search

k2so-dev / laravel-nuxt

Laravel and Nuxt.js boilerplate designed for development with maximum API performance, ready-made authorization methods, image uploading with optimization, user roles, device management
MIT License
143 stars 26 forks source link

Gracefully fail authentication with error messages #8

Closed chris-mackie closed 1 month ago

chris-mackie commented 1 month ago

return a generic error rather than No query results for model

k2so-dev commented 1 month ago

@chris-mackie Unfortunately, I can't accept PR. The fact is that during authorization, we need to run the authenticate function in the LoginRequest object in order to take into account the likelihood of a brute force attack.

Technically I used a ready function from the Laravel Breeze library https://github.com/laravel/breeze/blob/2.x/stubs/api/app/Http/Requests/Auth/LoginRequest.php#L40-L53 The only difference is the Auth::attempt function, which authorizes the user using a session and checks for the presence of an email in the database. In our version, authorization based on tokens is used, so the function checks the password and checks the existence of the user with a separate parameter.