đī¸ CreatorContent.net
U
User
!
-
!
-
Manage Subscription
Manage Tokens
Storage
Media Library â
Documentation
User Dashboard
Podcasts
Podcasts
Episodes
Transcriptions
Contributors
Studio
Public Profile
Public Profiles
Blog
Event Lists
Surveys
Contact Forms
Subscribers
Notifications & Shoutouts
Development
React Test
Media Library
Help Center
Admin Dashboard
Logout
Back to Documentation
Authentication System Documentation
Authentication System Documentation
File: Authentication System Documentation.markdown
Documentation Index
Loading documentation...
# Creator Platform Authentication System Documentation ## Overview The Creator Platform features a comprehensive multi-method authentication system that supports both traditional password-based login and modern one-time password (OTP) authentication. The system is built with Laravel 12, uses Sanctum for API token management, and provides a seamless user experience across all authentication methods. ## đ Authentication Methods Supported ### 1. Password-Based Authentication - **Email + Password**: Login using email address and password - **Phone + Password**: Login using phone number and password - **Username + Password**: Login using username and password ### 2. One-Time Password (OTP) Authentication - **Email + OTP**: Receive 8-digit code via email (â **LIVE**) - **Phone + OTP**: Receive 8-digit code via SMS (â **LIVE**) ### 3. User Registration - Complete registration form with real-time validation - Username availability checking - Email availability checking - Phone availability checking - Role selection (creator/viewer) - **Verification required for OTP login** ### 4. Account Management - **Profile Updates**: Change name and role - **Phone Number Changes**: Secure phone number updates with verification - **Password Changes**: Secure password updates with current password verification - **Email/Phone Verification**: Manual verification process for OTP login ### 5. Password Recovery - **Email Password Reset**: Reset password via email link - **SMS Password Reset**: Reset password via SMS OTP ## đī¸ Database Structure ### Users Table ```sql users: - id (bigint, primary key) - username (string, unique) - URL-safe identifier for profiles - name (string) - Full name - email (string, unique) - Email address - phone (string, nullable, unique) - E.164 format phone number - password (string, hashed) - Bcrypt hashed password - role (enum: 'creator', 'viewer', 'admin') - User role - email_verified_at (timestamp, nullable) - Email verification timestamp - phone_verified_at (timestamp, nullable) - Phone verification timestamp - two_factor_enabled (boolean, default false) - 2FA status - created_at, updated_at (timestamps) ``` ### Login Tokens Table ```sql login_tokens: - id (bigint, primary key) - user_id (bigint, foreign key) - References users.id - token (string, unique) - 8-digit OTP token - type (enum: 'email', 'phone', 'phone_change', 'password_reset') - Token purpose - expires_at (timestamp) - Token expiration (10 minutes) - created_at, updated_at (timestamps) ``` ### Personal Access Tokens Table (Sanctum) ```sql personal_access_tokens: - id (bigint, primary key) - tokenable_type (string) - Model class name - tokenable_id (bigint) - Model ID - name (string) - Token name - token (string, unique) - Hashed token - abilities (text, nullable) - Token permissions - last_used_at (timestamp, nullable) - Last usage - expires_at (timestamp, nullable) - Expiration - created_at, updated_at (timestamps) ``` ## đ API Endpoints ### Authentication Endpoints #### POST `/api/login` **Description**: Handle login attempts with multiple methods **Request Body**: ```json { "identifier": "user@example.com", // email, phone, or username "method": "password", // "password" or "otp" "password": "password123", // required for password method "token": "12345678" // required for OTP verification } ``` **Response (Password Login Success)**: ```json { "success": true, "message": "Login successful.", "user": { "id": 1, "username": "testuser", "name": "Test User", "email": "test@example.com", "phone": "+1234567890", "role": "podcaster", "email_verified_at": "2024-06-27T22:00:00.000000Z", "phone_verified_at": "2024-06-27T22:00:00.000000Z" }, "token": "1|abc123def456..." } ``` **Response (OTP Sent)**: ```json { "success": true, "message": "OTP sent to your email.", "token": "12345678", // Remove in production "expires_at": "2024-06-27T23:00:00.000000Z" } ``` #### POST `/api/register` **Description**: Register new user account **Request Body**: ```json { "username": "newuser", "name": "New User", "email": "newuser@example.com", "phone": "+1234567890", // optional "password": "password123", "password_confirmation": "password123", "role": "creator" // "creator" or "viewer" } ``` **Response**: ```json { "success": true, "message": "Registration successful!", "user": { "id": 2, "username": "newuser", "name": "New User", "email": "newuser@example.com", "phone": "+1234567890", "role": "podcaster", "email_verified_at": null, "phone_verified_at": null }, "token": "2|xyz789abc123..." } ``` #### POST `/api/check-username` **Description**: Check username availability **Request Body**: ```json { "username": "testuser" } ``` **Response**: ```json { "success": true, "available": false, "message": "Username is already taken." } ``` #### POST `/api/check-email` **Description**: Check email availability **Request Body**: ```json { "email": "test@example.com" } ``` **Response**: ```json { "success": true, "available": false, "message": "Email is already registered." } ``` #### POST `/api/check-phone` **Description**: Check phone availability **Request Body**: ```json { "phone": "+1234567890" } ``` **Response**: ```json { "success": true, "available": false, "message": "Phone number is already registered." } ``` ### Verification Endpoints #### POST `/api/send-verification-email` **Description**: Send email verification code **Request Body**: ```json { "email": "user@example.com" } ``` **Response**: ```json { "success": true, "message": "Verification email sent successfully.", "expires_at": "2024-06-27T23:00:00.000000Z" } ``` #### POST `/api/verify-email` **Description**: Verify email with code **Request Body**: ```json { "email": "user@example.com", "token": "12345678" } ``` **Response**: ```json { "success": true, "message": "Email verified successfully." } ``` #### POST `/api/send-verification-phone` **Description**: Send phone verification code **Request Body**: ```json { "phone": "+1234567890" } ``` **Response**: ```json { "success": true, "message": "Verification SMS sent successfully.", "expires_at": "2024-06-27T23:00:00.000000Z" } ``` #### POST `/api/verify-phone` **Description**: Verify phone with code **Request Body**: ```json { "phone": "+1234567890", "token": "12345678" } ``` **Response**: ```json { "success": true, "message": "Phone verified successfully." } ``` ### Password Reset Endpoints #### POST `/api/password/reset/email` **Description**: Send password reset email **Request Body**: ```json { "email": "user@example.com" } ``` **Response**: ```json { "success": true, "message": "Password reset email sent successfully.", "expires_at": "2024-06-27T23:00:00.000000Z" } ``` #### POST `/api/password/reset/sms` **Description**: Send password reset SMS **Request Body**: ```json { "phone": "+1234567890" } ``` **Response**: ```json { "success": true, "message": "Password reset SMS sent successfully.", "expires_at": "2024-06-27T23:00:00.000000Z" } ``` #### POST `/api/password/reset` **Description**: Reset password with token **Request Body**: ```json { "identifier": "user@example.com", // email or phone "token": "12345678", "password": "newpassword123", "password_confirmation": "newpassword123" } ``` **Response**: ```json { "success": true, "message": "Password reset successfully." } ``` ### Protected Profile Management Endpoints #### GET `/api/user` **Description**: Get current user information **Headers**: `Authorization: Bearer {token}` **Response**: ```json { "success": true, "user": { "id": 1, "username": "testuser", "name": "Test User", "email": "test@example.com", "phone": "+1234567890", "role": "podcaster", "email_verified_at": "2024-06-27T22:00:00.000000Z", "phone_verified_at": "2024-06-27T22:00:00.000000Z" } } ``` #### POST `/api/profile/update` **Description**: Update user profile information **Headers**: `Authorization: Bearer {token}` **Request Body**: ```json { "name": "Updated Name", "role": "listener" } ``` **Response**: ```json { "success": true, "message": "Profile updated successfully.", "user": { "id": 1, "username": "testuser", "name": "Updated Name", "email": "test@example.com", "phone": "+1234567890", "role": "viewer", "email_verified_at": "2024-06-27T22:00:00.000000Z", "phone_verified_at": "2024-06-27T22:00:00.000000Z" } } ``` #### POST `/api/profile/phone/send-token` **Description**: Send phone change verification code **Headers**: `Authorization: Bearer {token}` **Request Body**: ```json { "new_phone": "+1987654321" } ``` **Response**: ```json { "success": true, "message": "Verification code sent to your new phone number.", "expires_at": "2024-06-27T23:00:00.000000Z" } ``` #### POST `/api/profile/phone/change` **Description**: Change phone number with verification **Headers**: `Authorization: Bearer {token}` **Request Body**: ```json { "new_phone": "+1987654321", "token": "12345678" } ``` **Response**: ```json { "success": true, "message": "Phone number changed successfully.", "user": { "id": 1, "username": "testuser", "name": "Test