diff --git a/.idea/php.xml b/.idea/php.xml
index 23db7153..75575c56 100755
--- a/.idea/php.xml
+++ b/.idea/php.xml
@@ -10,6 +10,53 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/ci4/app/Config/App.php b/ci4/app/Config/App.php
index 7a913ab6..e9241050 100755
--- a/ci4/app/Config/App.php
+++ b/ci4/app/Config/App.php
@@ -11,19 +11,12 @@ class App extends BaseConfig
* Base Site URL
* --------------------------------------------------------------------------
*
- * URL to your CodeIgniter root. Typically this will be your base URL,
+ * URL to your CodeIgniter root. Typically, this will be your base URL,
* WITH a trailing slash:
*
- * http://example.com/
- *
- * If this is not set then CodeIgniter will try guess the protocol, domain
- * and path to your installation. However, you should always configure this
- * explicitly and never rely on auto-guessing, especially in production
- * environments.
- *
- * @var string
+ * E.g., http://example.com/
*/
- public $baseURL = '';
+ public string $baseURL = '';
/**
* Allowed Hostnames in the Site URL other than the hostname in the baseURL.
@@ -43,33 +36,28 @@ class App extends BaseConfig
* Index File
* --------------------------------------------------------------------------
*
- * Typically this will be your index.php file, unless you've renamed it to
- * something else. If you are using mod_rewrite to remove the page set this
- * variable so that it is blank.
- *
- * @var string
+ * Typically, this will be your `index.php` file, unless you've renamed it to
+ * something else. If you have configured your web server to remove this file
+ * from your site URIs, set this variable to an empty string.
*/
-
- public $indexPage = '';
+ public string $indexPage = '';
/**
* --------------------------------------------------------------------------
* URI PROTOCOL
* --------------------------------------------------------------------------
*
- * This item determines which getServer global should be used to retrieve the
- * URI string. The default setting of 'REQUEST_URI' works for most servers.
+ * This item determines which server global should be used to retrieve the
+ * URI string. The default setting of 'REQUEST_URI' works for most servers.
* If your links do not seem to work, try one of the other delicious flavors:
*
- * 'REQUEST_URI' Uses $_SERVER['REQUEST_URI']
- * 'QUERY_STRING' Uses $_SERVER['QUERY_STRING']
- * 'PATH_INFO' Uses $_SERVER['PATH_INFO']
+ * 'REQUEST_URI': Uses $_SERVER['REQUEST_URI']
+ * 'QUERY_STRING': Uses $_SERVER['QUERY_STRING']
+ * 'PATH_INFO': Uses $_SERVER['PATH_INFO']
*
* WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded!
- *
- * @var string
*/
- public $uriProtocol = 'REQUEST_URI';
+ public string $uriProtocol = 'REQUEST_URI';
/**
* --------------------------------------------------------------------------
@@ -80,10 +68,8 @@ class App extends BaseConfig
* is viewing the site from. It affects the language strings and other
* strings (like currency markers, numbers, etc), that your program
* should run under for this request.
- *
- * @var string
*/
- public $defaultLocale = 'es';
+ public string $defaultLocale = 'es';
/**
* --------------------------------------------------------------------------
@@ -94,10 +80,8 @@ class App extends BaseConfig
* language to use based on the value of the Accept-Language header.
*
* If false, no automatic detection will be performed.
- *
- * @var bool
*/
- public $negotiateLocale = true;
+ public bool $negotiateLocale = false;
/**
* --------------------------------------------------------------------------
@@ -108,9 +92,11 @@ class App extends BaseConfig
* by the application in descending order of priority. If no match is
* found, the first locale will be used.
*
- * @var string[]
+ * IncomingRequest::setLocale() also uses this list.
+ *
+ * @var list
*/
- public $supportedLocales = ['en','es'];
+ public array $supportedLocales = ['en', 'es'];
/**
* --------------------------------------------------------------------------
@@ -120,9 +106,10 @@ class App extends BaseConfig
* The default timezone that will be used in your application to display
* dates with the date helper, and can be retrieved through app_timezone()
*
- * @var string
+ * @see https://www.php.net/manual/en/timezones.php for list of timezones
+ * supported by PHP.
*/
- public $appTimezone = 'Europe/Madrid';
+ public string $appTimezone = 'Europe/Madrid';
/**
* --------------------------------------------------------------------------
@@ -133,211 +120,20 @@ class App extends BaseConfig
* that require a character set to be provided.
*
* @see http://php.net/htmlspecialchars for a list of supported charsets.
- *
- * @var string
*/
- public $charset = 'UTF-8';
+ public string $charset = 'UTF-8';
/**
* --------------------------------------------------------------------------
- * URI PROTOCOL
+ * Force Global Secure Requests
* --------------------------------------------------------------------------
*
* If true, this will force every request made to this application to be
* made via a secure connection (HTTPS). If the incoming request is not
* secure, the user will be redirected to a secure version of the page
- * and the HTTP Strict Transport Security header will be set.
- *
- * @var bool
+ * and the HTTP Strict Transport Security (HSTS) header will be set.
*/
- public $forceGlobalSecureRequests = false;
-
- /**
- * --------------------------------------------------------------------------
- * Session Driver
- * --------------------------------------------------------------------------
- *
- * The session storage driver to use:
- * - `CodeIgniter\Session\Handlers\FileHandler`
- * - `CodeIgniter\Session\Handlers\DatabaseHandler`
- * - `CodeIgniter\Session\Handlers\MemcachedHandler`
- * - `CodeIgniter\Session\Handlers\RedisHandler`
- *
- * @var string
- */
- public $sessionDriver = 'CodeIgniter\Session\Handlers\FileHandler';
-
- /**
- * --------------------------------------------------------------------------
- * Session Cookie Name
- * --------------------------------------------------------------------------
- *
- * The session cookie name, must contain only [0-9a-z_-] characters
- *
- * @var string
- */
- public $sessionCookieName = 'ci_session';
-
- /**
- * --------------------------------------------------------------------------
- * Session Expiration
- * --------------------------------------------------------------------------
- *
- * The number of SECONDS you want the session to last.
- * Setting to 0 (zero) means expire when the browser is closed.
- *
- * @var int
- */
- public $sessionExpiration = 7200;
-
- /**
- * --------------------------------------------------------------------------
- * Session Save Path
- * --------------------------------------------------------------------------
- *
- * The location to save sessions to and is driver dependent.
- *
- * For the 'files' driver, it's a path to a writable directory.
- * WARNING: Only absolute paths are supported!
- *
- * For the 'database' driver, it's a table name.
- * Please read up the manual for the format with other session drivers.
- *
- * IMPORTANT: You are REQUIRED to set a valid save path!
- *
- * @var string
- */
- public $sessionSavePath = WRITEPATH . 'session';
-
- /**
- * --------------------------------------------------------------------------
- * Session Match IP
- * --------------------------------------------------------------------------
- *
- * Whether to match the user's IP address when reading the session data.
- *
- * WARNING: If you're using the database driver, don't forget to update
- * your session table's PRIMARY KEY when changing this setting.
- *
- * @var bool
- */
- public $sessionMatchIP = false;
-
- /**
- * --------------------------------------------------------------------------
- * Session Time to Update
- * --------------------------------------------------------------------------
- *
- * How many seconds between CI regenerating the session ID.
