Bånder

AuthController extends Controller
in package
uses HandlesUserTokens

Authentication and token management controller

Handles user authentication, registration, token management, and security features including device binding, IP tracking, and session management.

Tags
tags

Auth

Attributes
#[Prefix]
'auth'

Table of Contents

Properties

$geoLocationService  : GeoLocationService
$tokenBindingService  : TokenBindingService

Methods

__construct()  : mixed
forgotPassword()  : JsonResponse
Request a password-reset link
getStreamToken()  : JsonResponse
Create a stream-specific access token
getTokens()  : JsonResponse
Get user's active sessions and tokens
login()  : JsonResponse
Authenticate user and create session
logout()  : Response
Log out the current session
refreshToken()  : Response
Refresh access token using refresh token
register()  : JsonResponse
Register a new user account
resetPassword()  : JsonResponse
Reset user password
revokeAllTokensExceptCurrent()  : JsonResponse
Revoke all sessions except current
revokeToken()  : JsonResponse
Revoke a specific token/session
verify()  : UserResource
Verify the user email address
denyWithStatus()  : mixed
gateCheckExecuteJob()  : mixed
gateCheckViewDashboard()  : mixed
noContent()  : mixed
createTokenSet()  : mixed
createTokenSetWithBinding()  : JsonResponse
Create a token set with security binding information
initializeTokenBinding()  : void
Initialize token binding data for new tokens
updateTokenBinding()  : void
Update token-binding data for existing tokens

Properties

Methods

forgotPassword()

Request a password-reset link

public forgotPassword(ForgotPasswordRequest $request) : JsonResponse

Sends a password reset link to the specified email address if a user account exists. The link contains a secure token for verification.

Parameters
$request : ForgotPasswordRequest

Request containing email and optional URL template

Tags
throws
ModelNotFoundException

When user email is not found

unauthenticated
response

array{message: string}

Attributes
#[Post]
'forgotPassword'
'auth.forgotPassword'
Return values
JsonResponse

getStreamToken()

Create a stream-specific access token

public getStreamToken(Request $request) : JsonResponse

Generates a short-lived token specifically for media streaming operations. These tokens have limited scope and shorter expiration for enhanced security.

Parameters
$request : Request

Request with refresh token for authorization

Tags
throws
AuthorizationException

When refresh token is invalid

response

array{streamToken: NewAccessTokenResource}

Attributes
#[Post]
'streamToken'
'auth.streamToken'
['auth:sanctum', 'ability:' . TokenAbility::ISSUE_ACCESS_TOKEN->value]
Return values
JsonResponse

getTokens()

Get user's active sessions and tokens

public getTokens(Request $request) : JsonResponse

Returns detailed information about all active tokens/sessions including IP history, location data, and device information for security management.

Parameters
$request : Request

Authenticated request

Tags
response

array<array{ id: int, name: string, ip_address: string, ip_change_count: int, country_code:string, city:string, ip_history: array, last_used_at: string, created_at: string, is_current: bool }>

Attributes
#[Get]
'tokens'
'auth.tokens'
['auth:sanctum']
Return values
JsonResponse

login()

Authenticate user and create session

public login(LoginRequest $request) : JsonResponse

Authenticates a user with email and password, creates access and refresh tokens with device binding and location tracking for security purposes.

Parameters
$request : LoginRequest

Request containing email, password, and optional remember flag

Tags
throws
ValidationException

When credentials are invalid

unauthenticated
response

array{ accessToken: NewAccessTokenResource, refreshToken: NewAccessTokenResource, sessionId: string }

status

201

Attributes
#[Post]
'login'
'auth.login'
Return values
JsonResponse

logout()

Log out the current session

public logout(LogoutRequest $request) : Response

Revokes the current access and refresh tokens, effectively logging out the user from the current session/device.

Parameters
$request : LogoutRequest

Request with optional refresh token

Tags
status

204

Attributes
#[Post]
'logout'
'auth.logout'
['auth:sanctum']
Return values
Response

refreshToken()

Refresh access token using refresh token

public refreshToken(Request $request) : Response

Creates a new access token using a valid refresh token. Updates device binding information and maintains session continuity.

