Skip to content

Commit

Permalink
Merge 782ac1d into bc606fe
Browse files Browse the repository at this point in the history
  • Loading branch information
@mjamilasfihani
mjamilasfihani committed Jul 1, 2022
2 parents bc606fe + 782ac1d commit 18e69db
Show file tree
Hide file tree
Showing 5 changed files with 147 additions and 98 deletions.
67 changes: 49 additions & 18 deletions src/Config/Auth.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,43 @@ class Auth extends BaseConfig
*/
public $defaultUserGroup;

/**
* --------------------------------------------------------------------
* Landing Route
* --------------------------------------------------------------------
*
* This is your landing page (route name) after user success to login,
* i.e $landingRoute = 'dashboard'.
*
* If you set $silent = true the Permission and Role filters will
* use this config too for the routing.
*
* @var string
*/
public $landingRoute = '/';

/**
* --------------------------------------------------------------------
* Reserverd Routes
* --------------------------------------------------------------------
*
* The auth routes config is listed in here and you can customize it,
* i.e. $reservedRoutes = ['forgot' => 'forgot-password'].
*
* Do Not Change The Key!!! Because it's the identity for routing.
*
* @var array
*/
public $reservedRoutes = [
'login' => 'login',
'logout' => 'logout',
'register' => 'register',
'activate-account' => 'activate-account',
'resend-activate-account' => 'resend-activate-account',
'forgot' => 'forgot',
'reset-password' => 'reset-password',
];

/**
* --------------------------------------------------------------------
* Libraries
Expand All @@ -37,11 +74,11 @@ class Auth extends BaseConfig
* @var array
*/
public $views = [
'login' => 'Myth\Auth\Views\login',
'register' => 'Myth\Auth\Views\register',
'forgot' => 'Myth\Auth\Views\forgot',
'reset' => 'Myth\Auth\Views\reset',
'emailForgot' => 'Myth\Auth\Views\emails\forgot',
'login' => 'Myth\Auth\Views\login',
'register' => 'Myth\Auth\Views\register',
'forgot' => 'Myth\Auth\Views\forgot',
'reset' => 'Myth\Auth\Views\reset',
'emailForgot' => 'Myth\Auth\Views\emails\forgot',
'emailActivation' => 'Myth\Auth\Views\emails\activation',
];

Expand Down Expand Up @@ -215,7 +252,7 @@ class Auth extends BaseConfig
* If you choose to use any ARGON algorithm, then you might want to
* uncomment the "ARGON2i/D Algorithm" options to suit your needs
*
* @var int|string
* @var string|int
*/
public $hashAlgorithm = PASSWORD_DEFAULT;

Expand All @@ -234,19 +271,13 @@ class Auth extends BaseConfig
* cost. This makes the hashing process takes longer.
*/

/**
* @var int
*/
/** @var int */
public $hashMemoryCost = 2048; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST;

/**
* @var int
*/
/** @var int */
public $hashTimeCost = 4; // PASSWORD_ARGON2_DEFAULT_TIME_COST;

/**
* @var int
*/
/** @var int */
public $hashThreads = 4; // PASSWORD_ARGON2_DEFAULT_THREADS;

/**
Expand Down Expand Up @@ -284,7 +315,7 @@ class Auth extends BaseConfig
* Password Check Helpers
* --------------------------------------------------------------------
*
* The PasswordValidator class runs the password through all of these
* The PasswordValidater class runs the password through all of these
* classes, each getting the opportunity to pass/fail the password.
*
* You can add custom classes as long as they adhere to the
Expand All @@ -311,7 +342,7 @@ class Auth extends BaseConfig
public $userActivators = [
'Myth\Auth\Authentication\Activators\EmailActivator' => [
'fromEmail' => null,
'fromName' => null,
'fromName' => null,
],
];

Expand All @@ -327,7 +358,7 @@ class Auth extends BaseConfig
public $userResetters = [
'Myth\Auth\Authentication\Resetters\EmailResetter' => [
'fromEmail' => null,
'fromName' => null,
'fromName' => null,
],
];

Expand Down
52 changes: 52 additions & 0 deletions src/Filters/BaseFilter.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
<?php

namespace Myth\Auth\Filters;

use Myth\Auth\Config\Auth as AuthConfig;

abstract class BaseFilter
{
/**
* Landing Route
*/
protected $landingRoute;

/**
* Reserved Routes
*/
protected $reservedRoutes;

/**
* Authenticate
*/
protected $authenticate;

/**
* Authorize
*/
protected $authorize;

