chore: Add PR's requested changes

Author: matiasperrone-exo

app/libs/Auth/AuthService.php

@@ -19,6 +19,7 @@
 use Auth\Exceptions\AuthenticationException;
 use Auth\Exceptions\AuthenticationLockedUserLoginAttempt;
 use Auth\Repositories\IUserRepository;
+use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\Crypt;
@@ -134,11 +135,7 @@ public function isUserLogged()
      */
     public function getCurrentUser(): ?User
     {
-        $user = Auth::user();
-        if ($user instanceof User) {
-            return $user;
-        }
-        return null;
+        return Auth::user();
     }
 
     /**
@@ -152,10 +149,11 @@ public function login(string $username, string $password, bool $remember_me): bo
     {
         Log::debug("AuthService::login");
 
+        $this->last_login_error = "";
         if (!Auth::attempt(['username' => $username, 'password' => $password], $remember_me)) {
             throw new AuthenticationException
             (
-                "username or password does not match an existing record."
+                "We are sorry, your username or password does not match an existing record."
             );
         }
         Log::debug("AuthService::login: clearing principal");
@@ -164,7 +162,7 @@ public function login(string $username, string $password, bool $remember_me): bo
         if (is_null($current_user) || !$current_user->canLogin())
             throw new AuthenticationException
             (
-                "username or password does not match an existing record."
+                "We are sorry, your username or password does not match an existing record."
             );
         $this->principal_service->register
         (
@@ -185,28 +183,13 @@ public function validateCredentials(string $username, string $password): User
     {
         Log::debug("AuthService::validateCredentials");
 
-        // retrieveByCredentials swallows AuthenticationLockedUserLoginAttempt and returns null,
-        // so pre-check lock state here to surface a distinct message for locked accounts.
-        $existing = $this->user_repository->getByEmailOrName($username);
-        if (!is_null($existing) && !$existing->isActive()) {
-            throw new AuthenticationException(
-                sprintf("User %s is locked.", $username)
-            );
-        }
-
-        // Known cost: retrieveByCredentials() calls user_repository->getByEmailOrName() internally
-        // (CustomAuthProvider line ~122), duplicating the query above. Eliminating it would require
-        // either changing the provider API to accept a pre-fetched User, or moving
-        // LockUserCounterMeasure checkpoint logic out of the provider — both out of scope here.
-        $user = Auth::getProvider()->retrieveByCredentials([
-            'username' => $username,
-            'password' => $password,
-        ]);
-
-        if (is_null($user) || !$user instanceof User || !$user->canLogin()) {
-            throw new AuthenticationException(
-                "username or password does not match an existing record."
-            );
+        /**
+         * @var User|null $user
+         */
+        $user = $this->user_repository->getByEmailOrName($username);
+        $valid = Auth::getProvider()->validateCredentials($user, ['username' => $username, 'password' => $password]);
+        if (!$valid) {
+            throw new AuthenticationException();
         }
 
         return $user;
@@ -315,7 +298,7 @@ public function loginWithOTP(OAuth2OTP $otpClaim, ?Client $client = null, bool $
 
             if (!$user->canLogin()) {
                 Log::warning(sprintf("AuthService::loginWithOTP user %s cannot login ( is not active ).", $user->getId()));
-                throw new AuthenticationException("username or password does not match an existing record.");
+                throw new AuthenticationException("We are sorry, your username or password does not match an existing record.");
             }
 
             $otp->setAuthTime(time());