New login flow [WIP - Don't merge]

app/Http/Controllers/AppSessionController.php

@@ -11,32 +11,126 @@ use Illuminate\Support\Facades\Http;
 class AppSessionController extends Controller
 {
 
-    public function proRequestSmsLogInToken(){
-        return view('public.pro-request-sms-login-token');
+    public function confirmSmsAuthToken(Request $request)
+    {
+        return view('confirm_sms_auth_token');
+    }
+    public function setPassword(Request $request)
+    {
+        return view('set_password');
+    }
+    public function setSecurityQuestions(Request $request)
+    {
+        return view('set_security_questions');
     }
 
-    public function proLogIn(){
-        return view('public.pro-log-in');
+    public function postConfirmSmsAuthToken(Request $request) {
+
+        try {
+
+            $url = env('BACKEND_URL', 'http://localhost:8080') . '/api/session/confirmSmsAuthToken';
+
+            $data = [
+                'cellNumber' => $request->input('cellNumber'),
+                'token' => $request->input('token'),
+            ];
+
+            $response = Http::asForm()
+                ->withHeaders(['sessionKey'=>$request->cookie('sessionKey')])
+                ->post($url, $data)
+                ->json();
+
+            if(!isset($response['success']) || !$response['success']){
+                $message = 'API error';
+                if(isset($response['error'])) {
+                    $message = $response['error'];
+                    if(isset($response['path'])) $message .= ': ' . $response['path'];
+                }
+                else if(isset($response['message'])) $message = $response['message'];
+                return redirect('/confirm_sms_auth_token')
+                    ->withInput()
+                    ->with('message', $message);
+            }
+
+            return redirect('/');
+
+        } catch (\Exception $e) {
+            return redirect()->back()->with('message', $e->getMessage());
+        }
     }
+    public function postSetPassword(Request $request) {
+        try {
 
-    public function processProLogIn(Request $request){
-        $loginUrl = env('BACKEND_URL', 'http://localhost:8080') . '/api/session/proLogIn';
+            $url = env('BACKEND_URL', 'http://localhost:8080') . '/api/pro/selfPutPassword';
+
+            $data = [
+                'newPassword' => $request->input('newPassword'),
+                'newPasswordConfirmation' => $request->input('newPasswordConfirmation'),
+            ];
+
+            $response = Http::asForm()
+                ->withHeaders(['sessionKey'=>$request->cookie('sessionKey')])
+                ->post($url, $data)
+                ->json();
+
+            if(!isset($response['success']) || !$response['success']){
+                $message = 'API error';
+                if(isset($response['error'])) {
+                    $message = $response['error'];
+                    if(isset($response['path'])) $message .= ': ' . $response['path'];
+                }
+                else if(isset($response['message'])) $message = $response['message'];
+                return redirect('/set_password')
+                    ->withInput()
+                    ->with('message', $message);
+            }
 
-        $response = Http::asForm()->post($loginUrl, [
-            'cellNumber' => $request->get('cellNumber'),
-            'token' => $request->get('token'),
-        ])->json();
+            return redirect('/');
 
-        if(!$response['success']){
-            return back()->with("message", $response['message']);
+        } catch (\Exception $e) {
+            return redirect()->back()->with('message', $e->getMessage());
         }
+    }
+    public function postSetSecurityQuestions(Request $request) {
 
-        $sessionKey = $response['data']["sessionKey"];
-        $request->session()->put("authID", $response['data']["proId"]);
+        try {
 
-        $cookie = cookie()->forever('sessionKey', $sessionKey, '/');
+            $url = env('BACKEND_URL', 'http://localhost:8080') . '/api/pro/selfPutSecurityQuestions';
+
+            $data = [
+                'securityQuestion1' => $request->input('securityQuestion1'),
+                'securityAnswer1' => $request->input('securityAnswer1'),
+                'securityQuestion2' => $request->input('securityQuestion2'),
+                'securityAnswer2' => $request->input('securityAnswer2'),
+            ];
+
+            $response = Http::asForm()
+                ->withHeaders(['sessionKey'=>$request->cookie('sessionKey')])
+                ->post($url, $data)
+                ->json();
+
+            if(!isset($response['success']) || !$response['success']){
+                $message = 'API error';
+                if(isset($response['error'])) {
+                    $message = $response['error'];
+                    if(isset($response['path'])) $message .= ': ' . $response['path'];
+                }
+                else if(isset($response['message'])) $message = $response['message'];
+                return redirect('/set_password')
+                    ->withInput()
+                    ->with('message', $message);
+            }
+
+            return redirect('/');
+
+        } catch (\Exception $e) {
+            return redirect()->back()->with('message', $e->getMessage());
+        }
 
