Merge 8babd47 into bc606fe

src/Config/Auth.php

@@ -18,6 +18,43 @@ class Auth extends BaseConfig
      */
     public $defaultUserGroup;
 
+    /**
+     * --------------------------------------------------------------------
+     * Landing Route
+     * --------------------------------------------------------------------
+     *
+     * This is your landing page (route name) after user success to login,
+     * i.e $landingRoute = 'dashboard'.
+     *
+     * If you set $silent = true the Permission and Role filters will
+     * use this config too for the routing.
+     *
+     * @var string
+     */
+    public $landingRoute = '/';
+
+    /**
+     * --------------------------------------------------------------------
+     * Reserverd Routes
+     * --------------------------------------------------------------------
+     *
+     * The auth routes config is listed in here and you can customize it,
+     * i.e. $reservedRoutes = ['forgot' => 'forgot-password'].
+     *
+     * Do Not Change The Key!!! Because it's the identity for routing.
+     *
+     * @var array
+     */
+    public $reservedRoutes = [
+        'login'                   => 'login',
+        'logout'                  => 'logout',
+        'register'                => 'register',
+        'activate-account'        => 'activate-account',
+        'resend-activate-account' => 'resend-activate-account',
+        'forgot'                  => 'forgot',
+        'reset-password'          => 'reset-password',
+    ];
+
     /**
      * --------------------------------------------------------------------
      * Libraries
@@ -284,7 +321,7 @@ class Auth extends BaseConfig
      * Password Check Helpers
      * --------------------------------------------------------------------
      *
-     * The PasswordValidator class runs the password through all of these
+     * The PasswordValidater class runs the password through all of these
      * classes, each getting the opportunity to pass/fail the password.
      *
      * You can add custom classes as long as they adhere to the

src/Filters/BaseFilter.php

@@ -0,0 +1,52 @@
+<?php
+
+namespace Myth\Auth\Filters;
+
+use Myth\Auth\Config\Auth as AuthConfig;
+
+abstract class BaseFilter
+{
+    /**
+     * Landing Route
+     */
+    protected $landingRoute;
+
+    /**
+     * Reserved Routes
+     */
+    protected $reservedRoutes;
+
+    /**
+     * Authenticate
+     */
+    protected $authenticate;
+
+    /**
+     * Authorize
+     */
+    protected $authorize;
+
+    /**
+     * Constructor
+     */
+    public function __construct()
+    {
+        // Load the Auth config, for constructor only!!!
+        $config = config(AuthConfig::class);
+
+        // Load the routes
+        $this->landingRoute   = $config->landingRoute;
+        $this->reservedRoutes = $config->reservedRoutes;
+
+        // Load the authenticate service
+        $this->authenticate = service('authentication');
+
+        // Load the authorize service
+        $this->authorize = service('authorization');
+
+        // Load the helper
+        if (! function_exists('logged_in')) {
+            helper('auth');
+        }
+    }
+}

src/Filters/LoginFilter.php

@@ -5,9 +5,8 @@
 use CodeIgniter\Filters\FilterInterface;
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\HTTP\ResponseInterface;
-use Config\App;
 
-class LoginFilter implements FilterInterface
+class LoginFilter extends BaseFilter implements FilterInterface
 {
     /**
      * Verifies that a user is logged in, or redirects to login.
@@ -18,32 +17,18 @@ class LoginFilter implements FilterInterface
      */
     public function before(RequestInterface $request, $params = null)
     {
-        if (! function_exists('logged_in')) {
-            helper('auth');
+        // Make sure this isn't already a Myth\Auth routes.
+        foreach ($this->reservedRoutes as $reservedRoutes => $reservedRoute) {
+            if (url_is(route_to($reservedRoute))) {
+                return;
+            }
         }
 
-        $current = (string) current_url(true)
-            ->setHost('')
-            ->setScheme('')
-            ->stripQuery('token');
-
-        $config = config(App::class);
-        if ($config->forceGlobalSecureRequests) {
-            // Remove "https:/"
-            $current = substr($current, 7);
-        }
-
-        // Make sure this isn't already a login route
-        if (in_array($current, [route_to('login'), route_to('forgot'), route_to('reset-password'), route_to('register'), route_to('activate-account')], true)) {
-            return;
-        }
-
-        // if no user is logged in then send to the login form
-        $authenticate = service('authentication');
-        if (! $authenticate->check()) {
+        // If no user is logged in then send them to the login form.
+        if (! $this->authenticate->check()) {
             session()->set('redirect_url', current_url());
 