- *
- * @var int
- */
- public $sessionTimeToUpdate = 300;
-
- /**
- * --------------------------------------------------------------------------
- * Session Regenerate Destroy
- * --------------------------------------------------------------------------
- *
- * Whether to destroy session data associated with the old session ID
- * when auto-regenerating the session ID. When set to FALSE, the data
- * will be later deleted by the garbage collector.
- *
- * @var bool
- */
- public $sessionRegenerateDestroy = false;
-
- /**
- * --------------------------------------------------------------------------
- * Cookie Prefix
- * --------------------------------------------------------------------------
- *
- * Set a cookie name prefix if you need to avoid collisions.
- *
- * @var string
- *
- * @deprecated use Config\Cookie::$prefix property instead.
- */
- public $cookiePrefix = '';
-
- /**
- * --------------------------------------------------------------------------
- * Cookie Domain
- * --------------------------------------------------------------------------
- *
- * Set to `.your-domain.com` for site-wide cookies.
- *
- * @var string
- *
- * @deprecated use Config\Cookie::$domain property instead.
- */
- public $cookieDomain = '';
-
- /**
- * --------------------------------------------------------------------------
- * Cookie Path
- * --------------------------------------------------------------------------
- *
- * Typically will be a forward slash.
- *
- * @var string
- *
- * @deprecated use Config\Cookie::$path property instead.
- */
- public $cookiePath = '/';
-
- /**
- * --------------------------------------------------------------------------
- * Cookie Secure
- * --------------------------------------------------------------------------
- *
- * Cookie will only be set if a secure HTTPS connection exists.
- *
- * @var bool
- *
- * @deprecated use Config\Cookie::$secure property instead.
- */
- public $cookieSecure = false;
-
- /**
- * --------------------------------------------------------------------------
- * Cookie HttpOnly
- * --------------------------------------------------------------------------
- *
- * Cookie will only be accessible via HTTP(S) (no JavaScript).
- *
- * @var bool
- *
- * @deprecated use Config\Cookie::$httponly property instead.
- */
- public $cookieHTTPOnly = true;
-
- /**
- * --------------------------------------------------------------------------
- * Cookie SameSite
- * --------------------------------------------------------------------------
- *
- * Configure cookie SameSite setting. Allowed values are:
- * - None
- * - Lax
- * - Strict
- * - ''
- *
- * Alternatively, you can use the constant names:
- * - `Cookie::SAMESITE_NONE`
- * - `Cookie::SAMESITE_LAX`
- * - `Cookie::SAMESITE_STRICT`
- *
- * Defaults to `Lax` for compatibility with modern browsers. Setting `''`
- * (empty string) means default SameSite attribute set by browsers (`Lax`)
- * will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
- *
- * @var string
- *
- * @deprecated use Config\Cookie::$samesite property instead.
- */
- public $cookieSameSite = 'Lax';
-
+ public bool $forceGlobalSecureRequests = false;
/**
* --------------------------------------------------------------------------
@@ -362,104 +158,6 @@ class App extends BaseConfig
*/
public array $proxyIPs = [];
- /**
- * --------------------------------------------------------------------------
- * CSRF Token Name
- * --------------------------------------------------------------------------
- *
- * The token name.
- *
- * @deprecated Use `Config\Security` $tokenName property instead of using this property.
- *
- * @var string
- */
- public $CSRFTokenName = 'csrf_test_name';
-
- /**
- * --------------------------------------------------------------------------
- * CSRF Header Name
- * --------------------------------------------------------------------------
- *
- * The header name.
- *
- * @deprecated Use `Config\Security` $headerName property instead of using this property.
- *
- * @var string
- */
- public $CSRFHeaderName = 'X-CSRF-TOKEN';
-
- /**
- * --------------------------------------------------------------------------
- * CSRF Cookie Name
- * --------------------------------------------------------------------------
- *
- * The cookie name.
- *
- * @deprecated Use `Config\Security` $cookieName property instead of using this property.
- *
- * @var string
- */
- public $CSRFCookieName = 'csrf_cookie_name';
-
- /**
- * --------------------------------------------------------------------------
- * CSRF Expire
- * --------------------------------------------------------------------------
- *
- * The number in seconds the token should expire.
- *
- * @deprecated Use `Config\Security` $expire property instead of using this property.
- *
- * @var int
- */
- public $CSRFExpire = 7200;
-
- /**
- * --------------------------------------------------------------------------
- * CSRF Regenerate
- * --------------------------------------------------------------------------
- *
- * Regenerate token on every submission?
- *
- * @deprecated Use `Config\Security` $regenerate property instead of using this property.
- *
- * @var bool
- */
- public $CSRFRegenerate = true;
-
- /**
- * --------------------------------------------------------------------------
- * CSRF Redirect
- * --------------------------------------------------------------------------
- *
- * Redirect to previous page with error on failure?
- *
- * @deprecated Use `Config\Security` $redirect property instead of using this property.
- *
- * @var bool
- */
- public $CSRFRedirect = true;
-
- /**
- * --------------------------------------------------------------------------
- * CSRF SameSite
- * --------------------------------------------------------------------------
- *
- * Setting for CSRF SameSite cookie token. Allowed values are:
- * - None
- * - Lax
- * - Strict
- * - ''
- *
- * Defaults to `Lax` as recommended in this link:
- *
- * @see https://portswigger.net/web-security/csrf/samesite-cookies
- * @deprecated Use `Config\Security` $samesite property instead of using this property.
- *
- * @var string
- */
- public $CSRFSameSite = 'Lax';
-
/**
* --------------------------------------------------------------------------
* Content Security Policy
@@ -475,9 +173,6 @@ class App extends BaseConfig
*
* @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
* @see http://www.w3.org/TR/CSP/
- *
- * @var bool
*/
- public $CSPEnabled = false;
-
+ public bool $CSPEnabled = false;
}
diff --git a/ci4/app/Config/Auth.php b/ci4/app/Config/Auth.php
new file mode 100644
index 00000000..a373b4c0
--- /dev/null
+++ b/ci4/app/Config/Auth.php
@@ -0,0 +1,529 @@
+
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Config;
+
+use CodeIgniter\Shield\Config\Auth as ShieldAuth;
+use CodeIgniter\Shield\Authentication\Actions\ActionInterface;
+use CodeIgniter\Shield\Authentication\AuthenticatorInterface;
+use CodeIgniter\Shield\Authentication\Authenticators\AccessTokens;
+use CodeIgniter\Shield\Authentication\Authenticators\HmacSha256;
+use CodeIgniter\Shield\Authentication\Authenticators\JWT;
+use CodeIgniter\Shield\Authentication\Authenticators\Session;
+use CodeIgniter\Shield\Authentication\Passwords\CompositionValidator;
+use CodeIgniter\Shield\Authentication\Passwords\DictionaryValidator;
+use CodeIgniter\Shield\Authentication\Passwords\NothingPersonalValidator;
+use CodeIgniter\Shield\Authentication\Passwords\PwnedValidator;
+use CodeIgniter\Shield\Authentication\Passwords\ValidatorInterface;
+use CodeIgniter\Shield\Models\UserModel;
+
+class Auth extends ShieldAuth
+{
+ /**
+ * ////////////////////////////////////////////////////////////////////
+ * AUTHENTICATION
+ * ////////////////////////////////////////////////////////////////////
+ */
+
+ // Constants for Record Login Attempts. Do not change.
