|string> */ public function rules(): array { return [ 'email' => ['required', 'string', 'email'], 'password' => ['required', 'string'], ]; } /** * Validate the request's credentials and return the user without logging them in. * * @throws \Illuminate\Validation\ValidationException */ public function validateCredentials(): User { $this->ensureIsNotRateLimited(); /** @var User|null $user */ $user = Auth::getProvider()->retrieveByCredentials($this->only('email', 'password')); if (! $user || ! Auth::getProvider()->validateCredentials($user, $this->only('password'))) { RateLimiter::hit($this->throttleKey()); throw ValidationException::withMessages([ 'email' => __('auth.failed'), ]); } RateLimiter::clear($this->throttleKey()); return $user; } /** * Ensure the login request is not rate limited. * * @throws \Illuminate\Validation\ValidationException */ public function ensureIsNotRateLimited(): void { if (! RateLimiter::tooManyAttempts($this->throttleKey(), 5)) { return; } event(new Lockout($this)); $seconds = RateLimiter::availableIn($this->throttleKey()); throw ValidationException::withMessages([ 'email' => __('auth.throttle', [ 'seconds' => $seconds, 'minutes' => ceil($seconds / 60), ]), ]); } /** * Get the rate-limiting throttle key for the request. */ public function throttleKey(): string { return $this->string('email') ->lower() ->append('|'.$this->ip()) ->transliterate() ->value(); } }