User", "email": "test@example.com", "phone": "+1987654321", "role": "podcaster", "email_verified_at": "2024-06-27T22:00:00.000000Z", "phone_verified_at": "2024-06-27T23:00:00.000000Z" } } ``` #### POST `/api/profile/password/change` **Description**: Change user password **Headers**: `Authorization: Bearer {token}` **Request Body**: ```json { "current_password": "oldpassword123", "new_password": "newpassword123", "new_password_confirmation": "newpassword123" } ``` **Response**: ```json { "success": true, "message": "Password changed successfully." } ``` #### POST `/api/logout` **Description**: Logout user and invalidate token **Headers**: `Authorization: Bearer {token}` **Response**: ```json { "success": true, "message": "Logged out successfully." } ``` ## đ¨ Frontend Pages ### Authentication Pages - **Login Page** (`/login`): Multi-method login with password and OTP options - **Registration Page** (`/register`): User registration with real-time validation - **Verification Page** (`/verification`): Email and phone verification interface - **Password Reset Pages** (`/password/reset`): Email and SMS password reset ### User Dashboard - **Dashboard** (`/dashboard`): Main user interface with creator platform features - **Profile Management** (`/profile`): Complete profile management interface including: - Current user information display - Profile updates (name, role) - Phone number changes with verification - Password changes with current password verification ### Landing Page - **Welcome Page** (`/`): Creator platform landing page with features showcase ## đ§ Services ### EmailService - **sendOtp()**: Send OTP codes via email - **sendWelcome()**: Send welcome emails to new users - **sendPasswordReset()**: Send password reset emails ### SmsService (Twilio) - **sendOtp()**: Send OTP codes via SMS - **sendPasswordReset()**: Send password reset SMS - **sendPhoneChange()**: Send phone change verification SMS ## đ Security Features ### Token Management - **8-digit OTP tokens** with 10-minute expiration - **Sanctum API tokens** for authenticated requests - **Automatic token cleanup** for expired tokens ### Password Security - **Bcrypt hashing** for all passwords - **Current password verification** for password changes - **Minimum 8-character requirement** for new passwords - **Password confirmation** validation ### Verification System - **Email verification** required for OTP login - **Phone verification** required for OTP login - **Secure token generation** and validation - **Rate limiting** on verification attempts ### Input Validation - **Real-time availability checking** for username, email, and phone - **Comprehensive form validation** with detailed error messages - **SQL injection protection** through Laravel's query builder - **XSS protection** through proper output escaping ## đ Getting Started ### Prerequisites - Laravel 12 - PHP 8.2+ - MySQL/PostgreSQL - Twilio account (for SMS) - SMTP configuration (for email) ### Installation 1. Clone the repository 2. Run `composer install` 3. Copy `.env.example` to `.env` and configure 4. Run `php artisan migrate` 5. Run `php artisan db:seed` for test data 6. Configure Twilio and SMTP settings ### Environment Variables ```env # Twilio Configuration TWILIO_SID=your_twilio_sid TWILIO_AUTH_TOKEN=your_twilio_auth_token TWILIO_PHONE_NUMBER=your_twilio_phone_number # Mail Configuration MAIL_MAILER=smtp MAIL_HOST=your_smtp_host MAIL_PORT=587 MAIL_USERNAME=your_email MAIL_PASSWORD=your_password MAIL_ENCRYPTION=tls MAIL_FROM_ADDRESS=your_email MAIL_FROM_NAME="Creator Platform" ``` ## đ Testing ### Test Commands ```bash # Test email functionality php artisan test:email # Test SMS functionality php artisan test:sms # Run all tests php artisan test ``` ### Test Users The system includes seeded test users for development: - **testuser** (password: password123) - **creator** (password: password123) - **viewer** (password: password123) ## đ Recent Updates ### Version 2.0 (Current) - â Added password change functionality with current password verification - â Enhanced profile management with phone number changes - â Improved password reset system with email and SMS options - â Added real-time phone availability checking during registration - â Updated welcome page to reflect creator platform branding - â Enhanced security with comprehensive input validation - â Improved user experience with better error handling and feedback ### Version 1.0 - â Multi-method authentication system - â User registration with verification - â OTP login via email and SMS - â Basic profile management - â Dashboard and navigation system
0
đ Page Notes
+ Add New
Add New Note
Type
âšī¸ Info
đ Bug
⨠Feature Request
đĄ Improvement
â Missing Feature
đ¨ Design Changes
Title (optional)
Note Content
đ Add Note