validate([ 'username' => ['required', 'string', 'max:100'], 'password' => ['required', 'string', 'max:255'], ]); $user = $this->ldapAuth->attempt($credentials['username'], $credentials['password']); if ($user === null) { $this->audit->logPublic('api.v1.auth.login.failed', $credentials['username'], $request, [ 'username' => $credentials['username'], ]); return $this->fail('Invalid LDAP credentials.', 'invalid_credentials', 401); } $profile = $this->ldapAuth->lookupUser($user['username']); $groups = $profile['groups'] ?? []; $token = $this->ldapJwt->issue($user['username'], $user['is_admin'], $groups); $this->audit->logPublic('api.v1.auth.login', $user['username'], $request, [ 'username' => $user['username'], 'is_admin' => $user['is_admin'], ]); return $this->ok([ 'access_token' => $token, 'token_type' => 'Bearer', 'expires_in' => config('api.ldap_jwt_ttl'), 'auth_type' => 'ldap_jwt', 'user' => [ 'username' => $user['username'], 'display_name' => $user['display_name'], 'is_admin' => $user['is_admin'], ], ]); } }