ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
210cf5ce8b
TenantAtlas/app/Filament/System/Pages/Auth/Login.php
ahmido 210cf5ce8b feat: implement auth structure system panel (#77) 
Implements 064-auth-structure (Auth Structure v1.0):

Adds platform_users + PlatformUser identity (factory + seeder) for platform operators
Introduces platform auth guard/provider in auth.php
Adds a dedicated Filament v5 System panel at system using guard platform (custom login + dashboard)
Enforces strict cross-scope isolation between /admin and system (deny-as-404)
Adds platform capability gating (platform.access_system_panel, platform.use_break_glass) + gates in AuthServiceProvider
Implements audited break-glass mode (enter/exit/expire), banner via render hook, feature flag + TTL config
Removes legacy users.is_platform_superadmin runtime usage and adds an architecture test to prevent regressions
Updates tenant membership pivot usage where needed (tenant_memberships)
Testing:

vendor/bin/sail artisan test --compact tests/Feature/Auth (28 passed)
vendor/bin/sail bin pint --dirty
Notes:

Filament v5 / Livewire v4 compatible.
Panel providers registered in providers.php.
Destructive actions use ->action(...) + ->requiresConfirmation() where applicable.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #77
2026-01-27 21:49:18 +00:00

83 lines
2.3 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Filament\System\Pages\Auth;
use App\Models\PlatformUser;
use App\Models\Tenant;
use App\Services\Intune\AuditLogger;
use Filament\Auth\Http\Responses\Contracts\LoginResponse;
use Filament\Auth\Pages\Login as BaseLogin;
use Illuminate\Validation\ValidationException;
class Login extends BaseLogin
{
public function authenticate(): ?LoginResponse
{
$data = $this->form->getState();
$email = (string) ($data['email'] ?? '');
try {
$response = parent::authenticate();
} catch (ValidationException $exception) {
$this->audit(status: 'failure', email: $email, actor: null, reason: 'invalid_credentials');
throw $exception;
}
if (! $response) {
return null;
}
/** @var PlatformUser|null $user */
$user = auth('platform')->user();
if (! ($user instanceof PlatformUser)) {
return $response;
}
if (! $user->is_active) {
auth('platform')->logout();
$this->audit(status: 'failure', email: $email, actor: null, reason: 'inactive');
throw ValidationException::withMessages([
'data.email' => __('filament-panels::auth/pages/login.messages.failed'),
]);
}
$user->forceFill(['last_login_at' => now()])->saveQuietly();
$this->audit(status: 'success', email: $email, actor: $user);
return $response;
}
private function audit(string $status, string $email, ?PlatformUser $actor, ?string $reason = null): void
{
$tenant = Tenant::query()->where('external_id', 'platform')->first();
if (! $tenant) {
return;
}
app(AuditLogger::class)->log(
tenant: $tenant,
action: 'platform.auth.login',
context: [
'attempted_email' => $email,
'ip' => request()->ip(),
'user_agent' => request()->userAgent(),
'reason' => $reason,
],
actorId: $actor?->getKey(),
actorEmail: $actor?->email ?? ($email ?: null),
actorName: $actor?->name,
status: $status,
resourceType: 'platform_user',
resourceId: $actor ? (string) $actor->getKey() : null,
);
}
}
Reference in New Issue View Git Blame Copy Permalink