-        return redirect("/dashboard")->withCookie($cookie);
+    }
+
+    public function proLogIn(){
+        return view('public.pro-log-in');
     }
 
     public function processProLogOut(Request $request){
@@ -49,7 +143,6 @@ class AppSessionController extends Controller
         return redirect(route('pro-request-sms-login-token'));
     }
 
-
     public function login(Request $request)
     {
         $api = new Backend();
@@ -64,7 +157,7 @@ class AppSessionController extends Controller
                     ->withInput($request->input());
             }
             Cookie::queue('sessionKey', $data->data->sessionKey);
-            return redirect('/');
+            return redirect('/confirm_sms_auth_token');
 
         } catch (\Exception $e) {
             return redirect()->back()->with('message', $e->getMessage());

app/Http/Kernel.php

@@ -73,5 +73,7 @@ class Kernel extends HttpKernel
 
         'ensureValidClientSession' => \App\Http\Middleware\EnsureValidClientSession::class,
         'ensureNoValidClientSession' => \App\Http\Middleware\EnsureNoValidClientSession::class,
+
+        'pro.auth' => \App\Http\Middleware\ProAuthenticated::class,
     ];
 }

app/Http/Middleware/ProAuthenticated.php

@@ -0,0 +1,54 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Models\AppSession;
+use Closure;
+
+class ProAuthenticated
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @param  \Closure $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $sessionKey = $request->cookie('sessionKey');
+        $appSession = AppSession::where('session_key', $sessionKey)->where('is_active', true)->first();
+        $authenticated = $sessionKey && $appSession;
+        $currentRouteName = $request->route()->getName();
+
+        if (!$authenticated) {
+            return redirect()->route('login');
+        }
+
+        // - is_two_step_sms_auth_completed
+        if (!$appSession->is_two_step_sms_auth_completed) {
+            if ($currentRouteName != 'confirm_sms_auth_token' && $currentRouteName != 'post-confirm_sms_auth_token') {
+                return redirect()->route('confirm_sms_auth_token');
+            }
+            return $next($request);
+        }
+
+        // - is_password_temporary
+        if (!!$appSession->pro->is_password_temporary) {
+            if ($currentRouteName != 'set_password' && $currentRouteName != 'post-set_password') {
+                return redirect()->route('set_password');
+            }
+            return $next($request);
+        }
+
+        // - are_security_questions_set
+        if (!$appSession->pro->are_security_questions_set) {
+            if ($currentRouteName != 'set_security_questions' && $currentRouteName != 'post-set_security_questions') {
+                return redirect()->route('set_security_questions');
+            }
+            return $next($request);
+        }
+
+        return $next($request);
+    }
+}

app/Models/AppSession.php

@@ -14,8 +14,4 @@ class AppSession extends Model
         return $this->belongsTo(Pro::class);
     }
 
-    public function meetingParticipant()
-    {
-        return $this->belongsTo(MeetingParticipant::class, 'current_meeting_participant_id');
-    }
-}
+}

resources/views/confirm_sms_auth_token.blade.php

@@ -0,0 +1,30 @@
+@extends('layouts.login')
+
+@section('content')
+
+<div class="border-0 rounded-0 mcp-theme-1 bg-transparent">
+    <div class="card-header text-center font-weight-bold">
+        2-Step Verification
+    </div>
+    <div class="card-body bg-transparent">
+        @if (session('message'))
+            <div class="alert alert-danger">{{ session('message') }}</div>
+        @endif
+        <form action="/confirm_sms_auth_token" method="POST">
+            @csrf
+            <div class="form-group">
+                <label for="" class="control-label mb-1 text-secondary">Cell Number *</label>
+                <input type="text" class="form-control" value="{{$pro->cell_number}}" name="cellNumber" readonly required>
+            </div>
+            <div class="form-group">
+                <label for="" class="control-label mb-1 text-secondary d-flex align-items-center">Token * <span class="ml-auto text-sm">(sent to your phone)</span></label>
+                <input autofocus type="text" class="form-control" name="token" required>
+            </div>
+            <div class="form-group mb-0 text-center">
+                <button class="btn btn-primary btn-sm px-4 py-2">Submit</button>
+            </div>
+        </form>
+    </div>
+</div>
+
+@endsection

resources/views/layouts/login.blade.php

@@ -54,7 +54,7 @@
     </div>
     <!-- /.login-logo -->
     <div class="card">
-        <div class="card-body login-card-body">
+        <div class="card-body login-card-body p-0">
             @yield('content')
         </div>
         <!-- /.login-card-body -->

resources/views/public/pro-log-in.blade.php

@@ -1,41 +1,42 @@
 @extends('layouts.login')
 @section('content')
-    <form action="{{ route('process-pro-login') }}"
+    <form action="/login"
           method="post"
           enctype="multipart/form-data"
-          onsubmit='localStorage.cellNumber = ""; return true;'>
+          class="p-3">
         @csrf
 
