Sponsor Login Controller

app/Http/Controllers/SponsorLoginController.php

@@ -0,0 +1,144 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers;
+
+use App\Models\SponsorDomain;
+use App\Models\SponsorUser;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+class SponsorLoginController
+{
+    public function showLoginForm()
+    {
+        return view('sponsor.login');
+    }
+
+    public function validateEmail(Request $request): JsonResponse
+    {
+        // Validate input request using Laravel's in-built validator
+        $request->validate([
+            'email' => [
+                'required',
+                'string',
+                'email:rfc,strict,dns,spoof',
+                'max:255',
+            ],
+        ]);
+
+        // Read value - cast to string since validation guarantees it
+        $email = (string) $request->input('email');
+
+        // Check if domain is valid and sponsor is active; if not, return JSON error
+        if (! $this->isValidSponsorDomain($email)) {
+            return $this->errorResponse(
+                'Authentication Error',
+                'Could not validate email or sponsor is no longer active. '.
+                'Contact [email protected] if the issue persists.'
+            );
+        }
+
+        // Get sponsor user and check if exists in one query
+        $sponsorUser = SponsorUser::where('email', $email)->first();
+        if (! $sponsorUser) {
+            // Create new SponsorUser model for new users
+            $sponsorUser = new SponsorUser();
+            $sponsorUser->email = $email;
+            $sponsorUser->save();
+        }
+
+        // Generate and dispatch OTP using Spatie
+        $sponsorUser->sendOneTimePassword();
+
+        // Cache minimal state for OTP verification
+        session([
+            'sponsor_email_pending' => $email,
+        ]);
+
+        return response()->json([
+            'success' => true,
+            'message' => 'One-Time Password Sent! Please type the one-time password sent to your email.',
+        ], 200);
+    }
+
+    public function verifyOtp(Request $request): JsonResponse
+    {
+        // Laravel will automatically throw an error if OTP is invalid
+        $request->validate([
+            'otp' => ['required', 'string', 'digits:6'],
+        ]);
+
+        // Validate session and retrieve user
+        $email = session('sponsor_email_pending');
+        if (! is_string($email) || $email === '') {
+            return $this->errorResponse(
+                'Session Expired',
+                'Your session has expired. Please start the login process again.'
+            );
+        }
+
+        // Retrieve existing user for OTP verification
+        // sole() ensures exactly one user exists (throws exception if 0 or >1 found)
+        $sponsorUser = SponsorUser::where('email', $email)->sole();
+
+
+        // Verify sponsor domain is still valid and active BEFORE verifying OTP
+        if (! $this->isValidSponsorDomain($email)) {
+            return $this->errorResponse(
+                'Authentication Error',
+                'Could not validate email or sponsor is no longer active. '.
+                'Please contact [email protected] if the issue persists.'
+            );
+        }
+
+        // Verify OTP using Spatie
+        $result = $sponsorUser->attemptLoginUsingOneTimePassword((string) $request->input('otp'));
+        if (! $result->isOk()) {
+            return $this->errorResponse('Invalid OTP', $result->validationMessage());
+        }
+
+        // Save new user to database after successful OTP verification and sponsor check
+        if (! $sponsorUser->exists) {
+            $sponsorUser->save();
+        }
+
+        // Establish authenticated session using Laravel's Auth facade
+        $request->session()->regenerate();
+        Auth::login($sponsorUser);
+
+        // Store authentication timestamp (similar to CAS)
+        $request->session()->put('authenticationInstant', Cas::getAttribute('authenticationDate'));
+
+        session()->forget('sponsor_email_pending');
+
+        return response()->json([
+            'success' => true,
+            'message' => 'Login successful! Redirecting to dashboard...',
+            'redirect' => route('home'),
+        ]);
+    }
+
+    private function isValidSponsorDomain(string $email): bool
+    {
+        $domain = substr(strrchr($email, '@'), 1);
+        $sponsorDomain = SponsorDomain::where('domain_name', $domain)->first();
+
+        if (! $sponsorDomain) {
+            return false;
+        }
+
+        return $sponsorDomain->sponsor && $sponsorDomain->sponsor->active();
+    }
+
+    private function errorResponse(string $title, string $message, int $status = 422): JsonResponse
+    {
+        return response()->json([
+            'error' => true,
+            'title' => $title,
+            'message' => $message,
+        ], $status);
+    }
+}

psalm.xml

@@ -37,11 +37,6 @@
                 <directory name="app" />
             </errorLevel>
         </LessSpecificImplementedReturnType>
-        <ImplementedReturnTypeMismatch>
-            <errorLevel type="suppress">
-                <directory name="app" />
-            </errorLevel>
-        </ImplementedReturnTypeMismatch>
         <InvalidReturnStatement>
             <errorLevel type="suppress">
                 <directory name="app" />
@@ -439,6 +434,7 @@
                 <directory name="app/Policies/"/>
                 <directory name="database/seeders/"/>
                 <referencedMethod name="App\HorizonHealthCheck::__construct"/>
+                <referencedMethod name="App\Providers\AppServiceProvider::boot"/>
                 <referencedMethod name="App\Util\Sentry::tracesSampler"/>
             </errorLevel>
         </PossiblyUnusedMethod>

