From b881ff4774caa2d2c7e520845aed4c238653a5e8 Mon Sep 17 00:00:00 2001
From: armiejean <armie.miranda@qlicqer.com>
Date: Mon, 12 May 2025 19:27:17 +0800
Subject: [PATCH] login works

---
 app/Http/Controllers/AuthController.php    | 122 +++++++++++++--------
 resources/views/change-password.blade.php  |   7 +-
 resources/views/layouts/app.blade.php      |   2 +-
 resources/views/pages/my-profile.blade.php |   8 +-
 routes/web.php                             |   4 +-
 5 files changed, 88 insertions(+), 55 deletions(-)

diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
index 5c7fc77..2f06265 100644
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@@ -5,8 +5,8 @@ namespace App\Http\Controllers;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Http;
 use Illuminate\Support\Facades\Log;
-use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Session;
+
 class AuthController extends Controller
 {
     protected $apiBaseUrl = 'http://192.168.100.6:8081/api';
@@ -22,30 +22,14 @@ class AuthController extends Controller
     /**
      * Handle login form submission by calling the API
      */
-//   public function login(Request $request)
-// {
-//     $credentials = $request->only('username', 'password');
-
-//     if (Auth::attempt($credentials)) {
-//         $request->session()->regenerate();
-//         $user = Auth::user();
-
-//         // Always redirect to my-profile route, let the route's controller handle the user
-//         return redirect()->route('my-profile');
-//     }
-//     return redirect()->back()->with('error', 'Invalid username or password');
-// }
-
-  public function login(Request $request)
+    public function login(Request $request)
     {
-        // Validate input
         $request->validate([
             'username' => 'required|string',
             'password' => 'required|string',
         ]);
 
         try {
-            // Send HTTP request to external API
             $response = Http::post(config('services.backend_api.url') . '/api/cms/login_password', [
                 'username' => $request->username,
                 'password' => $request->password,
@@ -53,57 +37,81 @@ class AuthController extends Controller
 
             $json = $response->json();
 
+            Log::info('Login API Response: ', $json);
+
             if ($response->successful()) {
                 if ($json['code'] == 200) {
-                    // Store user data in session
-                    Session::put('user', [
+                    $userData = [
                         'admin' => $json['data']['admin'] ?? null,
                         'access_token' => $json['data']['token'] ?? null,
-                    ]);
-                    // dd(Session::get('user'));
+                        'admin_uuid' => $json['data']['admin']['uuid'] ?? null,
+                    ];
+                    Session::put('user', $userData);
+                    Session::save();
 
-                    // Redirect to profile page
-                    return redirect('my-profile');
+                    Log::info('Session data after login: ', Session::get('user'));
+
+                    // Redirect to my-profile if access_token is present
+                    if (isset($userData['access_token']) && !empty($userData['access_token'])) {
+                        Log::info('Access token present, redirecting to my-profile from login');
+                        return redirect()->route('my-profile');
+                    }
+
+                    $isPasswordChanged = $json['data']['admin']['is_passwordChanged'] ?? 0;
+                    Log::info('Login: is_passwordChanged from API = ' . $isPasswordChanged);
+
+                    if ($isPasswordChanged == 1) {
+                        Log::info('Redirecting to my-profile from login');
+                        return redirect()->route('my-profile');
+                    } else {
+                        Log::info('Redirecting to change-password from login');
+                        return redirect()->route('change-password')->with('info', 'You must change your password before accessing your profile.');
+                    }
                 } else {
-                    // Handle login failure from API
                     return back()->withErrors(['username' => $json['message'] ?? 'Login failed.']);
                 }
             } else {
-                // Handle failed HTTP response
-                return back()->withErrors(['username' => $json['message'] ?? 'Login request failed. Please try again.']);
+                return back()->withErrors(['username' => $json['message'] ?? 'Login request failed.']);
             }
-
         } catch (\Exception $e) {
-            // Handle unexpected errors
             Log::error('Login error: ' . $e->getMessage());
             return back()->withErrors(['username' => 'An error occurred: ' . $e->getMessage()]);
         }
     }
 
-public function showMyProfile()
+    /**
+     * Show the my-profile page
+     */
+    public function showMyProfile()
     {
-        // Fetch the authenticated user
-        $user = Auth::user();
+        $user = Session::get('user');
 
