- Auth

app/Actions/Auth/ChangePasswordAction.php

@@ -0,0 +1,25 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Strava\Actions\Auth;
+
+use Illuminate\Support\Facades\Hash;
+use Strava\Models\User;
+
+class ChangePasswordAction
+{
+    public function execute(User $user, string $currentPassword, string $newPassword): bool
+    {
+        if (!Hash::check($currentPassword, $user->password)) {
+            return false;
+        }
+
+        $hashedPassword = Hash::make($newPassword);
+
+        $user->password = $hashedPassword;
+        $user->save();
+
+        return true;
+    }
+}

app/Actions/Auth/GenerateResetCodeAction.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Strava\Actions\Auth;
+
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Hash;
+use Random\RandomException;
+
+class GenerateResetCodeAction
+{
+    public function execute(string $email): string
+    {
+        $code = "";
+
+        try {
+            $code = (string)random_int(100000, 999999);
+        } catch (RandomException $e) {
+            report($e);
+
+            abort(500, "Unable to generate secure reset code.");
+        }
+
+        DB::table("password_reset_tokens")->updateOrInsert(
+            ["email" => $email],
+            [
+                "email" => $email,
+                "token" => Hash::make($code),
+                "created_at" => now(),
+            ],
+        );
+
+        return $code;
+    }
+}

app/Actions/Auth/ResetPasswordAction.php

@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Strava\Actions\Auth;
+
+use Illuminate\Auth\Events\PasswordReset;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Password;
+use Illuminate\Support\Str;
+use Strava\Models\User;
+
+class ResetPasswordAction
+{
+    public function execute(array $credentials): bool
+    {
+        $status = Password::reset($credentials, function (User $user, string $password): void {
+            $user->forceFill([
+                "password" => Hash::make($password),
+            ])->setRememberToken(Str::random(60));
+
+            $user->save();
+
+            event(new PasswordReset($user));
+        });
+
+        return $status === Password::PASSWORD_RESET;
+    }
+}

app/Http/Controllers/Auth/LoginController.php

@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Strava\Http\Controllers\Auth;
+
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Auth;
+use Strava\Http\Controllers\Controller;
+use Strava\Http\Requests\Auth\LoginRequest;
+use Symfony\Component\HttpFoundation\Response;
+
+class LoginController extends Controller
+{
+    public function login(LoginRequest $request): JsonResponse
+    {
+        $credentials = $request->validated();
+
+        if (!Auth::attempt($credentials)) {
+            return response()->json([], Response::HTTP_FORBIDDEN);
+        }
+
+        $user = Auth::user();
+        $token = $user->createToken("api-token")->plainTextToken;
+
+        return response()->json([
+            "token" => $token,
+            "user_id" => $user->id,
+        ], Response::HTTP_OK);
+    }
+}

app/Http/Controllers/Auth/LogoutController.php

@@ -0,0 +1,25 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Strava\Http\Controllers\Auth;
+
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Strava\Http\Controllers\Controller;
+use Symfony\Component\HttpFoundation\Response;
+
+class LogoutController extends Controller
+{
+    public function logout(Request $request): JsonResponse
+    {
+        $user = $request->user();
+        $token = $user->currentAccessToken();
+
+        if ($token) {
+            $token->delete();
+        }
+
+        return response()->json([], Response::HTTP_OK);
+    }
+}

