ]);
 
+        $result->assertSessionHas('user', ['id' => 1]);
         $result->assertStatus(302);
         $result->assertRedirect();
         $this->assertSame(site_url(), $result->getRedirectUrl());
@@ -109,6 +111,15 @@ public function testAfterLoggedInNotDesplayLoginPage(): void
 
     public function testLoginActionUsernameSuccess(): void
     {
+        // Change the validation rules
+        $config           = new class () extends Validation {
+            public $login = [
+                'username' => 'required|max_length[30]|alpha_numeric_space|min_length[3]',
+                'password' => 'required',
+            ];
+        };
+        Factories::injectMock('config', 'Validation', $config);
+
         $this->user->createEmailIdentity([
             'email'    => 'foo@example.com',
             'password' => 'secret123',
@@ -119,6 +130,7 @@ public function testLoginActionUsernameSuccess(): void
             'password' => 'secret123',
         ]);
 
+        $result->assertSessionHas('user', ['id' => 1]);
         $result->assertStatus(302);
         $result->assertRedirect();
         $this->assertSame(site_url(), $result->getRedirectUrl());

Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,7 @@ public function addToDefaultGroup(User $user): void`
`118`	`118`	`public function fake(Generator &$faker): User`
`119`	`119`	`{`
`120`	`120`	`return new User([`
`121`		`- 'username' => $faker->userName,`
	`121`	`+ 'username' => str_replace('.', ' ', $faker->userName),`
`122`	`122`	`'active' => true,`
`123`	`123`	`]);`
`124`	`124`	`}`