feat: Allow additional login params, Introduce LogInValidator (#3670)

* Allow additional login params, dispatch 'LoggingIn' event

* Update framework/core/js/src/forum/components/LogInModal.tsx

Co-authored-by: David Wheatley <hi@davwheat.dev>

* Introduce 'LogInValidator'

* Apply fixes from StyleCI

Co-authored-by: David Wheatley <hi@davwheat.dev>
Co-authored-by: StyleCI Bot <bot@styleci.io>

framework/core/js/src/forum/components/LogInModal.tsx

@@ -9,6 +9,7 @@ import ItemList from '../../common/utils/ItemList';
 import Stream from '../../common/utils/Stream';
 import type Mithril from 'mithril';
 import RequestError from '../../common/utils/RequestError';
+import type { LoginParams } from '../../common/Session';
 
 export interface ILoginModalAttrs extends IInternalModalAttrs {
   identification?: string;
@@ -172,13 +173,17 @@ export default class LogInModal<CustomAttrs extends ILoginModalAttrs = ILoginMod
 
     this.loading = true;
 
-    const identification = this.identification();
-    const password = this.password();
-    const remember = this.remember();
+    app.session.login(this.loginParams(), { errorHandler: this.onerror.bind(this) }).then(() => window.location.reload(), this.loaded.bind(this));
+  }
 
-    app.session
-      .login({ identification, password, remember }, { errorHandler: this.onerror.bind(this) })
-      .then(() => window.location.reload(), this.loaded.bind(this));
+  loginParams(): LoginParams {
+    const data = {
+      identification: this.identification(),
+      password: this.password(),
+      remember: this.remember(),
+    };
+
+    return data;
   }
 
   onerror(error: RequestError) {

framework/core/src/Forum/Controller/LogInController.php

@@ -10,6 +10,7 @@
 namespace Flarum\Forum\Controller;
 
 use Flarum\Api\Client;
+use Flarum\Forum\LogInValidator;
 use Flarum\Http\AccessToken;
 use Flarum\Http\RememberAccessToken;
 use Flarum\Http\Rememberer;
@@ -49,19 +50,26 @@ class LogInController implements RequestHandlerInterface
      */
     protected $rememberer;
 
+    /**
+     * @var LogInValidator
+     */
+    protected $validator;
+
     /**
      * @param \Flarum\User\UserRepository $users
      * @param Client $apiClient
      * @param SessionAuthenticator $authenticator
      * @param Rememberer $rememberer
+     * @param LogInValidator $validator
      */
-    public function __construct(UserRepository $users, Client $apiClient, SessionAuthenticator $authenticator, Dispatcher $events, Rememberer $rememberer)
+    public function __construct(UserRepository $users, Client $apiClient, SessionAuthenticator $authenticator, Dispatcher $events, Rememberer $rememberer, LogInValidator $validator)
     {
         $this->users = $users;
         $this->apiClient = $apiClient;
         $this->authenticator = $authenticator;
         $this->events = $events;
         $this->rememberer = $rememberer;
+        $this->validator = $validator;
     }
 
     /**
@@ -72,6 +80,8 @@ class LogInController implements RequestHandlerInterface
         $body = $request->getParsedBody();
         $params = Arr::only($body, ['identification', 'password', 'remember']);
 
+        $this->validator->assertValid($body);
+
         $response = $this->apiClient->withParentRequest($request)->withBody($params)->post('/token');
 
         if ($response->getStatusCode() === 200) {

framework/core/src/Forum/LogInValidator.php

@@ -0,0 +1,20 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Forum;
+
+use Flarum\Foundation\AbstractValidator;
+
+class LogInValidator extends AbstractValidator
+{
+    /**
+     * {@inheritdoc}
+     */
+    protected $rules = [];
+}