Xultech-LTD
diff --git a/‎config/authkit.php‎
Lines changed: 105 additions & 0 deletions b/‎config/authkit.php‎
Lines changed: 105 additions & 0 deletions
diff --git a/‎src/Actions/Auth/LoginAction.php‎
Lines changed: 20 additions & 26 deletions b/‎src/Actions/Auth/LoginAction.php‎
Lines changed: 20 additions & 26 deletions
diff --git a/‎src/Actions/Auth/LogoutAction.php‎
Lines changed: 4 additions & 3 deletions b/‎src/Actions/Auth/LogoutAction.php‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎src/Actions/Auth/RegisterAction.php‎
Lines changed: 18 additions & 32 deletions b/‎src/Actions/Auth/RegisterAction.php‎
Lines changed: 18 additions & 32 deletions
@@ -593,6 +593,111 @@
         ],
     ],
 
+        /**
+     * Payload mapper configuration.
+     *
+     * AuthKit payload mappers translate validated request input into the
+     * normalized payload structure consumed by package actions.
+     *
+     * How it works:
+     * - Each mapper context maps to a schema context.
+     * - If no custom mapper class is configured, AuthKit uses its internal default mapper.
+     * - If a custom mapper class is configured, AuthKit resolves it via the container.
+     *
+     * Notes:
+     * - Mapper keys intentionally mirror AuthKit's schema and validation contexts.
+     * - Custom mapper classes must implement the AuthKit payload mapper contract.
+     * - Mappers work with validated data and schema field keys.
+     */
+    'mappers' => [
+
+        /**
+         * Mapper definitions keyed by action/form context.
+         *
+         * Supported values:
+         * - class  : custom mapper class-string or null to use package default
+         * - schema : schema context key used by the mapper
+         */
+        'contexts' => [
+            'login' => [
+                'class' => null,
+                'schema' => 'login',
+            ],
+            'register' => [
+                'class' => null,
+                'schema' => 'register',
+            ],
+            'two_factor_challenge' => [
+                'class' => null,
+                'schema' => 'two_factor_challenge',
+            ],
+            'two_factor_recovery' => [
+                'class' => null,
+                'schema' => 'two_factor_recovery',
+            ],
+            'two_factor_resend' => [
+                'class' => null,
+                'schema' => 'two_factor_resend',
+            ],
+            'email_verification_token' => [
+                'class' => null,
+                'schema' => 'email_verification_token',
+            ],
+            'email_verification_send' => [
+                'class' => null,
+                'schema' => 'email_verification_send',
+            ],
+            'password_forgot' => [
+                'class' => null,
+                'schema' => 'password_forgot',
+            ],
+            'password_reset' => [
+                'class' => null,
+                'schema' => 'password_reset',
+            ],
+            'password_reset_token' => [
+                'class' => null,
+                'schema' => 'password_reset_token',
+            ],
+            'confirm_password' => [
+                'class' => null,
+                'schema' => 'confirm_password',
+            ],
+            'confirm_two_factor' => [
+                'class' => null,
+                'schema' => 'confirm_two_factor',
+            ],
+            'password_update' => [
+                'class' => null,
+                'schema' => 'password_update',
+            ],
+            'two_factor_enable' => [
+                'class' => null,
+                'schema' => null,
+            ],
+            'two_factor_confirm' => [
+                'class' => null,
+                'schema' => 'two_factor_confirm',
+            ],
+            'two_factor_disable' => [
+                'class' => null,
+                'schema' => 'two_factor_disable',
+            ],
+            'two_factor_disable_recovery' => [
+                'class' => null,
+                'schema' => 'two_factor_disable_recovery',
+            ],
+            'two_factor_recovery_regenerate' => [
+                'class' => null,
+                'schema' => 'two_factor_recovery_regenerate',
+            ],
+            'sessions_logout_other' => [
+                'class' => null,
+                'schema' => null,
+            ],
+        ],
+    ],
+
     /**
      * Form schema configuration.
      *
 