+ public const RECORD_LOGIN_ATTEMPT_NONE = 0; // Do not record at all
+ public const RECORD_LOGIN_ATTEMPT_FAILURE = 1; // Record only failures
+ public const RECORD_LOGIN_ATTEMPT_ALL = 2; // Record all login attempts
+
+ /**
+ * --------------------------------------------------------------------
+ * View files
+ * --------------------------------------------------------------------
+ */
+ public array $views = [
+ 'login' => '\App\Views\Shield\login',
+ 'register' => '\App\Views\Shield\register',
+ 'layout' => '\App\Views\Shield\layout',
+ 'action_email_2fa' => '\CodeIgniter\Shield\Views\email_2fa_show',
+ 'action_email_2fa_verify' => '\CodeIgniter\Shield\Views\email_2fa_verify',
+ 'action_email_2fa_email' => '\CodeIgniter\Shield\Views\Email\email_2fa_email',
+ 'action_email_activate_show' => '\CodeIgniter\Shield\Views\email_activate_show',
+ 'action_email_activate_email' => '\CodeIgniter\Shield\Views\Email\email_activate_email',
+ 'magic-link-login' => '\App\Views\Shield\magic_link_form',
+ 'magic-link-message' => '\CodeIgniter\Shield\Views\magic_link_message',
+ 'magic-link-email' => '\CodeIgniter\Shield\Views\Email\magic_link_email',
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * Redirect URLs
+ * --------------------------------------------------------------------
+ * The default URL that a user will be redirected to after various auth
+ * actions. This can be either of the following:
+ *
+ * 1. An absolute URL. E.g. http://example.com OR https://example.com
+ * 2. A named route that can be accessed using `route_to()` or `url_to()`
+ * 3. A URI path within the application. e.g 'admin', 'login', 'expath'
+ *
+ * If you need more flexibility you can override the `getUrl()` method
+ * to apply any logic you may need.
+ */
+ public array $redirects = [
+ 'register' => '/',
+ 'login' => '/',
+ 'logout' => 'login',
+ 'force_reset' => '/',
+ 'permission_denied' => '/',
+ 'group_denied' => '/',
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * Authentication Actions
+ * --------------------------------------------------------------------
+ * Specifies the class that represents an action to take after
+ * the user logs in or registers a new account at the site.
+ *
+ * You must register actions in the order of the actions to be performed.
+ *
+ * Available actions with Shield:
+ * - register: \CodeIgniter\Shield\Authentication\Actions\EmailActivator::class
+ * - login: \CodeIgniter\Shield\Authentication\Actions\Email2FA::class
+ *
+ * @var array|null>
+ */
+ public array $actions = [
+ 'register' => null,
+ 'login' => null,
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * Authenticators
+ * --------------------------------------------------------------------
+ * The available authentication systems, listed
+ * with alias and class name. These can be referenced
+ * by alias in the auth helper:
+ * auth('tokens')->attempt($credentials);
+ *
+ * @var array>
+ */
+ public array $authenticators = [
+ 'tokens' => AccessTokens::class,
+ 'session' => Session::class,
+ 'hmac' => HmacSha256::class,
+ // 'jwt' => JWT::class,
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * Default Authenticator
+ * --------------------------------------------------------------------
+ * The Authenticator to use when none is specified.
+ * Uses the $key from the $authenticators array above.
+ */
+ public string $defaultAuthenticator = 'session';
+
+ /**
+ * --------------------------------------------------------------------
+ * Authentication Chain
+ * --------------------------------------------------------------------
+ * The Authenticators to test logged in status against
+ * when using the 'chain' filter. Each Authenticator listed will be checked.
+ * If no match is found, then the next in the chain will be checked.
+ *
+ * @var string[]
+ * @phpstan-var list
+ */
+ public array $authenticationChain = [
+ 'session',
+ 'tokens',
+ 'hmac',
+ // 'jwt',
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * Allow Registration
+ * --------------------------------------------------------------------
+ * Determines whether users can register for the site.
+ */
+ public bool $allowRegistration = true;
+
+ /**
+ * --------------------------------------------------------------------
+ * Record Last Active Date
+ * --------------------------------------------------------------------
+ * If true, will always update the `last_active` datetime for the
+ * logged-in user on every page request.
+ * This feature only works when session/tokens filter is active.
+ *
+ * @see https://codeigniter4.github.io/shield/quick_start_guide/using_session_auth/#protecting-pages for set filters.
+ */
+ public bool $recordActiveDate = true;
+
+ /**
+ * --------------------------------------------------------------------
+ * Allow Magic Link Logins
+ * --------------------------------------------------------------------
+ * If true, will allow the use of "magic links" sent via the email
+ * as a way to log a user in without the need for a password.
+ * By default, this is used in place of a password reset flow, but
+ * could be modified as the only method of login once an account
+ * has been set up.
+ */
+ public bool $allowMagicLinkLogins = true;
+
+ /**
+ * --------------------------------------------------------------------
+ * Magic Link Lifetime
+ * --------------------------------------------------------------------
+ * Specifies the amount of time, in seconds, that a magic link is valid.
+ * You can use Time Constants or any desired number.
+ */
+ public int $magicLinkLifetime = HOUR;
+
+ /**
+ * --------------------------------------------------------------------
+ * Session Authenticator Configuration
+ * --------------------------------------------------------------------
+ * These settings only apply if you are using the Session Authenticator
+ * for authentication.
+ *
+ * - field The name of the key the current user info is stored in session
+ * - allowRemembering Does the system allow use of "remember-me"
+ * - rememberCookieName The name of the cookie to use for "remember-me"
+ * - rememberLength The length of time, in seconds, to remember a user.
+ *
+ * @var array
+ */
+ public array $sessionConfig = [
+ 'field' => 'user',
+ 'allowRemembering' => true,
+ 'rememberCookieName' => 'remember',
+ 'rememberLength' => 30 * DAY,
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * The validation rules for username
+ * --------------------------------------------------------------------
+ *
+ * Do not use string rules like `required|valid_email`.
+ *
+ * @var array|string>
+ */
+ public array $usernameValidationRules = [
+ 'label' => 'Auth.username',
+ 'rules' => [
+ 'required',
+ 'max_length[30]',
+ 'min_length[3]',
+ 'regex_match[/\A[a-zA-Z0-9\.]+\z/]',
+ ],
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * The validation rules for email
+ * --------------------------------------------------------------------
+ *
+ * Do not use string rules like `required|valid_email`.
+ *
+ * @var array|string>
+ */
+ public array $emailValidationRules = [
+ 'label' => 'Auth.email',
+ 'rules' => [
+ 'required',
+ 'max_length[254]',
+ 'valid_email',
+ ],
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * Minimum Password Length
+ * --------------------------------------------------------------------
+ * The minimum length that a password must be to be accepted.
+ * Recommended minimum value by NIST = 8 characters.
+ */
+ public int $minimumPasswordLength = 8;
+
+ /**
+ * --------------------------------------------------------------------
+ * Password Check Helpers
+ * --------------------------------------------------------------------
+ * The PasswordValidator class runs the password through all of these
+ * classes, each getting the opportunity to pass/fail the password.
+ * You can add custom classes as long as they adhere to the
+ * CodeIgniter\Shield\Authentication\Passwords\ValidatorInterface.
+ *
+ * @var class-string[]
+ */
+ public array $passwordValidators = [
+ CompositionValidator::class,
+ NothingPersonalValidator::class,
+ DictionaryValidator::class,
+ // PwnedValidator::class,
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * Valid login fields
+ * --------------------------------------------------------------------
+ * Fields that are available to be used as credentials for login.
