From e44dac13914632a8d35c164d78d1326f126ab987 Mon Sep 17 00:00:00 2001 From: iamsyh Date: Fri, 4 Nov 2022 01:45:09 +0500 Subject: [PATCH 01/15] Update comments for groups in AuthGroups.php The current comment content does not match what the code is doing. Please feel free to clean up or let me know any suggestions. Thank you! --- src/Config/AuthGroups.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/Config/AuthGroups.php b/src/Config/AuthGroups.php index 95309f1b0..d0c3b9a65 100644 --- a/src/Config/AuthGroups.php +++ b/src/Config/AuthGroups.php @@ -20,10 +20,12 @@ class AuthGroups extends BaseConfig * -------------------------------------------------------------------- * Groups * -------------------------------------------------------------------- - * The available authentication systems, listed - * with alias and class name. These can be referenced - * by alias in the auth helper: - * auth('api')->attempt($credentials); + * The available groups in the system. + * Where the key is the group name, and the values are an + * array of any additional fields you would like for that group. + * Whatever value you assign as the key, will be used to refer to the group when using functions such as: + * $user->addGroup('superadmin') + * ref: https://github.com/codeigniter4/shield/blob/develop/docs/quickstart.md#change-available-groups for more info */ public array $groups = [ 'superadmin' => [ From f112e1dd6c52e1222a0b7925aa9c924edde2b6cc Mon Sep 17 00:00:00 2001 From: iamsyh Date: Fri, 4 Nov 2022 17:27:46 +0500 Subject: [PATCH 02/15] Update src/Config/AuthGroups.php Co-authored-by: kenjis --- src/Config/AuthGroups.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Config/AuthGroups.php b/src/Config/AuthGroups.php index d0c3b9a65..38317697b 100644 --- a/src/Config/AuthGroups.php +++ b/src/Config/AuthGroups.php @@ -22,7 +22,7 @@ class AuthGroups extends BaseConfig * -------------------------------------------------------------------- * The available groups in the system. * Where the key is the group name, and the values are an - * array of any additional fields you would like for that group. + * array of the group info. * Whatever value you assign as the key, will be used to refer to the group when using functions such as: * $user->addGroup('superadmin') * ref: https://github.com/codeigniter4/shield/blob/develop/docs/quickstart.md#change-available-groups for more info From 96ed8537b54ada6ace3402f07bb57bc4a28be041 Mon Sep 17 00:00:00 2001 From: kenjis Date: Thu, 10 Nov 2022 19:05:53 +0900 Subject: [PATCH 03/15] docs: add annotation for psalm To reduce psalm issues. --- src/Auth.php | 1 + src/Entities/User.php | 2 ++ src/Models/UserModel.php | 3 +++ tests/_support/Config/Registrar.php | 2 ++ 4 files changed, 8 insertions(+) diff --git a/src/Auth.php b/src/Auth.php index 1b063f4ee..fae81dff3 100644 --- a/src/Auth.php +++ b/src/Auth.php @@ -129,6 +129,7 @@ public function getProvider(): UserModel return $this->userProvider; } + /** @var \CodeIgniter\Shield\Config\Auth $config */ $config = config('Auth'); if (! property_exists($config, 'userProvider')) { diff --git a/src/Entities/User.php b/src/Entities/User.php index 7f104cd31..e7e394e19 100644 --- a/src/Entities/User.php +++ b/src/Entities/User.php @@ -14,10 +14,12 @@ /** * @property string|null $email + * @property int|string|null $id * @property UserIdentity[]|null $identities * @property Time|null $last_active * @property string|null $password * @property string|null $password_hash + * @property string|null $username */ class User extends Entity { diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php index 6992f2a2c..d059e76a8 100644 --- a/src/Models/UserModel.php +++ b/src/Models/UserModel.php @@ -14,6 +14,9 @@ use CodeIgniter\Shield\Exceptions\ValidationException; use Faker\Generator; +/** + * @psalm-consistent-constructor + */ class UserModel extends Model { use CheckQueryReturnTrait; diff --git a/tests/_support/Config/Registrar.php b/tests/_support/Config/Registrar.php index 182a50671..5258da8e6 100644 --- a/tests/_support/Config/Registrar.php +++ b/tests/_support/Config/Registrar.php @@ -24,6 +24,8 @@ class Registrar * DB config array for testing purposes. * * @var array + * + * @psalm-suppress RedundantCondition */ protected static $dbConfig = [ 'MySQLi' => [ From fcb6d3c4dae5a183fdbac663268b7c7d79c92d10 Mon Sep 17 00:00:00 2001 From: Pooya Parsa Dadashi Date: Sat, 12 Nov 2022 17:11:54 +0330 Subject: [PATCH 04/15] docs: fix code block languages --- docs/install.