-        <p class="login-box-msg">Enter the code received on your phone</p>
-
         @if (session('message'))
             <div class="alert alert-danger">{{ session('message') }}</div>
         @endif
 
-        <div class="input-group mb-3">
-            <input type="text" name="cellNumber" class="form-control" placeholder="Cell Number" readonly value="{{ session('cell-number') }}">
-            <div class="input-group-append">
-                <div class="input-group-text">
-                    <span class="fas fa-phone"></span>
+        <div class="form-group mb-2">
+            <label class="control-label text-sm text--secondary mb-1 font-weight-normal">Cell Number</label>
+            <div class="input-group">
+                <input type="text" name="cellNumber" autofocus class="form-control" required>
+                <div class="input-group-append">
+                    <div class="input-group-text">
+                        <span class="fas fa-phone"></span>
+                    </div>
                 </div>
             </div>
         </div>
-        <div class="input-group mb-3">
-            <input type="text" name="token" class="form-control" placeholder="Token" required>
-            <div class="input-group-append">
-                <div class="input-group-text">
-                    <span class="fas fa-key"></span>
+        <div class="form-group mb-3">
+            <label class="control-label text-sm text--secondary mb-1 font-weight-normal">Password</label>
+            <div class="input-group mb-2">
+                <input type="password" name="password" class="form-control" required>
+                <div class="input-group-append">
+                    <div class="input-group-text">
+                        <span class="fas fa-key"></span>
+                    </div>
                 </div>
             </div>
         </div>
-        <button type="submit" class="btn btn-primary btn-block mx-auto w-50 mt-4 mb-2">Log In</button>
+        <div class="form-group mb-0 d-flex align-items-center">
+            <div>
+                <button type="submit" class="btn btn-primary btn-block px-4 py-1">Submit</button>
+            </div>
+            <a href="#" class=" ml-auto text-secondary text-sm">Forgot password?</a>
+        </div>
     </form>
-    <script>
-        window.onload = function() {
-            if(localStorage.cellNumber) {
-                $("[name=cellNumber]").val(localStorage.cellNumber);
-                $("[name=token]").focus().select();
-            }
-        };
-    </script>
 @endsection

resources/views/public/pro-request-sms-login-token.blade.php

@@ -1,41 +0,0 @@
-@extends('layouts.login')
-@section('content')
-    <form action="/login"
-          method="post"
-          enctype="multipart/form-data">
-        @csrf
-
-        @if (session('message'))
-            <div class="alert alert-danger">{{ session('message') }}</div>
-        @endif
-
-        <div class="form-group mb-2">
-            <label class="control-label text-sm text--secondary mb-1 font-weight-normal">Cell Number</label>
-            <div class="input-group">
-                <input type="text" name="cellNumber" autofocus class="form-control" required>
-                <div class="input-group-append">
-                    <div class="input-group-text">
-                        <span class="fas fa-phone"></span>
-                    </div>
-                </div>
-            </div>
-        </div>
-        <div class="form-group mb-3">
-            <label class="control-label text-sm text--secondary mb-1 font-weight-normal">Password</label>
-            <div class="input-group mb-2">
-                <input type="password" name="password" autofocus class="form-control" required>
-                <div class="input-group-append">
-                    <div class="input-group-text">
-                        <span class="fas fa-key"></span>
-                    </div>
-                </div>
-            </div>
-        </div>
-        <div class="form-group mb-0 d-flex align-items-center">
-            <div>
-                <button type="submit" class="btn btn-primary btn-block px-4 py-1">Submit</button>
-            </div>
-            <a href="#" class=" ml-auto text-secondary text-sm">Forgot password?</a>
-        </div>
-    </form>
-@endsection