+ */
+ public array $validFields = [
+ 'email',
+ // 'username',
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * Additional Fields for "Nothing Personal"
+ * --------------------------------------------------------------------
+ * The NothingPersonalValidator prevents personal information from
+ * being used in passwords. The email and username fields are always
+ * considered by the validator. Do not enter those field names here.
+ *
+ * An extended User Entity might include other personal info such as
+ * first and/or last names. $personalFields is where you can add
+ * fields to be considered as "personal" by the NothingPersonalValidator.
+ * For example:
+ * $personalFields = ['firstname', 'lastname'];
+ */
+ public array $personalFields = [];
+
+ /**
+ * --------------------------------------------------------------------
+ * Password / Username Similarity
+ * --------------------------------------------------------------------
+ * Among other things, the NothingPersonalValidator checks the
+ * amount of sameness between the password and username.
+ * Passwords that are too much like the username are invalid.
+ *
+ * The value set for $maxSimilarity represents the maximum percentage
+ * of similarity at which the password will be accepted. In other words, any
+ * calculated similarity equal to, or greater than $maxSimilarity
+ * is rejected.
+ *
+ * The accepted range is 0-100, with 0 (zero) meaning don't check similarity.
+ * Using values at either extreme of the *working range* (1-100) is
+ * not advised. The low end is too restrictive and the high end is too permissive.
+ * The suggested value for $maxSimilarity is 50.
+ *
+ * You may be thinking that a value of 100 should have the effect of accepting
+ * everything like a value of 0 does. That's logical and probably true,
+ * but is unproven and untested. Besides, 0 skips the work involved
+ * making the calculation unlike when using 100.
+ *
+ * The (admittedly limited) testing that's been done suggests a useful working range
+ * of 50 to 60. You can set it lower than 50, but site users will probably start
+ * to complain about the large number of proposed passwords getting rejected.
+ * At around 60 or more it starts to see pairs like 'captain joe' and 'joe*captain' as
+ * perfectly acceptable which clearly they are not.
+ *
+ * To disable similarity checking set the value to 0.
+ * public $maxSimilarity = 0;
+ */
+ public int $maxSimilarity = 50;
+
+ /**
+ * --------------------------------------------------------------------
+ * Hashing Algorithm to use
+ * --------------------------------------------------------------------
+ * Valid values are
+ * - PASSWORD_DEFAULT (default)
+ * - PASSWORD_BCRYPT
+ * - PASSWORD_ARGON2I - As of PHP 7.2 only if compiled with support for it
+ * - PASSWORD_ARGON2ID - As of PHP 7.3 only if compiled with support for it
+ */
+ public string $hashAlgorithm = PASSWORD_DEFAULT;
+
+ /**
+ * --------------------------------------------------------------------
+ * ARGON2I/ARGON2ID Algorithm options
+ * --------------------------------------------------------------------
+ * The ARGON2I method of hashing allows you to define the "memory_cost",
+ * the "time_cost" and the number of "threads", whenever a password hash is
+ * created.
+ */
+ public int $hashMemoryCost = 65536; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST;
+
+ public int $hashTimeCost = 4; // PASSWORD_ARGON2_DEFAULT_TIME_COST;
+ public int $hashThreads = 1; // PASSWORD_ARGON2_DEFAULT_THREADS;
+
+ /**
+ * --------------------------------------------------------------------
+ * BCRYPT Algorithm options
+ * --------------------------------------------------------------------
+ * The BCRYPT method of hashing allows you to define the "cost"
+ * or number of iterations made, whenever a password hash is created.
+ * This defaults to a value of 12 which is an acceptable number.
+ * However, depending on the security needs of your application
+ * and the power of your hardware, you might want to increase the
+ * cost. This makes the hashing process takes longer.
+ *
+ * Valid range is between 4 - 31.
+ */
+ public int $hashCost = 12;
+
+ /**
+ * ////////////////////////////////////////////////////////////////////
+ * OTHER SETTINGS
+ * ////////////////////////////////////////////////////////////////////
+ */
+
+ /**
+ * --------------------------------------------------------------------
+ * Customize the DB group used for each model
+ * --------------------------------------------------------------------
+ */
+ public ?string $DBGroup = null;
+
+ /**
+ * --------------------------------------------------------------------
+ * Customize Name of Shield Tables
+ * --------------------------------------------------------------------
+ * Only change if you want to rename the default Shield table names
+ *
+ * It may be necessary to change the names of the tables for
+ * security reasons, to prevent the conflict of table names,
+ * the internal policy of the companies or any other reason.
+ *
+ * - users Auth Users Table, the users info is stored.
+ * - auth_identities Auth Identities Table, Used for storage of passwords, access tokens, social login identities, etc.
+ * - auth_logins Auth Login Attempts, Table records login attempts.
+ * - auth_token_logins Auth Token Login Attempts Table, Records Bearer Token type login attempts.
+ * - auth_remember_tokens Auth Remember Tokens (remember-me) Table.
+ * - auth_groups_users Groups Users Table.
+ * - auth_permissions_users Users Permissions Table.
+ *
+ * @var array
+ */
+ public array $tables = [
+ 'users' => 'users',
+ 'identities' => 'auth_identities',
+ 'logins' => 'auth_logins',
+ 'token_logins' => 'auth_token_logins',
+ 'remember_tokens' => 'auth_remember_tokens',
+ 'groups_users' => 'auth_groups_users',
+ 'permissions_users' => 'auth_permissions_users',
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * User Provider
+ * --------------------------------------------------------------------
+ * The name of the class that handles user persistence.
+ * By default, this is the included UserModel, which
+ * works with any of the database engines supported by CodeIgniter.
+ * You can change it as long as they adhere to the
+ * CodeIgniter\Shield\Models\UserModel.
+ *
+ * @var class-string
+ */
+ public string $userProvider = UserModel::class;
+
+ /**
+ * Returns the URL that a user should be redirected
+ * to after a successful login.
+ */
+ public function loginRedirect(): string
+ {
+ $session = session();
+ $url = $session->getTempdata('beforeLoginUrl') ?? setting('Auth.redirects')['login'];
+
+ return $this->getUrl($url);
+ }
+
+ /**
+ * Returns the URL that a user should be redirected
+ * to after they are logged out.
+ */
+ public function logoutRedirect(): string
+ {
+ $url = setting('Auth.redirects')['logout'];
+
+ return $this->getUrl($url);
+ }
+
+ /**
+ * Returns the URL the user should be redirected to
+ * after a successful registration.
+ */
+ public function registerRedirect(): string
+ {
+ $url = setting('Auth.redirects')['register'];
+
+ return $this->getUrl($url);
+ }
+
+ /**
+ * Returns the URL the user should be redirected to
+ * if force_reset identity is set to true.
+ */
+ public function forcePasswordResetRedirect(): string
+ {
+ $url = setting('Auth.redirects')['force_reset'];
+
+ return $this->getUrl($url);
+ }
+
+ /**
+ * Returns the URL the user should be redirected to
+ * if permission denied.
+ */
+ public function permissionDeniedRedirect(): string
+ {
+ $url = setting('Auth.redirects')['permission_denied'];
+
+ return $this->getUrl($url);
+ }
+
+ /**
+ * Returns the URL the user should be redirected to
+ * if group denied.
+ */
+ public function groupDeniedRedirect(): string
+ {
+ $url = setting('Auth.redirects')['group_denied'];
+
+ return $this->getUrl($url);
+ }
+
+ /**
+ * Accepts a string which can be an absolute URL or
+ * a named route or just a URI path, and returns the
+ * full path.