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/install.md b/docs/install.md index f9e3574b7..d18d89f4b 100644 --- a/docs/install.md +++ b/docs/install.md @@ -25,8 +25,8 @@ These instructions assume that you have already [installed the CodeIgniter 4 app Installation is done through [Composer](https://getcomposer.org). The example assumes you have it installed globally. If you have it installed as a phar, or otherwise you will need to adjust the way you call composer itself. -``` -> composer require codeigniter4/shield +```console +composer require codeigniter4/shield ``` ### Troubleshooting @@ -35,29 +35,29 @@ If you have it installed as a phar, or otherwise you will need to adjust the way If you get the following error: -``` - Could not find a version of package codeigniter4/shield matching your minimum-stability (stable). - Require it with an explicit version constraint allowing its desired stability. +```console +Could not find a version of package codeigniter4/shield matching your minimum-stability (stable). +Require it with an explicit version constraint allowing its desired stability. ``` 1. Add the following to change your [minimum-stability](https://getcomposer.org/doc/articles/versions.md#minimum-stability) in your project `composer.json`: ```json - "minimum-stability": "dev", - "prefer-stable": true, + "minimum-stability": "dev", + "prefer-stable": true, ``` 2. Or specify an explicit version: ```console - > composer require codeigniter4/shield:dev-develop + composer require codeigniter4/shield:dev-develop ``` The above specifies `develop` branch. See https://getcomposer.org/doc/articles/versions.md#branches ```console - > composer require codeigniter4/shield:^1.0.0-beta + composer require codeigniter4/shield:^1.0.0-beta ``` The above specifies `v1.0.0-beta` or later and before `v2.0.0`. @@ -70,7 +70,7 @@ If you get the following error: 1. Run the following command. This command handles steps 1-5 of *Manual Setup* and runs the migrations. ```console - > php spark shield:setup + php spark shield:setup ``` ### Manual Setup @@ -120,7 +120,7 @@ your project. 5. **Migration** Run the migrations. ```console - > php spark migrate --all + php spark migrate --all ``` #### Note: migration error From fd0d44649d643022f7950714e9d8241d7dad6e19 Mon Sep 17 00:00:00 2001 From: Pooya Parsa Dadashi Date: Sat, 12 Nov 2022 17:21:02 +0330 Subject: [PATCH 05/15] docs: add code block language for install command --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 02d3d58c3..3d68a94bc 100644 --- a/README.md +++ b/README.md @@ -54,8 +54,9 @@ Usage of Shield requires the following: ### Installation Installation is done through Composer. - - > composer require codeigniter4/shield +```console +composer require codeigniter4/shield +``` See the [docs](docs/index.md) for more specific instructions on installation and usage recommendations. From 2aadb30e74ef06f2e716b2fe37564d78d8c064d3 Mon Sep 17 00:00:00 2001 From: kenjis Date: Tue, 15 Nov 2022 09:12:26 +0900 Subject: [PATCH 06/15] docs: update doc comments on hashing algorithm --- src/Config/Auth.php | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/src/Config/Auth.php b/src/Config/Auth.php index 7d40bf424..2c094c9ea 100644 --- a/src/Config/Auth.php +++ b/src/Config/Auth.php @@ -278,30 +278,23 @@ class Auth extends BaseConfig /** * -------------------------------------------------------------------- - * Encryption Algorithm to use + * Hashing Algorithm to use * -------------------------------------------------------------------- * Valid values are * - PASSWORD_DEFAULT (default) * - PASSWORD_BCRYPT * - PASSWORD_ARGON2I - As of PHP 7.2 only if compiled with support for it * - PASSWORD_ARGON2ID - As of PHP 7.3 only if compiled with support for it - * - * If you choose