app/Http/Controllers/Auth/PasswordController.php

@@ -0,0 +1,62 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Strava\Http\Controllers\Auth;
+
+use Illuminate\Http\JsonResponse;
+use Strava\Actions\Auth\ChangePasswordAction;
+use Strava\Actions\Auth\GenerateResetCodeAction;
+use Strava\Actions\Auth\ResetPasswordAction;
+use Strava\Http\Controllers\Controller;
+use Strava\Http\Requests\Auth\ChangePasswordRequest;
+use Strava\Http\Requests\Auth\ForgotPasswordRequest;
+use Strava\Http\Requests\Auth\ResetPasswordRequest;
+use Strava\Models\User;
+use Strava\Notifications\ForgotPasswordNotification;
+use Symfony\Component\HttpFoundation\Response;
+
+class PasswordController extends Controller
+{
+    public function sendResetEmail(ForgotPasswordRequest $request, GenerateResetCodeAction $generateResetCodeAction): JsonResponse
+    {
+        $validated = $request->validated();
+        $email = $validated["email"];
+
+        $code = $generateResetCodeAction->execute($email);
+
+        $user = User::query()->where("email", $email)->first();
+        $user?->notify(new ForgotPasswordNotification($code));
+
+        return response()->json([], Response::HTTP_OK);
+    }
+
+    public function resetPassword(ResetPasswordRequest $request, ResetPasswordAction $resetPasswordAction): JsonResponse
+    {
+        $validated = $request->validated();
+        $success = $resetPasswordAction->execute($validated);
+
+        return $success
+            ? response()->json([], Response::HTTP_OK)
+            : response()->json([], Response::HTTP_BAD_REQUEST);
+    }
+
+    public function changePassword(ChangePasswordRequest $request, ChangePasswordAction $changePasswordAction): JsonResponse
+    {
+        $user = $request->user();
+        $validated = $request->validated();
+
+        $currentPassword = $validated["current_password"];
+        $newPassword = $validated["password"];
+
+        $success = $changePasswordAction->execute(
+            $user,
+            $currentPassword,
+            $newPassword,
+        );
+
+        return $success
+            ? response()->json([], Response::HTTP_OK)
+            : response()->json([], Response::HTTP_FORBIDDEN);
+    }
+}

app/Http/Controllers/Auth/RegisterController.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Strava\Http\Controllers\Auth;
+
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Hash;
+use Strava\Http\Controllers\Controller;
+use Strava\Http\Requests\Auth\RegisterRequest;
+use Strava\Models\User;
+use Symfony\Component\HttpFoundation\Response;
+
+class RegisterController extends Controller
+{
+    public function register(RegisterRequest $request): JsonResponse
+    {
+        $validated = $request->validated();
+
+        $user = new User($validated);
+        $user->password = Hash::make($validated["password"]);
+        $user->save();
+
+        return response()->json([], Response::HTTP_CREATED);
+    }
+}

app/Http/Requests/Auth/ChangePasswordRequest.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Strava\Http\Requests\Auth;
+
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Foundation\Http\FormRequest;
+
+class ChangePasswordRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return auth()->check();
+    }
+
+    /**
+     * @return array<string, ValidationRule|array<mixed>|string>
+     */
+    public function rules(): array
+    {
+        return [
+            "current_password" => ["required", "string"],
+            "password" => ["required", "string", "min:8", "confirmed"],
+        ];
+    }
+}

app/Http/Requests/Auth/ForgotPasswordRequest.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Strava\Http\Requests\Auth;
+
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Foundation\Http\FormRequest;
+
+class ForgotPasswordRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /**
+     * @return array<string, ValidationRule|array<mixed>|string>
+     */
+    public function rules(): array
+    {
+        return [
+            "email" => ["required", "string", "email", "max:255"],
+        ];
+    }
+}

app/Http/Requests/Auth/LoginRequest.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Strava\Http\Requests\Auth;
+
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Foundation\Http\FormRequest;
+
+class LoginRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /**
+     * @return array<string, ValidationRule|array<mixed>|string>
+     */
+    public function rules(): array
+    {
+        return [
+            "email" => ["required", "string", "email", "max:255"],
+            "password" => ["required", "string", "max:255"],
+        ];
+    }
+}

app/Http/Requests/Auth/RegisterRequest.php

@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Strava\Http\Requests\Auth;
+
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Foundation\Http\FormRequest;
+
+class RegisterRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /**
+     * @return array<string, ValidationRule|array<mixed>|string>
+     */
+    public function rules(): array
+    {
+        return [
+            "name" => ["required", "string", "max:255"],
+            "email" => ["required", "string", "email:rfc,dns", "max:255", "unique:users"],
+            "password" => ["required", "string", "min:8", "max:255", "confirmed"],
+        ];
+    }
+}

app/Http/Requests/Auth/ResetPasswordRequest.php

@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Strava\Http\Requests\Auth;
+
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Foundation\Http\FormRequest;
+
+class ResetPasswordRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /**
+     * @return array<string, ValidationRule|array<mixed>|string>
+     */
+    public function rules(): array
+    {
+        return [
+            "token" => ["required", "string"],
+            "email" => ["required", "string", "email"],
+            "password" => ["required", "string", "min:8", "max:255", "confirmed"],
+        ];
+    }
+}

app/Models/User.php

@@ -11,6 +11,7 @@
 use Laravel\Sanctum\HasApiTokens;
 
 /**
+ * @property int $id
  * @property string $name
  * @property string $email
  * @property string $password