+ *
+ * @param string $url an absolute URL or a named route or just URI path
+ */
+ protected function getUrl(string $url): string
+ {
+ // To accommodate all url patterns
+ $final_url = '';
+
+ switch (true) {
+ case strpos($url, 'http://') === 0 || strpos($url, 'https://') === 0: // URL begins with 'http' or 'https'. E.g. http://example.com
+ $final_url = $url;
+ break;
+
+ case route_to($url) !== false: // URL is a named-route
+ $final_url = rtrim(url_to($url), '/ ');
+ break;
+
+ default: // URL is a route (URI path)
+ $final_url = rtrim(site_url($url), '/ ');
+ break;
+ }
+
+ return $final_url;
+ }
+}
diff --git a/ci4/app/Config/AuthGroups.php b/ci4/app/Config/AuthGroups.php
new file mode 100644
index 00000000..81bdcb8b
--- /dev/null
+++ b/ci4/app/Config/AuthGroups.php
@@ -0,0 +1,120 @@
+
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Config;
+
+use CodeIgniter\Shield\Config\AuthGroups as ShieldAuthGroups;
+
+class AuthGroups extends ShieldAuthGroups
+{
+ /**
+ * --------------------------------------------------------------------
+ * Default Group
+ * --------------------------------------------------------------------
+ * The group that a newly registered user is added to.
+ */
+ public string $defaultGroup = 'user';
+
+ /**
+ * --------------------------------------------------------------------
+ * Groups
+ * --------------------------------------------------------------------
+ * An associative array of the available groups in the system, where the keys
+ * are the group names and the values are arrays of the group info.
+ *
+ * Whatever value you assign as the key will be used to refer to the group
+ * when using functions such as:
+ * $user->addGroup('superadmin');
+ *
+ * @var array>
+ *
+ * @see https://codeigniter4.github.io/shield/quick_start_guide/using_authorization/#change-available-groups for more info
+ */
+ public array $groups = [
+ 'superadmin' => [
+ 'title' => 'Super Admin',
+ 'description' => 'Complete control of the site.',
+ ],
+ 'admin' => [
+ 'title' => 'Admin',
+ 'description' => 'Day to day administrators of the site.',
+ ],
+ 'developer' => [
+ 'title' => 'Developer',
+ 'description' => 'Site programmers.',
+ ],
+ 'user' => [
+ 'title' => 'User',
+ 'description' => 'General users of the site. Often customers.',
+ ],
+ 'beta' => [
+ 'title' => 'Beta User',
+ 'description' => 'Has access to beta-level features.',
+ ],
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * Permissions
+ * --------------------------------------------------------------------
+ * The available permissions in the system.
+ *
+ * If a permission is not listed here it cannot be used.
+ */
+ public array $permissions = [
+ 'admin.access' => 'Can access the sites admin area',
+ 'admin.settings' => 'Can access the main site settings',
+ 'users.manage-admins' => 'Can manage other admins',
+ 'users.list' => 'Can list user stuff',
+ 'users.create' => 'Can create new non-admin users',
+ 'users.edit' => 'Can edit existing non-admin users',
+ 'users.delete' => 'Can delete existing non-admin users',
+ 'beta.access' => 'Can access beta-level features',
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * Permissions Matrix
+ * --------------------------------------------------------------------
+ * Maps permissions to groups.
+ *
+ * This defines group-level permissions.
+ */
+ public array $matrix = [
+ "superadmin"=> [
+ "admin.*",
+ "users.*",
+ "beta.*"
+ ],
+ "admin"=> [
+ "admin.access",
+ "users.create",
+ "users.edit",
+ "users.delete",
+ "beta.access"
+ ],
+ "developer"=> [
+ "admin.access",
+ "admin.settings",
+ "users.create",
+ "users.edit",
+ "beta.access"
+ ],
+ "user"=> [
+ "users.list"
+ ],
+ "beta"=> [
+ "beta.access"
+ ]
+ ];
+}
\ No newline at end of file
diff --git a/ci4/app/Config/AuthToken.php b/ci4/app/Config/AuthToken.php
new file mode 100644
index 00000000..7ad404f0
--- /dev/null
+++ b/ci4/app/Config/AuthToken.php
@@ -0,0 +1,138 @@
+
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Config;
+
+use CodeIgniter\Shield\Config\AuthToken as ShieldAuthToken;
+
+/**
+ * Configuration for Token Auth and HMAC Auth
+ */
+class AuthToken extends ShieldAuthToken
+{
+ /**
+ * --------------------------------------------------------------------
+ * Record Login Attempts for Token Auth and HMAC Auth
+ * --------------------------------------------------------------------
+ * Specify which login attempts are recorded in the database.
+ *
+ * Valid values are:
+ * - Auth::RECORD_LOGIN_ATTEMPT_NONE
+ * - Auth::RECORD_LOGIN_ATTEMPT_FAILURE
+ * - Auth::RECORD_LOGIN_ATTEMPT_ALL
+ */
+ public int $recordLoginAttempt = Auth::RECORD_LOGIN_ATTEMPT_FAILURE;
+
+ /**
+ * --------------------------------------------------------------------
+ * Name of Authenticator Header
+ * --------------------------------------------------------------------
+ * The name of Header that the Authorization token should be found.
+ * According to the specs, this should be `Authorization`, but rare
+ * circumstances might need a different header.
+ */
+ public array $authenticatorHeader = [
+ 'tokens' => 'Authorization',
+ 'hmac' => 'Authorization',
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * Unused Token Lifetime for Token Auth and HMAC Auth
+ * --------------------------------------------------------------------
+ * Determines the amount of time, in seconds, that an unused token can
+ * be used.
+ */
+ public int $unusedTokenLifetime = YEAR;
+
+ /**
+ * --------------------------------------------------------------------
+ * Secret2 storage character limit
+ * --------------------------------------------------------------------
+ * Database size limit for the identities 'secret2' field.
+ */
+ public int $secret2StorageLimit = 255;
+
+ /**
+ * --------------------------------------------------------------------
+ * HMAC secret key byte size
+ * --------------------------------------------------------------------
+ * Specify in integer the desired byte size of the
+ * HMAC SHA256 byte size
+ */
+ public int $hmacSecretKeyByteSize = 32;
+
+ /**
+ * --------------------------------------------------------------------
+ * HMAC encryption Keys
+ * --------------------------------------------------------------------
+ * This sets the key to be used when encrypting a user's HMAC Secret Key.
+ *
+ * 'keys' is an array of keys which will facilitate key rotation. Valid
+ * keyTitles must include only [a-zA-Z0-9_] and should be kept to a
+ * max of 8 characters.
+ *
+ * Each keyTitle is an associative array containing the required 'key'
+ * value, and the optional 'driver' and 'digest' values. If the
+ * 'driver' and 'digest' values are not specified, the default 'driver'
+ * and 'digest' values will be used.
+ *
+ * Old keys will are used to decrypt existing Secret Keys. It is encouraged
+ * to run 'php spark shield:hmac reencrypt' to update existing Secret
+ * Key encryptions.
+ *
+ * @see https://codeigniter.com/user_guide/libraries/encryption.html
+ *
+ * @var array|string
+ *
+ * NOTE: The value becomes temporarily a string when setting value as JSON
+ * from environment variable.
