laravel - 如果用户使用 Laravel 不活跃,则抛出错误消息
问题描述
我的用户表中有字段状态,并且 O 想检查状态是否为 0,那么用户不应该登录,如果 1 个用户应该能够登录。
这是我的登录代码(控制器很长,请避免一些不相关的代码):
public function fdLogin(Request $request)
{
$credentials = $request->only('email', 'password');
$rules = [
'email' => 'required|email',
'password' => 'required',
];
$validator = Validator::make($credentials, $rules);
if ($validator->fails()) {
return response()->json([
'status' => false,
'message' => __('messages.validation_errors'),
'errors' => $validator->messages()
]);
}
$token = "";
try {
// if Request has latitude and longitude
$latFrom = $longFrom = $givenSpeciality = "";
$locationTag = false;
if ($request->has('lat') && $request->has('long') && $request->has('specialityKey') && !empty($request->lat) && !empty($request->long) && !empty($request->specialityKey)) {
$latFrom = $request->lat;
$longFrom = $request->long;
$givenSpeciality = $request->specialityKey;
$locationTag = true;
}
if (!Auth::attempt($credentials)) {
return response()->json(array('status' => false, 'message' => 'Invalid username or password', 'errors' => array('Invalid username or password')));
}
$speciality = DB::table('specialities')
->join('user_facility', 'specialities.id', 'user_facility.speciality_id')
->where('user_facility.user_id', Auth::user()->id)
->select('specialities.name', 'specialities.id')->first();
$types = [];
if (!empty($speciality)) {
$types = $speciality;
}
$customClaims = ['exp' => Carbon::now()->addYear()->timestamp, 'specialityType' => $types];
if (!$token = JWTAuth::claims($customClaims)->attempt($credentials)) {
return response()->json([
'status' => false,
'message' => 'We can`t find an account with this credentials.'
], 401);
}
} catch (JWTException $e) {
// Something went wrong with JWT Auth.
return response()->json([
'status' => false,
'message' => 'Failed to login, please try again.'
], 500);
}
$withInFacility['logged_in_facility'] = array();
$currentUser = Auth::user();
$user_id = $currentUser->id;
if ($locationTag) {
$userWithFacilities = $currentUser->load('facilities.facilityLocation', 'facilities.speciality.avaliableSpeciality');
$locations = array();
if (isset($userWithFacilities['facilities']) && count($userWithFacilities['facilities'])) {
foreach ($userWithFacilities['facilities'] as $facility) {
$faci = $facility->toArray();
if (!empty($faci['facility_location']) && $faci['facility_location'] > 0) {
$demo = $faci['facility_location'];
}
if (isset($faci['speciality']) && count($faci['speciality']) > 0) {
$speciality = $faci['speciality'];
if (isset($speciality['avaliable_speciality']) && count($speciality['avaliable_speciality']) > 0) {
$avaliable_speciality = $speciality['avaliable_speciality'];
$demo['avaliable'] = $avaliable_speciality['specialty_key'];
}
}
$locations[] = $demo;
}
if (count($locations)) {
foreach ($locations as $location) {
$distance = self::distance($latFrom, $longFrom, $location['lat'], $location['long']);
// if distance is less than 100 meter ''ll eligible to login else Log him out
if ($distance < config('constants.facility_radius')) {
if ($location['avaliable'] == $givenSpeciality) {
$withInFacility['logged_in_facility'] = $location;
$withInFacility['logged_in_facility']['radius'] = config('constants.facility_radius');
}
}
}
// if distance is less than 100 meter ''ll eligible to login else Log him out
if (empty($withInFacility['logged_in_facility'])) {
JWTAuth::setToken($token)->invalidate();