@@ -7,6 +7,7 @@
 use Illuminate\Contracts\Auth\StatefulGuard;
 use Illuminate\Contracts\Auth\UserProvider;
 use Illuminate\Support\Facades\URL;
+use Xul\AuthKit\Concerns\Actions\InteractsWithMappedPayload;
 use Xul\AuthKit\DataTransferObjects\Actions\AuthKitActionResult;
 use Xul\AuthKit\DataTransferObjects\Actions\Support\AuthKitError;
 use Xul\AuthKit\DataTransferObjects\Actions\Support\AuthKitFlowStep;
@@ -27,6 +28,7 @@
  *
  * Responsibilities:
  * - Resolve the configured guard and provider.
+ * - Consume normalized mapped login payload data.
  * - Validate incoming credentials against the configured provider.
  * - Require email verification when configured and the user is unverified.
  * - Require two-factor authentication when enabled for the user.
@@ -42,6 +44,8 @@
  */
 final class LoginAction
 {
+    use InteractsWithMappedPayload;
+
     /**
      * Create a new instance.
      *
@@ -93,11 +97,14 @@ public function handle(array $data): AuthKitActionResult
             );
         }
 
+        $attributes = $this->payloadAttributes($data);
+        $options = $this->payloadOptions($data);
+
         $identityField = (string) data_get(config('authkit.identity.login', []), 'field', 'email');
 
-        $identity = (string) ($data[$identityField] ?? '');
-        $password = (string) ($data['password'] ?? '');
-        $remember = (bool) ($data['remember'] ?? false);
+        $identity = (string) ($attributes[$identityField] ?? '');
+        $password = (string) ($attributes['password'] ?? '');
+        $remember = (bool) ($options['remember'] ?? false);
 
         if (trim($identity) === '' || $password === '') {
             return AuthKitActionResult::failure(
@@ -127,6 +134,16 @@ public function handle(array $data): AuthKitActionResult
             );
         }
 
+        /**
+         * Intentionally persistence-aware.
+         *
+         * Login does not persist fields by default because the packaged mapper
+         * marks all login fields as non-persistable. This call remains here so
+         * the action continues to work correctly if a consumer extends the mapper
+         * and marks additional login attributes as persistable.
+         */
+        $this->persistMappedAttributesIfSupported($user, 'login', $data);
+
         if ($this->shouldRequireEmailVerification($user)) {
             return $this->emailVerificationRequiredResult($user, $identityField, $identity);
         }
@@ -324,15 +341,6 @@ protected function resolveLoginSuccessRedirect(): AuthKitRedirect
     /**
      * Determine whether the user must complete email verification before login.
      *
-     * Behavior:
-     * - Returns false when email verification is disabled in configuration.
-     * - If the user implements MustVerifyEmail, defers to hasVerifiedEmail().
-     * - Otherwise falls back to checking the configured verification timestamp column.
-     *
-     * Fallback column logic:
-     * - The column defaults to "email_verified_at".
-     * - A null or empty value means the user is not verified.
-     *
      * @param object $user
      * @return bool
      */
@@ -347,7 +355,6 @@ protected function shouldRequireEmailVerification(object $user): bool
         }
 
         $column = (string) config('authkit.email_verification.columns.verified_at', 'email_verified_at');
-
         $verifiedAt = $user->{$column} ?? null;
 
         return $verifiedAt === null || $verifiedAt === '';
@@ -356,12 +363,6 @@ protected function shouldRequireEmailVerification(object $user): bool
     /**
      * Resolve the email address associated with the authenticated identity.
      *
-     * Resolution order:
-     * - Prefer the identity field on the user model.
-     * - Fall back to the raw identity value used during login.
-     *
-     * The returned value is normalized to lowercase and trimmed.
-     *
      * @param object $user
      * @param string $identityField
      * @param string $identity
@@ -379,13 +380,6 @@ protected function resolveUserEmail(object $user, string $identityField, string
     /**
      * Build the signed verification URL for the link driver.
      *
-     * Route parameters:
-     * - id: user identifier
-     * - hash: raw verification token
-     * - email: verification email context
-     *
-     * The URL is temporary and expires according to the configured TTL.
-     *
      * @param object $user
      * @param string $email
      * @param int $ttlMinutes
 