+ *
+ * [key_name => ['key' => key_value]]
+ * or [key_name => ['key' => key_value, 'driver' => driver, 'digest' => digest]]
+ */
+ public $hmacEncryptionKeys = [
+ 'k1' => [
+ 'key' => '',
+ ],
+ ];
+
+ /**
+ * --------------------------------------------------------------------
+ * HMAC Current Encryption Key Selector
+ * --------------------------------------------------------------------
+ * This specifies which of the encryption keys should be used.
+ */
+ public string $hmacEncryptionCurrentKey = 'k1';
+
+ /**
+ * --------------------------------------------------------------------
+ * HMAC Encryption Key Driver
+ * --------------------------------------------------------------------
+ * This specifies which of the encryption drivers should be used.
+ *
+ * Available drivers:
+ * - OpenSSL
+ * - Sodium
+ */
+ public string $hmacEncryptionDefaultDriver = 'OpenSSL';
+
+ /**
+ * --------------------------------------------------------------------
+ * HMAC Encryption Key Driver
+ * --------------------------------------------------------------------
+ * THis specifies the type of encryption to be used.
+ * e.g. 'SHA512' or 'SHA256'.
+ */
+ public string $hmacEncryptionDefaultDigest = 'SHA512';
+}
diff --git a/ci4/app/Config/Autoload.php b/ci4/app/Config/Autoload.php
index 5f149426..e874357d 100755
--- a/ci4/app/Config/Autoload.php
+++ b/ci4/app/Config/Autoload.php
@@ -85,4 +85,17 @@ class Autoload extends AutoloadConfig
* @var array
*/
public $files = [];
+
+ /**
+ * -------------------------------------------------------------------
+ * Helpers
+ * -------------------------------------------------------------------
+ * Prototype:
+ * $helpers = [
+ * 'form',
+ * ];
+ *
+ * @var list
+ */
+ public $helpers = ['auth', 'setting'];
}
diff --git a/ci4/app/Config/Filters.php b/ci4/app/Config/Filters.php
index 3f938c90..15d7414c 100755
--- a/ci4/app/Config/Filters.php
+++ b/ci4/app/Config/Filters.php
@@ -2,13 +2,13 @@
namespace Config;
-use App\Filters\JWTAuthFilter;
-use App\Filters\LoginAuthFilter;
-use App\Filters\ThrottlerFilter;
use CodeIgniter\Config\BaseConfig;
use CodeIgniter\Filters\CSRF;
use CodeIgniter\Filters\DebugToolbar;
use CodeIgniter\Filters\Honeypot;
+use CodeIgniter\Filters\InvalidChars;
+use CodeIgniter\Filters\SecureHeaders;
+
class Filters extends BaseConfig
{
@@ -16,54 +16,40 @@ class Filters extends BaseConfig
* Configures aliases for Filter classes to
* make reading things nicer and simpler.
*
- * @var array
+ * @var array> [filter_name => classname]
+ * or [filter_name => [classname1, classname2, ...]]
*/
- public $aliases = [
- 'csrf' => CSRF::class,
- 'toolbar' => DebugToolbar::class,
+ public array $aliases = [
+ 'csrf' => CSRF::class,
+ 'toolbar' => DebugToolbar::class,
'honeypot' => Honeypot::class,
- 'auth' => JWTAuthFilter::class,
- 'throttler' => ThrottlerFilter::class,
- 'login' => LoginAuthFilter::class,
+ 'invalidchars' => InvalidChars::class,
+ 'secureheaders' => SecureHeaders::class,
];
/**
* List of filter aliases that are always
* applied before and after every request.
*
- * @var array
+ * @var array>>|array>
*/
- public $globals = [
+ public array $globals = [
'before' => [
- 'login' => [
- 'except' => [
- 'login',
- 'login/*',
- 'oauth',
- 'oauth/*',
- 'api',
- 'api/*',
- 'cron',
- 'cron/*',
- 'lang',
- 'lang/*',
- 'language',
- 'language/*',
- 'integration',
- 'integration/*'
- ]
- ],
// 'honeypot',
- 'csrf' => [
+ // 'csrf',
+ // 'invalidchars',
+ 'session' => [
'except' => [
- 'api',
- 'api/*'
- ]
+ 'login*',
+ 'register',
+ 'auth/a/*',
+ 'logout']
],
],
'after' => [
'toolbar',
// 'honeypot',
+ // 'secureheaders',
],
];
@@ -72,14 +58,13 @@ class Filters extends BaseConfig
* particular HTTP method (GET, POST, etc.).
*
* Example:
- * 'post' => ['csrf', 'throttle']
+ * 'post' => ['foo', 'bar']
*
- * @var array
+ * If you use this, you should disable auto-routing because auto-routing
+ * permits any HTTP method to access a controller. Accessing the controller
+ * with a method you don't expect could bypass the filter.
*/
- public $methods = [
-// 'get' => ['throttler'],
-// 'post' => ['throttler']
- ];
+ public array $methods = [];
/**
* List of filter aliases that should run on any
@@ -87,21 +72,6 @@ class Filters extends BaseConfig
*
* Example:
* 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
- *
- * @var array
*/
- public $filters = [
- 'auth' => [
- 'before' => [
- 'api/user/*',
- 'api/user/'
- ],
- ],
- 'throttler' => [
- 'before' => [
- 'api/*',
- 'api/'
- ]
- ]
- ];
+ public array $filters = [];
}
diff --git a/ci4/app/Config/Kint.php b/ci4/app/Config/Kint.php
old mode 100755
new mode 100644
index bed7fecc..117e66d8
--- a/ci4/app/Config/Kint.php
+++ b/ci4/app/Config/Kint.php
@@ -3,7 +3,10 @@
namespace Config;
use CodeIgniter\Config\BaseConfig;
+use Kint\Parser\ConstructablePluginInterface;
use Kint\Renderer\AbstractRenderer;
+use Kint\Renderer\Rich\TabPluginInterface;
+use Kint\Renderer\Rich\ValuePluginInterface;
/**
* --------------------------------------------------------------------------
@@ -23,27 +26,32 @@ class Kint extends BaseConfig
|--------------------------------------------------------------------------
*/
+ /**
+ * @var list|ConstructablePluginInterface>|null
+ */
public $plugins;
- public $maxDepth = 6;
-
- public $displayCalledFrom = true;
-
- public $expanded = false;
+ public int $maxDepth = 6;
+ public bool $displayCalledFrom = true;
+ public bool $expanded = false;
/*
|--------------------------------------------------------------------------
| RichRenderer Settings
|--------------------------------------------------------------------------
*/
- public $richTheme = 'aante-light.css';
-
- public $richFolder = false;
-
- public $richSort = AbstractRenderer::SORT_FULL;
+ public string $richTheme = 'aante-light.css';
+ public bool $richFolder = false;
+ public int $richSort = AbstractRenderer::SORT_FULL;
+ /**
+ * @var array>|null
+ */
public $richObjectPlugins;
+ /**
+ * @var array>|null
+ */
public $richTabPlugins;
/*
@@ -51,11 +59,8 @@ class Kint extends BaseConfig
| CLI Settings
|--------------------------------------------------------------------------
*/
- public $cliColors = true;
-
- public $cliForceUTF8 = false;
-
- public $cliDetectWidth = true;
-
- public $cliMinWidth = 40;
+ public bool $cliColors = true;
+ public bool $cliForceUTF8 = false;
+ public bool $cliDetectWidth = true;
+ public int $cliMinWidth = 40;
}
diff --git a/ci4/app/Config/Publisher.php b/ci4/app/Config/Publisher.php
new file mode 100644
index 00000000..bf03be1d
--- /dev/null
+++ b/ci4/app/Config/Publisher.php
@@ -0,0 +1,28 @@
+
+ */
+ public $restrictions = [
+ ROOTPATH => '*',
+ FCPATH => '#\.(s?css|js|map|html?|xml|json|webmanifest|ttf|eot|woff2?|gif|jpe?g|tiff?|png|webp|bmp|ico|svg)$#i',
+ ];
+}
diff --git a/ci4/app/Config/Routes.php b/ci4/app/Config/Routes.php
index cd7334ff..e7ce008e 100755
--- a/ci4/app/Config/Routes.php
+++ b/ci4/app/Config/Routes.php
@@ -1,36 +1,13 @@
setDefaultNamespace('App\Controllers');
-$routes->setDefaultController('Home');
-$routes->setDefaultMethod('index');
-$routes->setTranslateURIDashes(false);
-$routes->set404Override();
-$routes->setAutoRoute(true);
-*/
-// Create a new instance of our RouteCollection class.