return response()->json(['status' => false, 'message' => 'Your are not in facility OR Your speciality did not matched with facility', 'errors' => '']);
}
} else {
return response(['status' => false, 'message' => 'Your Facility did not have any location , please ask for administrator', 'data' => null]);
}
} else {
return response(['status' => false, 'message' => 'You did not have any facility , please ask for administrator', 'data' => null]);
}
}
$currentUser->basicInfo = $this->userBasicInfo->where('user_id', $user_id)->first();
$is_super_admin = DB::table('users')->select('users.is_super_admin')->where('id', $user_id)->first();
$specialitiesAndRoles = DB::table('user_facility')
->leftjoin('roles', 'user_facility.role_id', 'roles.id')
->leftjoin('specialities', 'user_facility.speciality_id', '=', 'specialities.id')
->leftjoin('available_specialties', 'specialities.available_specialties_id', '=', 'available_specialties.id')
->where('user_facility.user_id', $user_id)
->select('user_facility.facility_id', 'user_facility.speciality_id', 'user_facility.is_facility_supervisor', 'user_facility.priv_key', 'user_facility.role_id', 'specialities.name', 'available_specialties.id', 'available_specialties.specialty_key')
->get();
$superadmin = $is_super_admin->is_super_admin;
$specialities = (object)$specialitiesAndRoles;
$sp = $specialitiesAndRoles->toArray();
$specialty_key = "";
if (!empty($sp)) {
$specialty_key = $sp[0]->specialty_key;
}
$fac_privs = array();
if (!empty($sp)) {
foreach ($sp as $s) {
$s = (array)$s;
$s['priv_list'] = Helpers::get_checked_privs($s);
$fac_privs[] = $s;
}
}
if (count($withInFacility['logged_in_facility'])) {
$withInFacilityObj = (object)$withInFacility['logged_in_facility'];
} else {
$withInFacilityObj = NULL;
}
$response = ['is_super_admin' => $superadmin, 'facilities' => $fac_privs, 'logged_in_facility' => $withInFacilityObj];
if ($superadmin == 1) {
$response['priv_ist'] = Helpers::get_priv_list();
}
$speciality = $this->speciality;
if ($speciality) {
$user = DB::table('verify_users')->where('user_id', $user_id)->first();
DB::table('verify_users')->insert([
'token' => $token,
'user_id' => $user_id,
]);
if ($specialty_key == 'medical_doctor') {
$md_db = DB::connection('doctorDB');
$user = $md_db->table('auth_token')->where('user_id', $user_id)->first();
if ($user) {
$md_db->table('auth_token')->where('id', $user->id)->update([
'token' => $token,
'isValid' => 1,
]);
} else {
$md_db->table('auth_token')->insert([
'token' => $token,
'isValid' => 1,
'user_id' => $user_id
]);
}
}
}
$user_data = $this->GetUserInfo();
unset($currentUser['facilities']);
return response()->json([
'status' => true,
'message' => 'Login successfully',
'data' => [
'token' => $token,
'userData' => $currentUser,
'userInfo' => $user_data,
'privileges' => $response,
]
]);
}
这是我的整个登录控制器我没有使用 Laravel 内置身份验证,我根据我的项目要求创建了自己的登录,我想实现这个功能。
解决方案
我不知道为什么您在获取用户信息时不检查。我不确定您的目的是什么,但可能此代码会对您有所帮助。
$currentUser = Auth::user();
if($currentUser->status == 0){
Auth::logout();
return response()->json([
'status' => false,
'message' => 'Failed to login, Access forbidden.',
], 403);
}
推荐阅读
- php - PHP将附件发送到discord webhook
- python-3.x - 将字符串列表解析为相应的对象
- javascript - 单击每一行时的css过渡
- apache-spark - 缓慢加入pyspark,尝试重新分区
- ansible - 如何从变量 ['vars'] 在 Ansible 查找插件中获取完全评估的变量值
- python-3.x - 从python3中的url打开一个gzip文件并使用islice
- node.js - 运行“heroku logs --tail”后无法输入
- telegram-bot - Telegram bot - 仅适用于我,但不适用于其他用户
- javascript - Jest 使用之前测试中加载的模块
- amazon-cognito - 我什么时候应该在 AWS Cognito 中使用 adminCreateUser 和 signUp