Saad Zoubir
88e5803061
Implement end-to-end invitation acceptance: neutral entry route validates token and routes to register (new users), login (existing users), or auto-accepts (authenticated users). Handles 2FA token survival via session, email case-insensitive matching, and dedicated error pages. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
123 lines
3.7 KiB
PHP
123 lines
3.7 KiB
PHP
<?php
|
|
|
|
namespace App\Providers;
|
|
|
|
use App\Actions\Fortify\CreateNewUser;
|
|
use App\Actions\Fortify\ResetUserPassword;
|
|
use Illuminate\Cache\RateLimiting\Limit;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\RateLimiter;
|
|
use Illuminate\Support\ServiceProvider;
|
|
use Illuminate\Support\Str;
|
|
use Inertia\Inertia;
|
|
use Laravel\Fortify\Features;
|
|
use Laravel\Fortify\Fortify;
|
|
|
|
class FortifyServiceProvider extends ServiceProvider
|
|
{
|
|
/**
|
|
* Register any application services.
|
|
*/
|
|
public function register(): void
|
|
{
|
|
$this->app->singleton(
|
|
\Laravel\Fortify\Contracts\RegisterResponse::class,
|
|
\App\Http\Responses\RegisterResponse::class
|
|
);
|
|
|
|
$this->app->singleton(
|
|
\Laravel\Fortify\Contracts\LoginResponse::class,
|
|
\App\Http\Responses\LoginResponse::class
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Bootstrap any application services.
|
|
*/
|
|
public function boot(): void
|
|
{
|
|
$this->configureActions();
|
|
$this->configureViews();
|
|
$this->configureRateLimiting();
|
|
}
|
|
|
|
/**
|
|
* Configure Fortify actions.
|
|
*/
|
|
private function configureActions(): void
|
|
{
|
|
Fortify::resetUserPasswordsUsing(ResetUserPassword::class);
|
|
Fortify::createUsersUsing(CreateNewUser::class);
|
|
}
|
|
|
|
/**
|
|
* Configure Fortify views.
|
|
*/
|
|
private function configureViews(): void
|
|
{
|
|
Fortify::loginView(function (Request $request) {
|
|
$props = [
|
|
'canResetPassword' => Features::enabled(Features::resetPasswords()),
|
|
'canRegister' => Features::enabled(Features::registration()),
|
|
'status' => $request->session()->get('status'),
|
|
];
|
|
|
|
$token = $request->query('invitation');
|
|
if ($token) {
|
|
$props['invitation'] = $token;
|
|
$request->session()->put('pending_invitation_token', $token);
|
|
}
|
|
|
|
return Inertia::render('auth/Login', $props);
|
|
});
|
|
|
|
Fortify::resetPasswordView(fn (Request $request) => Inertia::render('auth/ResetPassword', [
|
|
'email' => $request->email,
|
|
'token' => $request->route('token'),
|
|
]));
|
|
|
|
Fortify::requestPasswordResetLinkView(fn (Request $request) => Inertia::render('auth/ForgotPassword', [
|
|
'status' => $request->session()->get('status'),
|
|
]));
|
|
|
|
Fortify::verifyEmailView(fn (Request $request) => Inertia::render('auth/VerifyEmail', [
|
|
'status' => $request->session()->get('status'),
|
|
]));
|
|
|
|
Fortify::registerView(function (Request $request) {
|
|
$props = [];
|
|
|
|
$token = $request->query('invitation');
|
|
if ($token) {
|
|
$invitation = \App\Models\TeamInvitation::where('token', $token)->first();
|
|
if ($invitation && $invitation->isValid()) {
|
|
$props['invitation'] = $token;
|
|
$props['invitationEmail'] = $invitation->email;
|
|
}
|
|
}
|
|
|
|
return Inertia::render('auth/Register', $props);
|
|
});
|
|
|
|
Fortify::twoFactorChallengeView(fn () => Inertia::render('auth/TwoFactorChallenge'));
|
|
|
|
Fortify::confirmPasswordView(fn () => Inertia::render('auth/ConfirmPassword'));
|
|
}
|
|
|
|
/**
|
|
* Configure rate limiting.
|
|
*/
|
|
private function configureRateLimiting(): void
|
|
{
|
|
RateLimiter::for('two-factor', function (Request $request) {
|
|
return Limit::perMinute(5)->by($request->session()->get('login.id'));
|
|
});
|
|
|
|
RateLimiter::for('login', function (Request $request) {
|
|
$throttleKey = Str::transliterate(Str::lower($request->input(Fortify::username())).'|'.$request->ip());
|
|
|
|
return Limit::perMinute(5)->by($throttleKey);
|
|
});
|
|
}
|
|
}
|