-$routes = Services::routes();
+//service('auth')->routes($routes, ['except' => ['login', 'register']]);
+service('auth')->routes($routes);
//WEB ROUTER ------------------------------------------------------
//------------------------------------------------------------------
diff --git a/ci4/app/Config/Routing.php b/ci4/app/Config/Routing.php
index bd091a65..c0234da8 100644
--- a/ci4/app/Config/Routing.php
+++ b/ci4/app/Config/Routing.php
@@ -87,7 +87,7 @@ class Routing extends BaseRouting
*
* If FALSE, will stop searching and do NO automatic routing.
*/
- public bool $autoRoute = true;
+ public bool $autoRoute = false;
/**
* If TRUE, will enable the use of the 'prioritize' option
diff --git a/ci4/app/Config/Toolbar.php b/ci4/app/Config/Toolbar.php
old mode 100755
new mode 100644
diff --git a/ci4/app/Database/Migrations/2023-04-22-074343_ChangeTablesNames.php b/ci4/app/Database/Migrations/2023-04-22-074343_ChangeTablesNames.php
deleted file mode 100755
index 0e0782ae..00000000
--- a/ci4/app/Database/Migrations/2023-04-22-074343_ChangeTablesNames.php
+++ /dev/null
@@ -1,45 +0,0 @@
-forge->renameTable('wg_activity', 'auth_activity');
- $this->forge->renameTable('wg_backup', 'auth_backup');
- $this->forge->renameTable('wg_confirmation_token', 'auth_confirmation_token');
- $this->forge->renameTable('wg_crontab_history', 'auth_crontab_history');
- $this->forge->renameTable('wg_notification', 'auth_notification');
- $this->forge->renameTable('wg_password_recovery', 'auth_password_recovery');
- $this->forge->renameTable('wg_settings', 'auth_settings');
- $this->forge->renameTable('wg_template', 'auth_template');
- $this->forge->renameTable('wg_theme', 'auth_theme');
- $this->forge->renameTable('wg_timezone', 'auth_timezone');
- $this->forge->renameTable('wg_user', 'auth_user');
- $this->forge->renameTable('wg_user_group', 'auth_user_group');
- $this->forge->renameTable('wg_user_group', 'auth_user_group');
- $this->forge->renameTable('wg_countries', 'auth_countries');
- $this->forge->renameTable('wg_currency', 'auth_currency');
- }
-
- public function down()
- {
- $this->forge->renameTable('auth_activity', 'wg_activity');
- $this->forge->renameTable('auth_backup', 'wg_backup');
- $this->forge->renameTable('auth_confirmation_token', 'wg_confirmation_token');
- $this->forge->renameTable('auth_crontab_history', 'wg_crontab_history');
- $this->forge->renameTable('wg_notification', 'auth_notification');
- $this->forge->renameTable('auth_password_recovery', 'wg_password_recovery');
- $this->forge->renameTable('auth_settings', 'wg_settings');
- $this->forge->renameTable('auth_template', 'wg_template');
- $this->forge->renameTable('auth_theme', 'wg_theme');
- $this->forge->renameTable('auth_timezone', 'wg_timezone');
- $this->forge->renameTable('auth_user', 'wg_user');
- $this->forge->renameTable('auth_user_group', 'wg_user_group');
- $this->forge->renameTable('auth_countries', 'wg_countries');
- $this->forge->renameTable('auth_currency', 'wg_currency');
- }
-}
diff --git a/ci4/app/Database/Migrations/2023-04-22-083118_CreateGroupUserTable.php b/ci4/app/Database/Migrations/2023-04-22-083118_CreateGroupUserTable.php
deleted file mode 100755
index 622f5229..00000000
--- a/ci4/app/Database/Migrations/2023-04-22-083118_CreateGroupUserTable.php
+++ /dev/null
@@ -1,33 +0,0 @@
- array(
- 'type' => 'VARCHAR',
- 'constraint' => 35
- ),
- 'token_group' => array(
- 'type' => 'VARCHAR',
- 'constraint' => 35
- )
- );
-
- $this->forge->addField($fields);
-
- // create table
- $this->forge->createTable('group_user');
- }
-
- public function down()
- {
- $this->forge->dropTable('group_user',TRUE);
- }
-}
diff --git a/ci4/app/Database/Migrations/2023-04-25-161753_RemoveGroupFromUser.php b/ci4/app/Database/Migrations/2023-04-25-161753_RemoveGroupFromUser.php
deleted file mode 100755
index ee72788e..00000000
--- a/ci4/app/Database/Migrations/2023-04-25-161753_RemoveGroupFromUser.php
+++ /dev/null
@@ -1,19 +0,0 @@
-forge->dropColumn('auth_user', ['group']);
- }
-
- public function down()
- {
- $sql = "ALTER TABLE `auth_user` ADD `group` varchar(216) COLLATE latin1_general_ci;";
- $this->db->query($sql);
- }
-}
diff --git a/ci4/app/Database/Migrations/2023_03_27_185500_DeleteOauthTables.php b/ci4/app/Database/Migrations/2023_03_27_185500_DeleteOauthTables.php
deleted file mode 100755
index 510986cb..00000000
--- a/ci4/app/Database/Migrations/2023_03_27_185500_DeleteOauthTables.php
+++ /dev/null
@@ -1,43 +0,0 @@
-forge->dropTable('wg_user_oauth');
- $this->forge->dropTable('wg_settings_oauth');
- }
-
- public function down()
- {
- $sql = "CREATE TABLE IF NOT EXISTS `wg_settings_oauth` (
- `id_oauth` int(11) NOT NULL AUTO_INCREMENT,
- `provider` enum('facebook','google','twitter','linkedin','github','instagram','slack','spotify','reddit','discord','dribbble','dropbox','gitlab','strava','tumblr','twitch','vkontakte','wordpress','yahoo','bitbucket','wechat') COLLATE latin1_general_ci NOT NULL,
- `key` varchar(200) COLLATE latin1_general_ci DEFAULT NULL,
- `secret` varchar(200) COLLATE latin1_general_ci DEFAULT NULL,
- `btn_class` varchar(50) COLLATE latin1_general_ci NOT NULL,
- `btn_text` varchar(50) COLLATE latin1_general_ci DEFAULT NULL,
- `show_text` tinyint(1) NOT NULL DEFAULT '0',
- `icon_class` varchar(50) COLLATE latin1_general_ci NOT NULL,
- `status` tinyint(1) NOT NULL DEFAULT '0',
- PRIMARY KEY (`id_oauth`)
- ) ENGINE=MyISAM AUTO_INCREMENT=22 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;";
- $this->db->query($sql);
-
- $sql = "CREATE TABLE IF NOT EXISTS `wg_user_oauth` (