-            return redirect('login');
+            return redirect($this->reservedRoutes['login']);
         }
     }
 

src/Filters/PermissionFilter.php

@@ -7,7 +7,7 @@
 use CodeIgniter\HTTP\ResponseInterface;
 use Myth\Auth\Exceptions\PermissionException;
 
-class PermissionFilter implements FilterInterface
+class PermissionFilter extends BaseFilter implements FilterInterface
 {
     /**
      * Do whatever processing this filter needs to do.
@@ -25,34 +25,27 @@ class PermissionFilter implements FilterInterface
      */
     public function before(RequestInterface $request, $params = null)
     {
-        if (! function_exists('logged_in')) {
-            helper('auth');
+        // If no user is logged in then send them to the login form.
+        if (! $this->authenticate->check()) {
+            session()->set('redirect_url', current_url());
+
+            return redirect($this->reservedRoutes['login']);
         }
 
         if (empty($params)) {
             return;
         }
 
-        $authenticate = service('authentication');
-
-        // if no user is logged in then send to the login form
-        if (! $authenticate->check()) {
-            session()->set('redirect_url', current_url());
-
-            return redirect('login');
-        }
-
-        $authorize = service('authorization');
-        $result    = true;
+        $result = true;
 
         // Check each requested permission
         foreach ($params as $permission) {
-            $result = $result && $authorize->hasPermission($permission, $authenticate->id());
+            $result = ($result && $this->authorize->hasPermission($permission, $this->authenticate->id()));
         }
 
         if (! $result) {
-            if ($authenticate->silent()) {
-                $redirectURL = session('redirect_url') ?? '/';
+            if ($this->authenticate->silent()) {
+                $redirectURL = session('redirect_url') ?? route_to($this->landingRoute);
                 unset($_SESSION['redirect_url']);
 
                 return redirect()->to($redirectURL)->with('error', lang('Auth.notEnoughPrivilege'));
@@ -62,8 +55,6 @@ public function before(RequestInterface $request, $params = null)
         }
     }
 
-    //--------------------------------------------------------------------
-
     /**
      * Allows After filters to inspect and modify the response
      * object as needed. This method does not allow any way
@@ -77,6 +68,4 @@ public function before(RequestInterface $request, $params = null)
     public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
     {
     }
-
-    //--------------------------------------------------------------------
 }

src/Filters/RoleFilter.php

@@ -7,7 +7,7 @@
 use CodeIgniter\HTTP\ResponseInterface;
 use Myth\Auth\Exceptions\PermissionException;
 
-class RoleFilter implements FilterInterface
+class RoleFilter extends BaseFilter implements FilterInterface
 {
     /**
      * Do whatever processing this filter needs to do.
@@ -25,34 +25,26 @@ class RoleFilter implements FilterInterface
      */
     public function before(RequestInterface $request, $params = null)
     {
-        if (! function_exists('logged_in')) {
-            helper('auth');
+        // If no user is logged in then send them to the login form.
+        if (! $this->authenticate->check()) {
+            session()->set('redirect_url', current_url());
+
+            return redirect($this->reservedRoutes['login']);
         }
 
         if (empty($params)) {
             return;
         }
 
-        $authenticate = service('authentication');
-
-        // if no user is logged in then send to the login form
-        if (! $authenticate->check()) {
-            session()->set('redirect_url', current_url());
-
-            return redirect('login');
-        }
-
-        $authorize = service('authorization');
-
         // Check each requested permission
         foreach ($params as $group) {
-            if ($authorize->inGroup($group, $authenticate->id())) {
+            if ($this->authorize->inGroup($group, $this->authenticate->id())) {
                 return;
             }
         }
 
-        if ($authenticate->silent()) {
-            $redirectURL = session('redirect_url') ?? '/';
+        if ($this->authenticate->silent()) {
+            $redirectURL = session('redirect_url') ?? route_to($this->landingRoute);
             unset($_SESSION['redirect_url']);
 
             return redirect()->to($redirectURL)->with('error', lang('Auth.notEnoughPrivilege'));
@@ -61,8 +53,6 @@ public function before(RequestInterface $request, $params = null)
         throw new PermissionException(lang('Auth.notEnoughPrivilege'));
     }
 
-    //--------------------------------------------------------------------
-
     /**
      * Allows After filters to inspect and modify the response
      * object as needed. This method does not allow any way
@@ -76,6 +66,4 @@ public function before(RequestInterface $request, $params = null)
     public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
     {
     }
-
-    //--------------------------------------------------------------------
 }