@@ -25,6 +25,10 @@
  * - Perform logout on the configured guard.
  * - Dispatch AuthKitLoggedOut after successful logout.
  * - Return a standardized AuthKitActionResult for all outcomes.
+ *
+ * Notes:
+ * - Session invalidation and CSRF token regeneration are intentionally not handled
+ *   here because they are HTTP transport concerns and should remain in the controller.
  */
 final class LogoutAction
 {
@@ -73,9 +77,6 @@ public function handle(): AuthKitActionResult
 
         $guard->logout();
 
-        session()->invalidate();
-        session()->regenerateToken();
-
         event(new AuthKitLoggedOut(
             user: $user,
             guard: $guardName
 
@@ -5,8 +5,8 @@
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\Factory as AuthFactory;
 use Illuminate\Contracts\Auth\UserProvider;
-use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\URL;
+use Xul\AuthKit\Concerns\Actions\InteractsWithMappedPayload;
 use Xul\AuthKit\DataTransferObjects\Actions\AuthKitActionResult;
 use Xul\AuthKit\DataTransferObjects\Actions\Support\AuthKitError;
 use Xul\AuthKit\DataTransferObjects\Actions\Support\AuthKitFlowStep;
@@ -23,6 +23,8 @@
  *
  * Responsibilities:
  * - Create a new user using the configured auth provider when possible.
+ * - Consume normalized mapped registration payload data.
+ * - Persist only fields explicitly marked as persistable by the mapper layer.
  * - Dispatch AuthKitRegistered after successful account creation.
  * - Initialize email verification when an email address is available.
  * - Dispatch AuthKitEmailVerificationRequired for external delivery handling.
@@ -38,9 +40,16 @@
  * - This action never returns the raw verification token to the caller.
  * - This action never returns the signed verification URL to the caller.
  * - Verification delivery remains event-driven and package-extensible.
+ *
+ * Expected mapped payload shape:
+ * - attributes: persisted/business attributes such as name, email, password
+ * - options: behavioral flags when applicable
+ * - meta: non-persisted supporting context
  */
 final class RegisterAction
 {
+    use InteractsWithMappedPayload;
+
     /**
      * Create a new instance.
      *
@@ -60,6 +69,8 @@ public function __construct(
      */
     public function handle(array $data): AuthKitActionResult
     {
+        $attributes = $this->payloadAttributes($data);
+
         $user = $this->createUser($data);
 
         if (! $user) {
@@ -75,7 +86,7 @@ public function handle(array $data): AuthKitActionResult
 
         event(new AuthKitRegistered($user));
 
-        $email = mb_strtolower(trim((string) ($data['email'] ?? '')));
+        $email = trim((string) ($attributes['email'] ?? ''));
 
         if ($email === '') {
             return AuthKitActionResult::success(
@@ -173,6 +184,10 @@ protected function buildSignedLinkUrl(
     /**
      * Create a user using the configured auth provider when possible.
      *
+     * Persistence behavior:
+     * - Only mapper-approved persistable attributes are written.
+     * - The model must support AuthKit mapped persistence.
+     *
      * @param array<string, mixed> $data
      * @return Authenticatable|null
      */
@@ -191,11 +206,7 @@ protected function createUser(array $data): ?Authenticatable
             return null;
         }
 
-        $payload = $this->userPayload($data);
-
-        foreach ($payload as $key => $value) {
-            $model->{$key} = $value;
-        }
+        $this->persistMappedAttributesIfSupported($model, 'register', $data);
 
         if (! method_exists($model, 'save')) {
             return null;
@@ -222,29 +233,4 @@ protected function createProviderModel(UserProvider $provider): ?object
 
         return null;
     }
-
-    /**
-     * Prepare the user payload from request data.
-     *
-     * @param array<string, mixed> $data
-     * @return array<string, mixed>
-     */
-    protected function userPayload(array $data): array
-    {
-        $payload = [];
-
-        if (array_key_exists('name', $data) && is_string($data['name'])) {
-            $payload['name'] = trim($data['name']);
-        }
-
-        if (array_key_exists('email', $data) && is_string($data['email'])) {
-            $payload['email'] = mb_strtolower(trim($data['email']));
-        }
-
-        if (array_key_exists('password', $data) && is_string($data['password'])) {
-            $payload['password'] = Hash::make($data['password']);
-        }
-
-        return $payload;
-    }
 }