ensureIsNotRateLimited(); // 1. Jalankan proses pencocokan email & password if (! Auth::attempt($this->only(['email', 'password']), $this->remember)) { RateLimiter::hit($this->throttleKey()); throw ValidationException::withMessages([ 'form.email' => trans('auth.failed'), ]); } // 2. Ambil data user yang berhasil login $user = Auth::user(); // 3. VALIDASI RBAC: Pastikan user memiliki minimal satu role aktif di database // Ini mencegah user tanpa role (data menggantung) bisa masuk ke sistem if ($user->roles()->count() === 0) { // Jika tidak punya role, paksa logout demi keamanan Auth::logout(); request()->session()->invalidate(); request()->session()->regenerateToken(); throw ValidationException::withMessages([ 'form.email' => 'Akun Anda aktif, namun belum dikonfigurasi memiliki Role (Akses) oleh Admin. Silakan hubungi IT/HRD.', ]); } RateLimiter::clear($this->throttleKey()); } /** * Ensure the authentication request is not rate limited. */ protected function ensureIsNotRateLimited(): void { if (! RateLimiter::tooManyAttempts($this->throttleKey(), 5)) { return; } event(new Lockout(request())); $seconds = RateLimiter::availableIn($this->throttleKey()); throw ValidationException::withMessages([ 'form.email' => trans('auth.throttle', [ 'seconds' => $seconds, 'minutes' => ceil($seconds / 60), ]), ]); } /** * Get the authentication rate limiting throttle key. */ protected function throttleKey(): string { return Str::transliterate(Str::lower($this->email).'|'.request()->ip()); } }