From 53ab1503e406f46fb05bd013100d416cea0c1c08 Mon Sep 17 00:00:00 2001
From: Ian Morland <16573496+imorland@users.noreply.github.com>
Date: Mon, 7 Nov 2022 13:47:04 +0000
Subject: [PATCH] feat: Allow additional login params, Introduce
 `LogInValidator` (#3670)

* Allow additional login params, dispatch 'LoggingIn' event

* Update framework/core/js/src/forum/components/LogInModal.tsx

Co-authored-by: David Wheatley <hi@davwheat.dev>

* Introduce 'LogInValidator'

* Apply fixes from StyleCI

Co-authored-by: David Wheatley <hi@davwheat.dev>
Co-authored-by: StyleCI Bot <bot@styleci.io>
---
 .../js/src/forum/components/LogInModal.tsx    | 17 ++++++++++------
 .../src/Forum/Controller/LogInController.php  | 12 ++++++++++-
 framework/core/src/Forum/LogInValidator.php   | 20 +++++++++++++++++++
 3 files changed, 42 insertions(+), 7 deletions(-)
 create mode 100644 framework/core/src/Forum/LogInValidator.php

diff --git a/framework/core/js/src/forum/components/LogInModal.tsx b/framework/core/js/src/forum/components/LogInModal.tsx
index 556f78be9..6305f37da 100644
--- a/framework/core/js/src/forum/components/LogInModal.tsx
+++ b/framework/core/js/src/forum/components/LogInModal.tsx
@@ -9,6 +9,7 @@ import ItemList from '../../common/utils/ItemList';
 import Stream from '../../common/utils/Stream';
 import type Mithril from 'mithril';
 import RequestError from '../../common/utils/RequestError';
+import type { LoginParams } from '../../common/Session';
 
 export interface ILoginModalAttrs extends IInternalModalAttrs {
   identification?: string;
@@ -172,13 +173,17 @@ export default class LogInModal<CustomAttrs extends ILoginModalAttrs = ILoginMod
 
     this.loading = true;
 
-    const identification = this.identification();
-    const password = this.password();
-    const remember = this.remember();
+    app.session.login(this.loginParams(), { errorHandler: this.onerror.bind(this) }).then(() => window.location.reload(), this.loaded.bind(this));
+  }
 
-    app.session
-      .login({ identification, password, remember }, { errorHandler: this.onerror.bind(this) })
-      .then(() => window.location.reload(), this.loaded.bind(this));
+  loginParams(): LoginParams {
+    const data = {
+      identification: this.identification(),
+      password: this.password(),
+      remember: this.remember(),
+    };
+
+    return data;
   }
 
   onerror(error: RequestError) {
diff --git a/framework/core/src/Forum/Controller/LogInController.php b/framework/core/src/Forum/Controller/LogInController.php
index 30212d3b8..86de9ceeb 100644
--- a/framework/core/src/Forum/Controller/LogInController.php
+++ b/framework/core/src/Forum/Controller/LogInController.php
@@ -10,6 +10,7 @@
 namespace Flarum\Forum\Controller;
 
 use Flarum\Api\Client;
+use Flarum\Forum\LogInValidator;
 use Flarum\Http\AccessToken;
 use Flarum\Http\RememberAccessToken;
 use Flarum\Http\Rememberer;
@@ -49,19 +50,26 @@ class LogInController implements RequestHandlerInterface
      */
     protected $rememberer;
 
+    /**
+     * @var LogInValidator
+     */
+    protected $validator;
+
     /**
      * @param \Flarum\User\UserRepository $users
      * @param Client $apiClient
      * @param SessionAuthenticator $authenticator
      * @param Rememberer $rememberer
+     * @param LogInValidator $validator
      */
-    public function __construct(UserRepository $users, Client $apiClient, SessionAuthenticator $authenticator, Dispatcher $events, Rememberer $rememberer)
+    public function __construct(UserRepository $users, Client $apiClient, SessionAuthenticator $authenticator, Dispatcher $events, Rememberer $rememberer, LogInValidator $validator)
     {
         $this->users = $users;
         $this->apiClient = $apiClient;
         $this->authenticator = $authenticator;
         $this->events = $events;
         $this->rememberer = $rememberer;
+        $this->validator = $validator;
     }
 
     /**
@@ -72,6 +80,8 @@ class LogInController implements RequestHandlerInterface
         $body = $request->getParsedBody();
         $params = Arr::only($body, ['identification', 'password', 'remember']);
 
+        $this->validator->assertValid($body);
+
         $response = $this->apiClient->withParentRequest($request)->withBody($params)->post('/token');
 
         if ($response->getStatusCode() === 200) {
diff --git a/framework/core/src/Forum/LogInValidator.php b/framework/core/src/Forum/LogInValidator.php
new file mode 100644
index 000000000..33035ae6a
--- /dev/null
+++ b/framework/core/src/Forum/LogInValidator.php
@@ -0,0 +1,20 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Forum;
+
+use Flarum\Foundation\AbstractValidator;
+
+class LogInValidator extends AbstractValidator
+{
+    /**
+     * {@inheritdoc}
+     */
+    protected $rules = [];
+}