109 lines
3.1 KiB
PHP
109 lines
3.1 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Requests\Auth;
|
|
|
|
use App\Models\User;
|
|
use Illuminate\Auth\Events\Lockout;
|
|
use Illuminate\Foundation\Http\FormRequest;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Support\Facades\RateLimiter;
|
|
use Illuminate\Support\Str;
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
class LoginRequest extends FormRequest
|
|
{
|
|
/**
|
|
* Determine if the user is authorized to make this request.
|
|
*/
|
|
public function authorize(): bool
|
|
{
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Get the validation rules that apply to the request.
|
|
*
|
|
* @return array<string, \Illuminate\Contracts\Validation\Rule|array|string>
|
|
*/
|
|
public function rules(): array
|
|
{
|
|
return [
|
|
'email' => ['required', 'string', 'email'],
|
|
'password' => ['required', 'string'],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Attempt to authenticate the request's credentials.
|
|
*
|
|
* @throws \Illuminate\Validation\ValidationException
|
|
*/
|
|
public function authenticate(): void
|
|
{
|
|
$this->ensureIsNotRateLimited();
|
|
|
|
if (! Auth::attempt($this->only('email', 'password'), $this->boolean('remember'))) {
|
|
RateLimiter::hit($this->throttleKey());
|
|
|
|
throw ValidationException::withMessages([
|
|
'email' => trans('auth.failed'),
|
|
]);
|
|
}
|
|
|
|
RateLimiter::clear($this->throttleKey());
|
|
}
|
|
|
|
/**
|
|
* Ensure the login request is not rate limited.
|
|
* Special handling: Students get 3 attempts, others get 5 attempts.
|
|
*
|
|
* @throws \Illuminate\Validation\ValidationException
|
|
*/
|
|
public function ensureIsNotRateLimited(): void
|
|
{
|
|
$email = $this->string('email');
|
|
$user = User::where('email', $email)->first();
|
|
|
|
// Tentukan limit berdasarkan role (khusus siswa: 3x, lainnya: 5x)
|
|
$maxAttempts = 5; // Default untuk BK, Admin, dan user lainnya
|
|
$isStudent = false;
|
|
|
|
if ($user && $user->role === 'siswa') {
|
|
$maxAttempts = 3; // Siswa hanya boleh 3x
|
|
$isStudent = true;
|
|
}
|
|
|
|
if (! RateLimiter::tooManyAttempts($this->throttleKey(), $maxAttempts)) {
|
|
return;
|
|
}
|
|
|
|
event(new Lockout($this));
|
|
|
|
// Special message untuk siswa yang sudah 3x gagal
|
|
if ($isStudent) {
|
|
throw ValidationException::withMessages([
|
|
'email' => '❌ Anda sudah salah password 3 kali. Silakan reset password melalui "Lupa Password" untuk keamanan akun Anda.',
|
|
'forgot_password' => true, // Flag khusus untuk redirect
|
|
'email_value' => $email, // Kirim email untuk auto-fill
|
|
]);
|
|
}
|
|
|
|
$seconds = RateLimiter::availableIn($this->throttleKey());
|
|
|
|
throw ValidationException::withMessages([
|
|
'email' => trans('auth.throttle', [
|
|
'seconds' => $seconds,
|
|
'minutes' => ceil($seconds / 60),
|
|
]),
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Get the rate limiting throttle key for the request.
|
|
*/
|
|
public function throttleKey(): string
|
|
{
|
|
return Str::transliterate(Str::lower($this->string('email')).'|'.$this->ip());
|
|
}
|
|
}
|