-        // If no user is authenticated, redirect to login
-        if (!$user) {
+        if (!$user || !isset($user['access_token'])) {
+            Log::info('No user session or access token, redirecting to login from my-profile');
             return redirect()->route('login')->with('error', 'Please log in to view your profile.');
         }
 
-        // Pass the user to the view
+        if (!isset($user['admin']) || !is_array($user['admin'])) {
+            Log::error('Invalid admin data in session: ', $user);
+            return redirect()->route('login')->with('error', 'Invalid user data. Please log in again.');
+        }
+
+        Log::info('Session data in my-profile: ', $user);
+        Log::info('Rendering my-profile page');
         return view('pages.my-profile', compact('user'));
     }
 
-
     /**
      * Show the change password form
      */
     public function showChangePasswordForm()
     {
-        if (!session()->has('admin_uuid')) {
+        if (!session()->has('user.admin_uuid')) {
+            Log::info('No admin_uuid in session, redirecting to login from change-password form');
             return redirect()->route('login')->withErrors(['error' => 'Unauthorized access']);
         }
 
+        Log::info('Rendering change-password form');
         return view('change-password');
     }
 
@@ -112,6 +120,11 @@ public function showMyProfile()
      */
     public function changePassword(Request $request)
     {
+        $request->validate([
+            'admin_uuid' => 'required|string',
+            'password' => 'required|string|min:8|confirmed',
+        ]);
+
         $url = "{$this->apiBaseUrl}/cms/login_changePassword";
         $csrfToken = $request->session()->token();
 
@@ -119,7 +132,7 @@ public function showMyProfile()
             $response = Http::withHeaders([
                 'X-CSRF-TOKEN' => $csrfToken,
                 'Accept' => 'application/json',
-                'Authorization' => 'Bearer ' . session('token'),
+                'Authorization' => 'Bearer ' . session('user.access_token'),
             ])->post($url, [
                 'admin_uuid' => $request->input('admin_uuid'),
                 'password' => $request->input('password'),
@@ -127,18 +140,34 @@ public function showMyProfile()
 
             $data = $response->json();
 
-            Log::info('Change Password API Response: ', [$data]);
+            Log::info('Change Password API Response: ', $data);
 
             if ($response->successful() && isset($data['code']) && $data['code'] === 200) {
-                if (isset($data['data']['access_token'])) {
-                    session(['token' => $data['data']['access_token']]);
-                } elseif (isset($data['data']['token'])) {
-                    session(['token' => $data['data']['token']]);
+                $user = Session::get('user');
+
+                // Update access token from API response
+                if (isset($data['token'])) {
+                    $user['access_token'] = $data['token'];
+                } elseif (isset($data['data']['access_token'])) {
+                    $user['access_token'] = $data['data']['access_token'];
                 }
-                session()->forget('admin_uuid');
+
+                // Update admin data with the latest from API
+                if (isset($data['admin'])) {
+                    $user['admin'] = $data['admin'];
+                }
+
+                Session::put('user', $user);
+                Session::save();
+
+                Log::info('Updated Session after password change: ', Session::get('user'));
+                Log::info('Redirecting to my-profile from changePassword');
+
+                // Immediately redirect to my-profile
                 return redirect()->route('my-profile')->with('success', $data['message'] ?? 'Password changed successfully');
             }
 
+            Log::info('Change password failed, redirecting back');
             return redirect()->back()->withErrors(['error' => $data['message'] ?? 'Failed to change password']);
         } catch (\Exception $e) {
             Log::error('Change Password Exception: ' . $e->getMessage());
@@ -158,10 +187,11 @@ public function showMyProfile()
             Http::withHeaders([
                 'X-CSRF-TOKEN' => $csrfToken,
                 'Accept' => 'application/json',
-                'Authorization' => 'Bearer ' . session('token'),
+                'Authorization' => 'Bearer ' . session('user.access_token'),
             ])->post($url);
 
             session()->flush();
+            Log::info('Logged out, redirecting to login');
             return redirect()->route('login')->with('success', 'Logged out successfully');
         } catch (\Exception $e) {
             Log::error('Logout Exception: ' . $e->getMessage());
@@ -169,6 +199,4 @@ public function showMyProfile()
             return redirect()->route('login')->with('success', 'Logged out successfully');
         }
     }
-
-
 }
\ No newline at end of file
diff --git a/resources/views/change-password.blade.php b/resources/views/change-password.blade.php
index 384341d..803bc8f 100644
--- a/resources/views/change-password.blade.php
+++ b/resources/views/change-password.blade.php
@@ -24,10 +24,15 @@
                     {{ session('success') }}
                 </div>
             @endif
+            @if (session('info'))
+                <div class="alert alert-info">
+                    {{ session('info') }}
+                </div>
+            @endif
 
