bert.hausmans
1028498705
- Add throttle middleware to login (5/min), portal/token-auth (10/min), volunteer-register (5/min), and invitation routes (10/min) - Set Sanctum token expiration to 7 days - Remove billing_status from UpdateOrganisationRequest (super_admin only) - Revoke all Sanctum tokens on password reset - Strengthen password rules: min 8 chars, mixed case, numbers - Create SecurityHeaders middleware (X-Content-Type-Options, X-Frame-Options, HSTS, Referrer-Policy, Permissions-Policy) - Fix open redirect on all 3 login pages (validate ?to= starts with /) - Set APP_DEBUG=false in .env.example - Log failed login attempts with email, IP, user-agent - Log authorization failures (403) with user, IP, path, method - Harden mass assignment: remove user_id from Person, audit fields from ShiftAssignment, system fields from UserInvitation $fillable - Replace real DB records with factory make() in mail preview routes Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
71 lines
2.4 KiB
PHP
71 lines
2.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Requests\Api\V1;
|
|
|
|
use Illuminate\Foundation\Http\FormRequest;
|
|
use Illuminate\Validation\Rules\Password;
|
|
|
|
final class VolunteerRegistrationRequest extends FormRequest
|
|
{
|
|
public function authorize(): bool
|
|
{
|
|
return true;
|
|
}
|
|
|
|
protected function prepareForValidation(): void
|
|
{
|
|
$user = auth('sanctum')->user();
|
|
|
|
if ($user) {
|
|
$this->merge([
|
|
'first_name' => $user->first_name,
|
|
'last_name' => $user->last_name,
|
|
'email' => $user->email,
|
|
'_authenticated' => true,
|
|
]);
|
|
}
|
|
}
|
|
|
|
/** @return array<string, mixed> */
|
|
public function rules(): array
|
|
{
|
|
$user = auth('sanctum')->user();
|
|
|
|
$rules = [
|
|
'first_name' => ['required_without:_authenticated', 'string', 'max:255'],
|
|
'last_name' => ['required_without:_authenticated', 'string', 'max:255'],
|
|
'email' => ['required_without:_authenticated', 'email', 'max:255'],
|
|
'phone' => ['nullable', 'string', 'max:50'],
|
|
'date_of_birth' => ['nullable', 'date', 'before:today'],
|
|
|
|
'tshirt_size' => ['nullable', 'string', 'in:XS,S,M,L,XL,XXL,XXXL'],
|
|
'first_aid' => ['nullable', 'boolean'],
|
|
'allergies' => ['nullable', 'string', 'max:500'],
|
|
'driving_licence' => ['nullable', 'boolean'],
|
|
|
|
'motivation' => ['nullable', 'string', 'max:1000'],
|
|
'motivation_other' => ['nullable', 'string', 'max:500'],
|
|
|
|
'section_preferences' => ['nullable', 'array', 'max:5'],
|
|
'section_preferences.*.festival_section_id' => ['required', 'ulid'],
|
|
'section_preferences.*.priority' => ['required', 'integer', 'min:1', 'max:5'],
|
|
|
|
'availabilities' => ['nullable', 'array'],
|
|
'availabilities.*.time_slot_id' => ['required', 'ulid', 'exists:time_slots,id'],
|
|
'availabilities.*.preference_level' => ['nullable', 'integer', 'min:1', 'max:5'],
|
|
|
|
'field_values' => ['nullable', 'array'],
|
|
];
|
|
|
|
// Password required for unauthenticated registrations
|
|
if ($user === null) {
|
|
$rules['password'] = ['required', 'string', Password::min(8)->mixedCase()->numbers()];
|
|
$rules['password_confirmation'] = ['nullable', 'same:password'];
|
|
}
|
|
|
|
return $rules;
|
|
}
|
|
}
|