/**
* Constructor
*/
public function __construct()
{
// Load the Auth config, for constructor only!!!
$config = config(AuthConfig::class);

// Load the routes
$this->landingRoute = $config->landingRoute;
$this->reservedRoutes = $config->reservedRoutes;

// Load the authenticate service
$this->authenticate = service('authentication');

// Load the authorize service
$this->authorize = service('authorization');

// Load the helper
if (! function_exists('logged_in')) {
helper('auth');
}
}
}
39 changes: 13 additions & 26 deletions src/Filters/LoginFilter.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,52 +2,39 @@

namespace Myth\Auth\Filters;

use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use Config\App;
use CodeIgniter\Filters\FilterInterface;

class LoginFilter implements FilterInterface
class LoginFilter extends BaseFilter implements FilterInterface
{
/**
* Verifies that a user is logged in, or redirects to login.
*
* @param RequestInterface $request
* @param array|null $params
*
* @return mixed
*/
public function before(RequestInterface $request, $params = null)
{
if (! function_exists('logged_in')) {
helper('auth');
}

$current = (string) current_url(true)
->setHost('')
->setScheme('')
->stripQuery('token');

$config = config(App::class);
if ($config->forceGlobalSecureRequests) {
// Remove "https:/"
$current = substr($current, 7);
}

// Make sure this isn't already a login route
if (in_array($current, [route_to('login'), route_to('forgot'), route_to('reset-password'), route_to('register'), route_to('activate-account')], true)) {
return;
// Make sure this isn't already a Myth\Auth routes.
foreach ($this->reservedRoutes as $reservedRoutes => $reservedRoute) {
if (url_is(route_to($reservedRoute))) {
return;
}
}

// if no user is logged in then send to the login form
$authenticate = service('authentication');
if (! $authenticate->check()) {
// If no user is logged in then send them to the login form.
if (! $this->authenticate->check()) {
session()->set('redirect_url', current_url());

return redirect('login');
return redirect($this->reservedRoutes['login']);
}
}

/**
* @param RequestInterface $request
* @param ResponseInterface $response
* @param array|null $arguments
*
* @return void
Expand Down
44 changes: 17 additions & 27 deletions src/Filters/PermissionFilter.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

namespace Myth\Auth\Filters;

use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Filters\FilterInterface;
use Myth\Auth\Exceptions\PermissionException;

class PermissionFilter implements FilterInterface
class PermissionFilter extends BaseFilter implements FilterInterface
{
/**
* Do whatever processing this filter needs to do.
Expand All @@ -19,64 +19,54 @@ class PermissionFilter implements FilterInterface
* sent back to the client, allowing for error pages,
* redirects, etc.
*
* @param array|null $params
* @param RequestInterface $request
* @param array|null $params
*
* @return mixed
*/
public function before(RequestInterface $request, $params = null)
{
if (! function_exists('logged_in')) {
helper('auth');
// If no user is logged in then send them to the login form.
if (! $this->authenticate->check()) {
session()->set('redirect_url', current_url());
return redirect($this->reservedRoutes['login']);
}

if (empty($params)) {
return;
}

$authenticate = service('authentication');

// if no user is logged in then send to the login form
if (! $authenticate->check()) {
session()->set('redirect_url', current_url());

return redirect('login');
}

$authorize = service('authorization');
$result = true;
$result = true;

// Check each requested permission
foreach ($params as $permission) {
$result = $result && $authorize->hasPermission($permission, $authenticate->id());
$result = ($result && $this->authorize->hasPermission($permission, $this->authenticate->id()));
}

if (! $result) {
if ($authenticate->silent()) {
$redirectURL = session('redirect_url') ?? '/';
if ($this->authenticate->silent()) {
$redirectURL = session('redirect_url') ?? route_to($this->landingRoute);
unset($_SESSION['redirect_url']);

return redirect()->to($redirectURL)->with('error', lang('Auth.notEnoughPrivilege'));
} else {
throw new PermissionException(lang('Auth.notEnoughPrivilege'));
}

throw new PermissionException(lang('Auth.notEnoughPrivilege'));
}
}

//--------------------------------------------------------------------

/**
* Allows After filters to inspect and modify the response
* object as needed. This method does not allow any way
* to stop execution of other after filters, short of
* throwing an Exception or Error.
*
* @param array|null $arguments
* @param RequestInterface $request
* @param ResponseInterface $response
* @param array|null $arguments
*
* @return void
*/
public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
{
}

//--------------------------------------------------------------------
}
Loading

0 comments on commit 18e69db

Please sign in to comment.