             <form method="POST" action="{{ route('password.change') }}">
                 @csrf
-                <input type="hidden" name="admin_uuid" value="{{ session('admin_uuid') }}">
+                <input type="hidden" name="admin_uuid" value="{{ session('user.admin_uuid') }}">
 
                 <div class="mb-3">
                     <label for="password" class="form-label fw-semibold" style="font-size: 13px; color: #003366;">New Password</label>
diff --git a/resources/views/layouts/app.blade.php b/resources/views/layouts/app.blade.php
index 2bb33fc..18e785c 100644
--- a/resources/views/layouts/app.blade.php
+++ b/resources/views/layouts/app.blade.php
@@ -230,7 +230,7 @@
                                 <li class="nav-item dropdown">
                                     <a class="nav-link dropdown-toggle d-flex align-items-center gap-2" href="#"
                                         role="button" data-toggle="dropdown">
-                                        <span style="margin-right:5px">{{ $user->username }}</span>
+                                        <span style="margin-right:5px">{{ $user['admin']['username'] ?? 'N/A' }}</span>
                                         <i class="fa-solid fa-user-circle" style="padding-right:5px"></i>
                                     </a>
                                     <ul class="dropdown-menu dropdown-menu-end dropdown-menu-sm">
diff --git a/resources/views/pages/my-profile.blade.php b/resources/views/pages/my-profile.blade.php
index 4043561..eca7469 100644
--- a/resources/views/pages/my-profile.blade.php
+++ b/resources/views/pages/my-profile.blade.php
@@ -9,7 +9,7 @@
             <div class="banner-icon me-3">
                 <i class="fas fa-user-circle" style="font-size: 40px; color: #6c757d;"></i>
             </div>
-            <h4 class="fw-bold text-primary mb-0" style="margin-left:10px">{{ $user->name ?? 'User' }}</h4>
+            <h4 class="fw-bold text-primary mb-0" style="margin-left:10px">{{ $user['admin']['username'] ?? 'N/A' }}</h4>
         </div>
 
         <!-- Profile Section -->
@@ -20,15 +20,15 @@
                     <h3 class="fw-bold mb-3" style="font-size: 20px; font-weight:400">My Information</h3>
                     <div class="mb-2">
                         <span class="fw-bold text-dark">Username: </span>
-                        <span>{{ $user->username }}</span>
+                        <span>{{ $user['admin']['username'] ?? 'N/A' }}</span>
                     </div>
                     <div class="mb-2">
                         <span class="fw-bold text-dark">Email: </span>
-                        <a href="mailto:{{ $user->email }}" class="text-primary">{{ $user->email }}</a>
+                        <a href="mailto:{{ $user['admin']['email'] ?? 'N/A' }}" class="text-primary">{{ $user['admin']['email'] ?? 'N/A' }}</a>
                     </div>
                     <div>
                         <span class="fw-bold text-dark">Access Role: </span>
-                        <span>{{ $user->role ?? 'System Admin' }}</span>
+                        <span>{{ $user['admin']['role'] ?? 'N/A' }}</span>
                     </div>
                 </div>
             </div>
diff --git a/routes/web.php b/routes/web.php
index bf3d5be..632c353 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -14,9 +14,9 @@ Route::get('/', function () {
 
 Route::get('/login', [AuthController::class, 'showLoginForm'])->name('login');
 Route::post('/login', [AuthController::class, 'login'])->name('login');
-Route::get('/change-password', [AuthController::class, 'showChangePasswordForm'])->name('password.change.form');
+Route::get('/change-password', [AuthController::class, 'showChangePasswordForm'])->name('change-password');
 Route::post('/change-password', [AuthController::class, 'changePassword'])->name('password.change');
-Route::get('/my-profile', [AuthController::class, 'showMyProfile'])->name('my-profile')->middleware('auth');
+Route::get('/my-profile', [AuthController::class, 'showMyProfile'])->name('my-profile');
 Route::post('/logout', [AuthController::class, 'logout'])->name('logout');