resources/js/components/sponsors/SponsorLogin.vue

@@ -48,7 +48,7 @@
         <button
           class="btn btn-link"
           :disabled="!canResend"
-          @click="sendOTP"
+          @click="validateEmail"
         >
           {{ canResend ? 'Resend OTP' : `Resend in ${resendCooldown}s` }}
         </button>
@@ -73,6 +73,10 @@ export default {
       resendCooldown: 30,
     };
   },
+  beforeUnmount() {
+    // Clean up interval timer when app is exited to prevent memory leaks
+    clearInterval(this.resendTimer);
+  },
   methods: {
     showToast(message, icon = 'info') {
       Swal.fire({
@@ -85,30 +89,42 @@ export default {
         timerProgressBar: true
       });
     },
+    handleApiError(error, validationField = null) {
+      if (error.response?.data) {
+        const data = error.response.data;
+
+        // Custom error response from controller
+        if (data.error && data.title && data.message) {
+          Swal.fire(data.title, data.message, 'error');
+        } 
+        // Laravel validation error
+        else if (validationField && data.errors?.[validationField]) {
+          Swal.fire('Validation Error', data.errors[validationField][0], 'error');
+        }
+        // Any other server error
+        else {
+          Swal.fire('Error', 'Something went wrong. Please try again. If the issue persists, contact [email protected].', 'error');
+        }
+      } else {
+        // Network error (no response from server)
+        Swal.fire('Connection Error', 'Unable to reach the server. Please check your connection. If the issue persists, contact [email protected].', 'error');
+      }
+    },
     validateEmail() {
-    //   axios.post('/sponsor/check-email', { email: this.email })
-    //     .then(res => {
-    //       if (res.data.valid) {
-    //         this.emailValidated = true;
-    //         this.showToast('A one-time password has been sent to your email.', 'info');
-    //       } else {
-    //         this.showToast('Email domain not approved.', 'error');
-    //       }
-    //     })
-    //     .catch(() => {
-    //       this.showToast('Something went wrong. Please try again.', 'error');
-    //     });
-        if (this.email === '[email protected]') {
+      axios.post('/sponsor/validate-email', { email: this.email })
+        .then(res => {
+          if (res.data.success) { // else need to throw error
             this.emailValidated = true;
-            this.sendOTP();
-        } else {
-          // NOTE: [email protected] is a placeholder for now; will change when I find out
-          // who is a good point of contact
-          Swal.fire('Authentication Error', 'Could not validate email domain. Please try again, or contact <a href="[email protected]">[email protected]</a> if issues persist.', 'error');
-        }
+            this.beginResendCooldown();
+
+          }
+        })
+        .catch(error => {
+          this.handleApiError(error, 'email');
+        });
     },
     beginResendCooldown() {
-        this.resendCooldown = 30;
+        this.resendCooldown = 60; // may want to increase to 2 mins in future
         this.canResend = false;
         clearInterval(this.resendTimer);
         this.resendTimer = setInterval(() => {
@@ -120,30 +136,18 @@ export default {
             }
         }, 1000);
     },
-    sendOTP() {
-        //TODO: OTP Logic. Rate-limiting should be implemented on backend.
-        this.beginResendCooldown();
-    },
     handleSubmit() {
-    //   axios.post('/sponsor/login', { email: this.email, password: this.password })
-    //     .then(res => {
-    //       if (res.data.success) {
-    //         window.location.href = '/sponsor/dashboard';
-    //       } else {
-    //         this.showToast('Invalid password.', 'error');
-    //       }
-    //     })
-    //     .catch(() => {
-    //       this.showToast('Something went wrong. Please try again.', 'error');
-    //     });
-      if (this.password === 'hello') {
-        window.location.href='/';
-      } else {
-        Swal.fire(
-          'Authentication Error', 
-          'Could not validate password. Please try again or contact <a href="[email protected]">[email protected]</a> if the issue persists.', 
-          'error');
-      }
+      // TODO: ensure correct route
+      axios.post('/sponsor/verify-otp', { otp: this.password })
+        .then(res => {
+          if (res.data.success) {
+            // Redirect to the URL provided by the controller
+            window.location.href = res.data.redirect;
+          }
+        })
+        .catch(error => {
+          this.handleApiError(error, 'otp');
+        });
     }
   }
 };

resources/views/mail/sponsor-otp.blade.php

@@ -0,0 +1,9 @@
+Hello,
+
+You requested a one-time password to log in to the RoboJackets Sponsor Portal.
+
+Your one-time password is: {{ $otp }}
+
+This password will expire in 10 minutes.
+
+If you did not request this password, please contact [email protected].

routes/web.php

@@ -13,6 +13,7 @@
 use App\Http\Controllers\RemoteAttendanceController;
 use App\Http\Controllers\ResumeController;
 use App\Http\Controllers\RsvpController;
+use App\Http\Controllers\SponsorLoginController;
 use App\Http\Controllers\SquareCheckoutController;
 use App\Http\Controllers\SUMSController;
 use App\Http\Controllers\TeamController;
@@ -129,3 +130,9 @@
 Route::get('oauth/authorize', [AuthorizationController::class, 'authorize'])
     ->name('passport.authorizations.authorize')
     ->middleware('auth');
+
+Route::prefix('sponsor')->name('sponsor.')->group(static function (): void {
+    Route::get('/login', [SponsorLoginController::class, 'showLoginForm'])->name('login');
+    Route::post('/validate-email', [SponsorLoginController::class, 'validateEmail'])->name('validate-email');
+    Route::post('/verify-otp', [SponsorLoginController::class, 'verifyOtp'])->name('verify-otp');
+});