to use any ARGON algorithm, then you might want to - * uncomment the "ARGON2i/D Algorithm" options to suit your needs */ public string $hashAlgorithm = PASSWORD_DEFAULT; /** * -------------------------------------------------------------------- - * ARGON2i/D Algorithm options + * ARGON2I/ARGON2ID Algorithm options * -------------------------------------------------------------------- - * The ARGON2I method of encryption allows you to define the "memory_cost", + * The ARGON2I method of hashing allows you to define the "memory_cost", * the "time_cost" and the number of "threads", whenever a password hash is * created. - * This defaults to a value of 10 which is an acceptable number. - * However, depending on the security needs of your application - * and the power of your hardware, you might want to increase the - * cost. This makes the hashing process takes longer. */ public int $hashMemoryCost = 2048; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST; @@ -310,9 +303,9 @@ class Auth extends BaseConfig /** * -------------------------------------------------------------------- - * Password Hashing Cost + * BCRYPT Algorithm options * -------------------------------------------------------------------- - * The BCRYPT method of encryption allows you to define the "cost" + * The BCRYPT method of hashing allows you to define the "cost" * or number of iterations made, whenever a password hash is created. * This defaults to a value of 10 which is an acceptable number. * However, depending on the security needs of your application From 5483ecac201e0d184e69ec01512a3b6e2411b80e Mon Sep 17 00:00:00 2001 From: kenjis Date: Tue, 15 Nov 2022 09:13:15 +0900 Subject: [PATCH 07/15] docs: update values for ARGON2I/ARGON2ID Algorithm options --- src/Config/Auth.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Config/Auth.php b/src/Config/Auth.php index 2c094c9ea..7ef2cd9bf 100644 --- a/src/Config/Auth.php +++ b/src/Config/Auth.php @@ -296,10 +296,10 @@ class Auth extends BaseConfig * the "time_cost" and the number of "threads", whenever a password hash is * created. */ - public int $hashMemoryCost = 2048; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST; + public int $hashMemoryCost = 65536; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST; - public int $hashTimeCost = 4; // PASSWORD_ARGON2_DEFAULT_TIME_COST; - public int $hashThreads = 4; // PASSWORD_ARGON2_DEFAULT_THREADS; + public int $hashTimeCost = 4; // PASSWORD_ARGON2_DEFAULT_TIME_COST; + public int $hashThreads = 1; // PASSWORD_ARGON2_DEFAULT_THREADS; /** * -------------------------------------------------------------------- From 0f7971259a8933b415f33ae59c12f89f2bb9f9b6 Mon Sep 17 00:00:00 2001 From: kenjis Date: Tue, 15 Nov 2022 09:56:24 +0900 Subject: [PATCH 08/15] style: break long line --- tests/Unit/CompositionValidatorTest.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/Unit/CompositionValidatorTest.php b/tests/Unit/CompositionValidatorTest.php index a44e6306a..ff262177b 100644 --- a/tests/Unit/CompositionValidatorTest.php +++ b/tests/Unit/CompositionValidatorTest.php @@ -45,7 +45,10 @@ public function testCheckFalse(): void $result = $this->validator->check($password); $this->assertFalse($result->isOK()); - $this->assertSame(lang('Auth.errorPasswordLength', [$this->config->minimumPasswordLength]), $result->reason()); + $this->assertSame( + lang('Auth.errorPasswordLength', [$this->config->minimumPasswordLength]), + $result->reason() + ); } public function testCheckTrue(): void From af66c7bcbbb4792fff7d1b62af9fa5868f57e071 Mon Sep 17 00:00:00 2001 From: kenjis Date: Tue, 15 Nov 2022 09:56:56 +0900 Subject: [PATCH 09/15] fix: $minimumPasswordLength is not in characters but in bytes --- .../Passwords/CompositionValidator.php | 2 +- tests/Unit/CompositionValidatorTest.php | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/Authentication/Passwords/CompositionValidator.php b/src/Authentication/Passwords/CompositionValidator.php index 5e85abbdb..dc429341b 100644 --- a/src/Authentication/Passwords/CompositionValidator.php +++ b/src/Authentication/Passwords/CompositionValidator.php @@ -32,7 +32,7 @@ public function check(string $password, ?User $user = null): Result throw AuthenticationException::forUnsetPasswordLength(); } - $passed = strlen($password) >= $this->config->minimumPasswordLength; + $passed = mb_strlen($password) >= $this->config->minimumPasswordLength; if (! $passed) { return new Result([ diff --git a/tests/Unit/CompositionValidatorTest.php b/tests/Unit/CompositionValidatorTest.php index ff262177b..d1a9fbe1d 100644 --- a/tests/Unit/CompositionValidatorTest.php +++ b/tests/Unit/CompositionValidatorTest.php @@ -51,6 +51,19 @@ public function testCheckFalse(): void ); } + public function testCheckFalseMultibyte(): void + { + $password = '🍣😀'; + + $result = $this->validator->check($password); + + $this->assertFalse($result->isOK()); + $this->assertSame( + lang('Auth.errorPasswordLength', [$this->config->minimumPasswordLength]), + $result->reason() + ); + } + public function testCheckTrue(): void { $password = '1234567890'; From f8b19b53b16fb84de3f3b3f9520643e7460e209a Mon Sep 17 00:00:00 2001 From: kenjis Date: Tue, 15 Nov 2022 11:35:45 +0900 Subject: [PATCH 10/15] docs: fix property notation --- docs/concepts.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/concepts.md b/docs/concepts.md index 7069db417..3eda4ed27 100644 --- a/docs/concepts.md +++ b/docs/concepts.md @@ -25,7 +25,7 @@ on the standard Config class if nothing is found in the database. ## User Providers You can use your own models to handle user persistence. Shield calls this the "User Provider" class. A default model -is provided for you at `CodeIgniter\Shield\Models\UserModel`. You can change this in the `Config\Auth->userProvider` setting. +is provided for you at `CodeIgniter\Shield\Models\UserModel`. You can change this in the `Config\Auth::$userProvider` setting. The only requirement is that your new class MUST extend the provided `UserModel`. ```php @@ -57,13 +57,13 @@ systems that are appropriate for your application. The following Validators are like ensuring it contained a symbol, a number, etc. According to the current [NIST recommendations](https://pages.nist.gov/800-63-3/sp800-63b.html) this only enforces a minimum length on the password. You can define the minimum length in - `Config\Auth->public $minimumPasswordLength;` This is enabled by default. The default minimum + `Config\Auth::$minimumPasswordLength` This is enabled by default. The default minimum value is `8`. - **NothingPersonalValidator** will compare the password against any fields that have been specified - in `Config\Auth->personalFields`, like first or last names, etc. Additionally, it compares it + in `Config\Auth::$personalFields`, like first or last names, etc. Additionally, it compares it against a few simple variations of the username. If the given password too closely matches any of the personal information, it will be rejected. The similarity value is defined in - `Config\Auth->maxSimilarity`. The default value is 50, but see the docblock in the config + `Config\Auth::$maxSimilarity`. The default value is 50, but see the docblock in the config file for more details. This is enabled by default. - **DictionaryValidator** will compare the password against a provided file with about 600,000 frequently used passwords that have been seen in various data dumps over the years. If the @@ -76,7 +76,7 @@ systems that are appropriate for your application. The following Validators are find acceptable. You should use either this validator or the `DictionaryValidator`, not both. This is disabled by default. -You can choose which validators are used in `Config\Auth->passwordValidators`: +You can choose which validators are used in `Config\Auth::$passwordValidators`: ```php public $passwordValidators = [ From df01dd7796f9c32946e1910a2c6404b0934d0c50 Mon Sep 17 00:00:00 2001 From: kenjis Date: Wed, 16 Nov 2022 06:54:06 +0900 Subject: [PATCH 11/15] fix: add UTF-8 to mb_strlen() Other codes specify encoding. Co-authored-by: Pooya Parsa Dadashi --- src/Authentication/Passwords/CompositionValidator.