resources/views/request_password_reset.blade.php

@@ -0,0 +1,28 @@
+@extends('layouts.login')
+
+@section('content')
+
+    <div class="card border-0 rounded-0 mcp-theme-1 bg-transparent">
+        <div class="card-header text-center font-weight-bold">
+            Reset Password
+        </div>
+        <div class="card-body bg-transparent">
+            @if(session()->has('message'))
+                <div class="alert alert-danger">
+                    {{session('message')}}
+                </div>
+            @endif
+            <form action="/request_password_reset" method="POST">
+                @csrf
+                <div class="form-group">
+                    <label for="" class="control-label mb-1 text-secondary">Cell Number *</label>
+                    <input type="text" class="form-control" value="" name="cellNumber" required>
+                </div>
+                <div class="form-group mb-0 text-center">
+                    <button class="btn btn-primary btn-sm px-4 py-2">Submit</button>
+                </div>
+            </form>
+        </div>
+    </div>
+
+@endsection

resources/views/self_reset_password.blade.php

@@ -0,0 +1,48 @@
+@extends('layouts.login')
+
+@section('content')
+
+<div class="card border-0 rounded-0 mcp-theme-1 bg-transparent">
+    <div class="card-header text-center font-weight-bold">
+        Reset Password
+    </div>
+    <div class="card-body bg-transparent">
+        @if(session()->has('message'))
+        <div class="alert alert-danger">
+            {{session('message')}}
+        </div>
+        @endif
+        <form action="/self_reset_password" method="POST">
+            @csrf
+            <div class="form-group">
+                <label for="" class="control-label mb-1 text-secondary">Cell Number *</label>
+                <input autofocus type="text" class="form-control" value="" name="cellNumber" required>
+            </div>
+            <div class="form-group">
+                <label for="" class="control-label mb-1 text-secondary d-flex align-items-center">Reset Token * <span class="ml-auto text-sm">(sent to your phone)</span></label>
+                <input type="text" class="form-control" name="passwordResetToken" required>
+            </div>
+            <div class="form-group">
+                <label for="" class="control-label mb-1 text-secondary d-flex align-items-center"><b>{{ session()->get('sq1') }}</b></label>
+                <input type="text" class="form-control" name="securityQuestionAnswer1" required>
+            </div>
+            <div class="form-group">
+                <label for="" class="control-label mb-1 text-secondary d-flex align-items-center"><b>{{ session()->get('sq2') }}</b></label>
+                <input type="text" class="form-control" name="securityQuestionAnswer2" required>
+            </div>
+            <div class="form-group">
+                <label for="" class="control-label mb-1 text-secondary">Password *</label>
+                <input autofocus type="password" class="form-control" value="" name="password" required>
+            </div>
+            <div class="form-group">
+                <label for="" class="control-label mb-1 text-secondary d-flex align-items-center">Confirm Password *</label>
+                <input type="password" class="form-control" name="passwordConfirmation" required>
+            </div>
+            <div class="form-group mb-0 text-center">
+                <button class="btn btn-primary btn-sm px-4 py-2">Submit</button>
+            </div>
+        </form>
+    </div>
+</div>
+
+@endsection

resources/views/set_password.blade.php

@@ -0,0 +1,32 @@
+@extends('layouts.login')
+
+@section('content')
+
+    <div class="card border-0 rounded-0 mcp-theme-1 bg-transparent">
+        <div class="card-header text-center font-weight-bold">
+            Set New Password
+        </div>
+        <div class="card-body bg-transparent">
+            @if(session()->has('message'))
+                <div class="alert alert-danger">
+                    {{session('message')}}
+                </div>
+            @endif
+            <form action="/set_password" method="POST">
+                @csrf
+                <div class="form-group">
+                    <label for="" class="control-label mb-1 text-secondary">Password *</label>
+                    <input autofocus type="password" class="form-control" value="" name="newPassword" required>
+                </div>
+                <div class="form-group">
+                    <label for="" class="control-label mb-1 text-secondary d-flex align-items-center">Confirm Password *</label>
+                    <input type="password" class="form-control" name="newPasswordConfirmation" required>
+                </div>
+                <div class="form-group mb-0 text-center">
+                    <button class="btn btn-primary btn-sm px-4 py-2">Submit</button>
+                </div>
+            </form>
+        </div>
+    </div>
+
+@endsection