- `id_user_oauth` int(11) NOT NULL AUTO_INCREMENT,
- `user` varchar(35) COLLATE latin1_general_ci NOT NULL,
- `provider` enum('facebook','google','twitter','linkedin','github','instagram','slack','spotify','reddit','discord','dribbble','dropbox','gitlab','strava','tumblr','twitch','vkontakte','wordpress','yahoo','bitbucket') COLLATE latin1_general_ci NOT NULL,
- `identifier` varchar(50) COLLATE latin1_general_ci NOT NULL,
- `picture` varchar(150) COLLATE latin1_general_ci NOT NULL,
- `created_at` timestamp NOT NULL,
- `updated_at` timestamp NOT NULL ON UPDATE CURRENT_TIMESTAMP,
- PRIMARY KEY (`id_user_oauth`)
- ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;";
- $this->db->query($sql);
- }
-}
\ No newline at end of file
diff --git a/ci4/app/Database/Migrations/2023_03_28_200000_DeleteSMSColumns.php b/ci4/app/Database/Migrations/2023_03_28_200000_DeleteSMSColumns.php
deleted file mode 100755
index 0246bac6..00000000
--- a/ci4/app/Database/Migrations/2023_03_28_200000_DeleteSMSColumns.php
+++ /dev/null
@@ -1,42 +0,0 @@
-forge->dropColumn('notification', ['is_send_sms', 'send_sms_notification']);
- $this->forge->dropColumn('settings', ['sms_gateway','sms_account_id', 'sms_auth_token', 'sms_info_add',
- 'sms_confirmation', 'send_sms_register', 'send_sms_welcome']);
- $this->forge->dropColumn('user', ['sms_confirmed']);
- }
-
- public function down()
- {
- $sql = "ALTER TABLE `wg_notification` ADD `is_send_sms` tinyint(1) NOT NULL DEFAULT '0';";
- $this->db->query($sql);
- $sql = "ALTER TABLE `wg_notification` ADD `send_sms_notification` tinyint(1) NOT NULL DEFAULT '0';";
- $this->db->query($sql);
-
- $sql = "ALTER TABLE `wg_settings` ADD `sms_gateway` enum('twilio') COLLATE latin1_general_ci NOT NULL DEFAULT 'twilio';";
- $this->db->query($sql);
- $sql = "ALTER TABLE `wg_settings` ADD `sms_account_id` varchar(255) COLLATE latin1_general_ci DEFAULT NULL;";
- $this->db->query($sql);
- $sql = "ALTER TABLE `wg_settings` ADD `sms_auth_token` varchar(255) COLLATE latin1_general_ci DEFAULT NULL;";
- $this->db->query($sql);
- $sql = "ALTER TABLE `wg_settings` ADD `sms_info_add` varchar(255) COLLATE latin1_general_ci DEFAULT NULL;";
- $this->db->query($sql);
- $sql = "ALTER TABLE `wg_settings` ADD `sms_confirmation` tinyint(1) NOT NULL DEFAULT '0';";
- $this->db->query($sql);
- $sql = "ALTER TABLE `wg_settings` ADD `send_sms_register` tinyint(1) NOT NULL DEFAULT '0';";
- $this->db->query($sql);
- $sql = "ALTER TABLE `wg_settings` ADD `send_sms_welcome` tinyint(1) NOT NULL DEFAULT '0';";
- $this->db->query($sql);
-
- $sql = "ALTER TABLE `wg_user` ADD `sms_confirmed` tinyint(4) NOT NULL DEFAULT '0';";
- $this->db->query($sql);
- }
-}
\ No newline at end of file
diff --git a/ci4/app/Filters/JWTAuthFilter.php b/ci4/app/Filters/JWTAuthFilter.php
deleted file mode 100755
index 9f9a5bdc..00000000
--- a/ci4/app/Filters/JWTAuthFilter.php
+++ /dev/null
@@ -1,28 +0,0 @@
-getServer('HTTP_AUTHORIZATION')));
- return $request;
- } catch (Exception $e) {
- return Services::response()->setJSON(['error' => $e->getMessage()])->setStatusCode(ResponseInterface::HTTP_UNAUTHORIZED);
- }
- }
-
- public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
- {
-
- }
-}
\ No newline at end of file
diff --git a/ci4/app/Filters/LoginAuthFilter.php b/ci4/app/Filters/LoginAuthFilter.php
index 6bfa7ab0..3e91a47c 100755
--- a/ci4/app/Filters/LoginAuthFilter.php
+++ b/ci4/app/Filters/LoginAuthFilter.php
@@ -12,7 +12,7 @@ class LoginAuthFilter implements FilterInterface
public function before(RequestInterface $request, $arguments = null)
{
try {
- if(!$this->validateIgnoreControllerAccess()){
+ /*if(!$this->validateIgnoreControllerAccess()){
$session = session();
$token = $session->get('token')??'';
$tfa = $session->get('tfa')??false;
@@ -24,7 +24,7 @@ class LoginAuthFilter implements FilterInterface
}else{
$this->validateControllerAccess();
}
- }
+ }*/
} catch (Exception $e) {
}
diff --git a/ci4/app/Filters/ThrottlerFilter.php b/ci4/app/Filters/ThrottlerFilter.php
deleted file mode 100755
index d7538ba0..00000000
--- a/ci4/app/Filters/ThrottlerFilter.php
+++ /dev/null
@@ -1,43 +0,0 @@
-getIPAddress();
- $settingsBase = new SettingsModel();
- $settings = $settingsBase->first()??[];
- if(!$settings['enable_api']){
- return Services::response()->setJSON(['error' => 'ApiRest is currently disabled.'])->setStatusCode(ResponseInterface::HTTP_UNAUTHORIZED);
- }
- if($settings['block_external_api']){
- if($ip != $settings['ip_allowed_api']??''){
- return Services::response()->setJSON(['error' => 'Endpoint access from external domains is not allowed.'])->setStatusCode(ResponseInterface::HTTP_UNAUTHORIZED);
- }
- if ($throttler->check($ip, 60, MINUTE) === false)
- {
- return Services::response()->setStatusCode(429);
- }
- }
- } catch (Exception $e) {
- return Services::response()->setJSON(['error' => $e->getMessage()])->setStatusCode(ResponseInterface::HTTP_UNAUTHORIZED);
- }
- }
-
- public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
- {
-
- }
-}
\ No newline at end of file
diff --git a/ci4/app/UserModel.php b/ci4/app/UserModel.php
new file mode 100644
index 00000000..4cae8741
--- /dev/null
+++ b/ci4/app/UserModel.php
@@ -0,0 +1,21 @@
+allowedFields = [
+ ...$this->allowedFields,
+
+ // 'first_name',
+ ];
+ }
+}
diff --git a/ci4/app/Views/Shield/Email/email_2fa_email.php b/ci4/app/Views/Shield/Email/email_2fa_email.php
new file mode 100644
index 00000000..c93d8e80
--- /dev/null
+++ b/ci4/app/Views/Shield/Email/email_2fa_email.php
@@ -0,0 +1,31 @@
+
+
+
+
+
+
+
+ <?= lang('Auth.email2FASubject') ?>
+
+
+
+
+