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Authentication/Passwords/CompositionValidator.php b/src/Authentication/Passwords/CompositionValidator.php index dc429341b..dec8f34af 100644 --- a/src/Authentication/Passwords/CompositionValidator.php +++ b/src/Authentication/Passwords/CompositionValidator.php @@ -32,7 +32,7 @@ public function check(string $password, ?User $user = null): Result throw AuthenticationException::forUnsetPasswordLength(); } - $passed = mb_strlen($password) >= $this->config->minimumPasswordLength; + $passed = mb_strlen($password, 'UTF-8') >= $this->config->minimumPasswordLength; if (! $passed) { return new Result([ From 0216f6f92db9872337ae3894fe5b060d229f1839 Mon Sep 17 00:00:00 2001 From: iamsyh Date: Wed, 16 Nov 2022 05:28:54 +0500 Subject: [PATCH 12/15] Update src/Config/AuthGroups.php Co-authored-by: John Paul E. Balandan, CPA --- src/Config/AuthGroups.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/Config/AuthGroups.php b/src/Config/AuthGroups.php index 38317697b..30aea179e 100644 --- a/src/Config/AuthGroups.php +++ b/src/Config/AuthGroups.php @@ -20,12 +20,14 @@ class AuthGroups extends BaseConfig * -------------------------------------------------------------------- * Groups * -------------------------------------------------------------------- - * The available groups in the system. - * Where the key is the group name, and the values are an - * array of the group info. - * Whatever value you assign as the key, will be used to refer to the group when using functions such as: - * $user->addGroup('superadmin') - * ref: https://github.com/codeigniter4/shield/blob/develop/docs/quickstart.md#change-available-groups for more info + * An associative array of the available groups in the system, where the keys are + * the group names and the values are arrays of the group info. + * + * Whatever value you assign as the key will be used to refer to the group when using functions such as: + * $user->addGroup('superadmin'); + * + * @var array> + * @see https://github.com/codeigniter4/shield/blob/develop/docs/quickstart.md#change-available-groups for more info */ public array $groups = [ 'superadmin' => [ From 4475332ef02b0cad8719d485a0fc1a00202f0ff3 Mon Sep 17 00:00:00 2001 From: iamsyh Date: Wed, 16 Nov 2022 05:55:59 +0500 Subject: [PATCH 13/15] Update AuthGroups.php --- src/Config/AuthGroups.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Config/AuthGroups.php b/src/Config/AuthGroups.php index 30aea179e..529fa1968 100644 --- a/src/Config/AuthGroups.php +++ b/src/Config/AuthGroups.php @@ -26,6 +26,7 @@ class AuthGroups extends BaseConfig * Whatever value you assign as the key will be used to refer to the group when using functions such as: * $user->addGroup('superadmin'); * + * * @var array> * @see https://github.com/codeigniter4/shield/blob/develop/docs/quickstart.md#change-available-groups for more info */ From b3b6c2313305969c523fa1d4eb37cd73a884ea39 Mon Sep 17 00:00:00 2001 From: kenjis Date: Wed, 16 Nov 2022 10:21:24 +0900 Subject: [PATCH 14/15] docs: use @phpstan-consistent-constructor instead of paslm's PHPStan is the first analyzer for our project. --- src/Models/UserModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php index d059e76a8..f9f9b3c50 100644 --- a/src/Models/UserModel.php +++ b/src/Models/UserModel.php @@ -15,7 +15,7 @@ use Faker\Generator; /** - * @psalm-consistent-constructor + * @phpstan-consistent-constructor */ class UserModel extends Model { From fb4f33d459d00d0c9780c20091b2d845023085a0 Mon Sep 17 00:00:00 2001 From: "John Paul E. Balandan, CPA" Date: Fri, 18 Nov 2022 09:45:06 +0800 Subject: [PATCH 15/15] Update src/Config/AuthGroups.php --- src/Config/AuthGroups.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Config/AuthGroups.php b/src/Config/AuthGroups.php index 529fa1968..1fef9e312 100644 --- a/src/Config/AuthGroups.php +++ b/src/Config/AuthGroups.php @@ -26,8 +26,8 @@ class AuthGroups extends BaseConfig * Whatever value you assign as the key will be used to refer to the group when using functions such as: * $user->addGroup('superadmin'); * - * * @var array> + * * @see https://github.com/codeigniter4/shield/blob/develop/docs/quickstart.md#change-available-groups for more info */ public array $groups = [