Parameters
$request : Request

Request with refresh token in the Authorization header

Tags
throws
AuthorizationException|JsonException

When refresh token is invalid

response

array{accessToken: NewAccessTokenResource}

Attributes
#[Post]
'refreshToken'
'auth.refreshToken'
['auth:sanctum', 'ability:' . TokenAbility::ISSUE_ACCESS_TOKEN->value]
Return values
Response

register()

Register a new user account

public register(RegisterRequest $request) : JsonResponse

Creates a new user account with the provided information and automatically logs them in with access and refresh tokens.

Parameters
$request : RegisterRequest

Request containing name, email, and password

Tags
throws
ValidationException

When registration data is invalid

unauthenticated
response

array{ accessToken: NewAccessTokenResource, refreshToken: NewAccessTokenResource, sessionId: string }

status

201

Attributes
#[Post]
'register'
'auth.register'
Return values
JsonResponse

resetPassword()

Reset user password

public resetPassword(ResetPasswordRequest $request) : JsonResponse

Resets the user's password using a valid reset token. All existing tokens are revoked for security after a password change.

Parameters
$request : ResetPasswordRequest

Request containing email, token, and new password

Tags
throws
ModelNotFoundException

When a user is not found

throws
ValidationException|Throwable

When a token is invalid

unauthenticated
response

array{message: string}

Attributes
#[Post]
'resetPassword'
'auth.resetPassword'
Return values
JsonResponse

revokeAllTokensExceptCurrent()

Revoke all sessions except current

public revokeAllTokensExceptCurrent(Request $request) : JsonResponse

Revokes all active tokens except the current session. Useful for security purposes when user wants to log out all other devices.

Parameters
$request : Request

Authenticated request

Tags
response

array{message: string}

Attributes
#[Delete]
'tokens'
'auth.tokens.revokeAll'
['auth:sanctum']
Return values
JsonResponse

revokeToken()

Revoke a specific token/session

public revokeToken(Request $request, string $tokenId) : JsonResponse

Permanently revokes a specific token, ending that session. Cannot be used to revoke the current session - use logout endpoint instead.

Parameters
$request : Request

Authenticated request

$tokenId : string

The ID of the token to revoke

Tags
throws
ModelNotFoundException

When a token is not found

throws
ValidationException

When trying to revoke the current token

response

array{message: string}

Attributes
#[Delete]
'tokens/{token}'
'auth.tokens.revoke'
['auth:sanctum']
Return values
JsonResponse

verify()

Verify the user email address

public verify(int $id, string $hash) : UserResource

Verifies a user's email address using the verification link sent during registration or email change. Marks the email as verified.

Parameters
$id : int

User ID from verification URL

$hash : string

Verification hash from URL

Tags
throws
ModelNotFoundException

When a user is not found

throws
Exception

When verification hash is invalid

unauthenticated
response

UserResource

Attributes
#[Post]
'verify/{id}/{hash}'
'auth.verifyEmail'
Return values
UserResource

denyWithStatus()

protected denyWithStatus(string $message, int $status) : mixed
Parameters
$message : string
$status : int

gateCheckExecuteJob()

protected gateCheckExecuteJob() : mixed

gateCheckViewDashboard()

protected gateCheckViewDashboard() : mixed

createTokenSet()

private createTokenSet(Request $request, User $user) : mixed
Parameters
$request : Request
$user : User

createTokenSetWithBinding()

Create a token set with security binding information

private createTokenSetWithBinding(Request $request, User $user) : JsonResponse

Internal method to create access and refresh tokens with comprehensive security binding including device fingerprinting and location tracking.

Parameters
$request : Request
$user : User
Return values
JsonResponse

initializeTokenBinding()

Initialize token binding data for new tokens

private initializeTokenBinding(PersonalAccessToken $token, Request $request, string $sessionId, string $fingerprint, array<string|int, mixed> $locationData) : void

Sets up comprehensive security binding data including fingerprints, location information, and IP tracking for new tokens.

Parameters
$token : PersonalAccessToken
$request : Request
$sessionId : string
$fingerprint : string
$locationData : array<string|int, mixed>

updateTokenBinding()

Update token-binding data for existing tokens

private updateTokenBinding(PersonalAccessToken $token, Request $request) : void

Updates security binding information when tokens are used, including IP change tracking and location updates for security monitoring.

Parameters
$token : PersonalAccessToken
$request : Request 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results