refactor: use form requests in auth controllers, remove double hashing

app/Http/Controllers/Auth/LoginController.php

@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
+use App\Http\Requests\Auth\LoginRequest;
 use App\Models\User;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
@@ -24,26 +25,21 @@ class LoginController extends Controller
     /**
      * Handle an incoming authentication request.
      */
-    public function store(Request $request): RedirectResponse
+    public function store(LoginRequest $request): RedirectResponse
     {
-        $request->validate([
-            'login' => ['required', 'string'],
-            'password' => ['required', 'string'],
-        ]);
-
-        $login = $request->input('login');
-        $password = $request->input('password');
+        $login = $request->validated('login');
+        $password = $request->validated('password');
 
         $isEmail = filter_var($login, FILTER_VALIDATE_EMAIL);
-        $user = $isEmail
-            ? User::where('email', $login)->first()
-            : User::whereRaw('LOWER(username) = ?', [strtolower($login)])->first();
+        $credentials = $isEmail
+            ? ['email' => $login, 'password' => $password]
+            : ['email' => User::whereRaw('LOWER(username) = ?', [strtolower($login)])->value('email'), 'password' => $password];
 
         $remember = config('auth-ui.features.remember_me')
             ? $request->boolean('remember')
             : false;
 
-        if (! $user || ! Auth::attempt(['email' => $user->email, 'password' => $password], $remember)) {
+        if (! $credentials['email'] || ! Auth::attempt($credentials, $remember)) {
             throw ValidationException::withMessages([
                 'login' => __('auth.failed'),
             ]);