Skip to content

Add User State in Authenticators\Session #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
May 18, 2022
Merged

Add User State in Authenticators\Session #132

merged 21 commits into from
May 18, 2022

Conversation

kenjis
Copy link
Member

@kenjis kenjis commented May 17, 2022
edited
Loading

  • add $userState in Session
  • now Session::loggedIn() does not return true for pending login user.
  • now Session::getUser() does not return pending login user, so auth()->user() also does not return.
  • add Session::getPendingUser()
  • add Session::isPending() that returns true when a user is in pending login state.
  • add Session::isAnonymous()
  • add ActionInterface::getType()
  • refactor

@kenjis kenjis mentioned this pull request May 17, 2022
Closed
lonnieezell
lonnieezell requested changes May 17, 2022
View reviewed changes
Copy link
Member

@lonnieezell lonnieezell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks pretty good. I had a couple of notes, and it also needs information about the pending state added to the docs.

src/Authentication/Authenticators/Session.php Outdated
return $this->user instanceof User;
$identities = $this->userIdentityModel->getIdentitiesByTypes(
$this->user->getAuthId(),
['email_2fa', 'email_activate']
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you need to get the list of actions assigned in the config file here, otherwise if some wants to do, says, 2FA with SMS messages, this logic would be skipped.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed the hard coded action types.

@kenjis kenjis force-pushed the refactor-pending-login branch from c2a6bb9 to 9c81dba Compare May 17, 2022 04:32
MGatner
MGatner reviewed May 17, 2022
View reviewed changes
Copy link
Member

@MGatner MGatner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is too big for me to review on mobile. It looks like Lonnie has been here so just let me know if I need to do anything on desktop later.

@lonnieezell lonnieezell added this to the v1.0 milestone May 17, 2022
@kenjis kenjis requested a review from lonnieezell May 18, 2022 00:46
@kenjis
Copy link
Member Author

kenjis commented May 18, 2022

I believe this PR can now be merged.
Pending login status has been introduced and the loggedIn() behavior has been fixed.

One more refactoring would make the code more readable.

kenjis added 21 commits May 18, 2022 12:03
@kenjis
refactor: use Authenticator\Session instead of Auth
45ce6f9
@kenjis
refactor: add createIdentityEmail2FA() and createIdentityEmailActivat…
8650e92 
…e() in Authenticators\Session
@kenjis
style: break long lines
031794f
@kenjis
style: add empty lines
7744bdf
@kenjis
refactor: use __METHOD__ instead of self::class
64c1233
@kenjis
refactor: rename method name
5529900
@kenjis
refactor: use property
e86d31e
@kenjis
refactor: add property $userState in Authenticators\Session
c89965f
@kenjis
feat: add pending login state
1601993
@kenjis
docs: update comment
50adbad 
The user id stored in session is not only of logged-in, but also of pending login.
@kenjis
refactor: to be sure, create a 2FA identity immediately after the cre…
172c4c4 
…dential check passes
@kenjis
fix: create email activation identitiy for action after registration
8ceb710 
The pending login state is determined by whether or not the identitiy is stored in the DB.
It is not sufficient to save the auth_action in the session after registration.
If the redirect to the action page is aborted, Email Activation can be avoided.
@kenjis
refactor: rename variable name
a1f039e
@kenjis
refactor: add assert() for the current implementation
f9214fe
@kenjis
refactor: move createIdentityEmail2FA() in Session to Actions/Email2FA
eef22a0
@kenjis
refactor: move createIdentityEmailActivate() in Session to Actions/Em…
3f365a7 
…ailActivator
@kenjis
refactor: extract method
b66bce7
@kenjis
refactor: run rector
bcfd0a1
@kenjis
feat: add ActionInterface::getType()
00407a0
@kenjis
refactor: use ActionInterface::getType()
6bbdf8d
@kenjis
docs: add method docblocks
44f1deb
@kenjis kenjis force-pushed the refactor-pending-login branch from 91ecb64 to 44f1deb Compare May 18, 2022 03:03
@lonnieezell lonnieezell merged commit c155324 into codeigniter4:develop May 18, 2022
@kenjis kenjis deleted the refactor-pending-login branch July 16, 2022 22:23
@kenjis kenjis mentioned this pull request Jul 16, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MGatner MGatner MGatner left review comments

@lonnieezell lonnieezell lonnieezell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.0
Development

Successfully merging this pull request may close these issues.
3 participants
@kenjis @lonnieezell @MGatner