resources/views/set_security_questions.blade.php

@@ -0,0 +1,54 @@
+@extends('layouts.login')
+
+@section('content')
+
+    <div class="card border-0 rounded-0 mcp-theme-1 bg-transparent">
+        <div class="card-header text-center font-weight-bold">
+            Setup Security Questions
+        </div>
+        <div class="card-body bg-transparent">
+            @if(session()->has('message'))
+                <div class="alert alert-danger">
+                    {{session('message')}}
+                </div>
+            @endif
+            <form action="/set_security_questions" method="POST">
+                @csrf
+                <div class="form-group">
+                    <label for="" class="control-label mb-1 text-secondary">Security Question 1 *</label>
+                    <select autofocus class="form-control" name="securityQuestion1" required>
+                        <option value="">-- select --</option>
+                        <option value="Your mother's maiden name?">What is your mother's maiden name?</option>
+                        <option value="Name of your first pet?">What is the name of your first pet?</option>
+                        <option value="Brand of your first car?">What was your first car?</option>
+                        <option value="The elementary school did attended?">What elementary school did you attend?</option>
+                        <option value="The City you were born?">What is the name of the town where you were born?</option>
+                    </select>
+                </div>
+                <div class="form-group">
+                    <label for="" class="control-label mb-1 text-secondary">Security Answer 1 *</label>
+                    <input type="text" class="form-control" value="" name="securityAnswer1" required>
+                </div>
+                <div class="form-group">
+                    <label for="" class="control-label mb-1 text-secondary">Security Question 2 *</label>
+                    <select autofocus class="form-control" name="securityQuestion2" required>
+                        <option value="">-- select --</option>
+                        <option value="Your favorite book?">What is your favorite book?</option>
+                        <option value="The first company that you worked for">The first company that you worked for</option>
+                        <option value="Where did you meet your spouse?">Where did you meet your spouse?</option>
+                        <option value="What is your favorite food?">What is your favorite food?</option>
+                        <option value="Your favorite place to vacation?">Your favorite place to vacation?</option>
+                    </select>
+                </div>
+                <div class="form-group">
+                    <label for="" class="control-label mb-1 text-secondary">Security Answer 2 *</label>
+                    <input type="text" class="form-control" value="" name="securityAnswer2" required>
+                </div>
+                <div class="form-group mb-0 text-center">
+                    <button class="btn btn-primary btn-sm px-4 py-2">Submit</button>
+                </div>
+            </form>
+        </div>
+    </div>
+
+@endsection

routes/web.php

@@ -48,13 +48,24 @@ Route::middleware('ensureValidClientSession')->group(function() {
 // pro
 // =============================================================================================
 Route::middleware('ensureNoValidProSession')->group(function() {
-    Route::get('/', 'AppSessionController@proRequestSmsLogInToken')->name('pro-request-sms-login-token');
+    Route::get('/login', 'AppSessionController@proLogIn')->name('login');
     Route::post('/login', 'AppSessionController@login')->name('process-login');
-//    Route::get('/pro/login', 'AppSessionController@proLogIn')->name('pro-login');
-//    Route::post('/pro/login', 'AppSessionController@processProLogIn')->name('process-pro-login');
 });
 
-Route::middleware('ensureValidProSession')->group(function() {
+    // request password
+//    Route::get('request_password_reset', 'AppSessionController@showRequestPasswordReset')->name('request_password_reset');
+//    Route::post('request_password_reset', 'AppSessionController@processRequestPasswordReset')->name('process_request_password_reset');
+//    Route::get('self_reset_password', 'AppSessionController@showSelfResetPassword')->name('self_reset_password');
+//    Route::post('self_reset_password', 'AppSessionController@processSelfResetPassword')->name('process_self_reset_password');
+
+Route::middleware('pro.auth')->group(function() {
+    Route::get('/confirm_sms_auth_token', 'AppSessionController@confirmSmsAuthToken')->name('confirm_sms_auth_token');
+    Route::get('/set_password', 'AppSessionController@setPassword')->name('set_password');
+    Route::get('/set_security_questions', 'AppSessionController@setSecurityQuestions')->name('set_security_questions');
+    Route::post('/confirm_sms_auth_token', 'AppSessionController@postConfirmSmsAuthToken')->name('post-confirm_sms_auth_token');
+    Route::post('/set_password', 'AppSessionController@postSetPassword')->name('post-set_password');
+    Route::post('/set_security_questions', 'AppSessionController@postSetSecurityQuestions')->name('post-set_security_questions');
+    Route::get('/', 'ProController@dashboard')->name('pro-dashboard-root');
     Route::get('/dashboard', 'ProController@dashboard')->name('pro-dashboard');
     Route::get('/pro/meet/{uid?}', 'ProController@meet');
     Route::get('/pro/get-opentok-session-key/{uid}', 'ProController@getOpentokSessionKey');