jjimenez/safekat
1
0
Fork 0
mirror of https://git.imnavajas.es/jjimenez/safekat.git synced 2025-07-25 22:52:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Modificiones para que funcione el Shield y updates

Browse Source
This commit is contained in:
imnavajas
2024-05-01 15:33:01 +02:00
parent f80d0dc52a
commit c78b3d8488
35 changed files with 1720 additions and 727 deletions
Download Patch File Download Diff File Expand all files Collapse all files

359
ci4/app/Config/App.php
View File

@ -11,19 +11,12 @@ class App extends BaseConfig
* Base Site URL
* --------------------------------------------------------------------------
*
* URL to your CodeIgniter root. Typically this will be your base URL,
* URL to your CodeIgniter root. Typically, this will be your base URL,
* WITH a trailing slash:
*
* http://example.com/
*
* If this is not set then CodeIgniter will try guess the protocol, domain
* and path to your installation. However, you should always configure this
* explicitly and never rely on auto-guessing, especially in production
* environments.
*
* @var string
* E.g., http://example.com/
*/
public $baseURL = '';
public string $baseURL = '';
/**
* Allowed Hostnames in the Site URL other than the hostname in the baseURL.
@ -43,33 +36,28 @@ class App extends BaseConfig
* Index File
* --------------------------------------------------------------------------
*
* Typically this will be your index.php file, unless you've renamed it to
* something else. If you are using mod_rewrite to remove the page set this
* variable so that it is blank.
*
* @var string
* Typically, this will be your `index.php` file, unless you've renamed it to
* something else. If you have configured your web server to remove this file
* from your site URIs, set this variable to an empty string.
*/
public $indexPage = '';
public string $indexPage = '';
/**
* --------------------------------------------------------------------------
* URI PROTOCOL
* --------------------------------------------------------------------------
*
* This item determines which getServer global should be used to retrieve the
* URI string. The default setting of 'REQUEST_URI' works for most servers.
* This item determines which server global should be used to retrieve the
* URI string. The default setting of 'REQUEST_URI' works for most servers.
* If your links do not seem to work, try one of the other delicious flavors:
*
* 'REQUEST_URI' Uses $_SERVER['REQUEST_URI']
* 'QUERY_STRING' Uses $_SERVER['QUERY_STRING']
* 'PATH_INFO' Uses $_SERVER['PATH_INFO']
* 'REQUEST_URI': Uses $_SERVER['REQUEST_URI']
* 'QUERY_STRING': Uses $_SERVER['QUERY_STRING']
* 'PATH_INFO': Uses $_SERVER['PATH_INFO']
*
* WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded!
*
* @var string
*/
public $uriProtocol = 'REQUEST_URI';
public string $uriProtocol = 'REQUEST_URI';
/**
* --------------------------------------------------------------------------
@ -80,10 +68,8 @@ class App extends BaseConfig
* is viewing the site from. It affects the language strings and other
* strings (like currency markers, numbers, etc), that your program
* should run under for this request.
*
* @var string
*/
public $defaultLocale = 'es';
public string $defaultLocale = 'es';
/**
* --------------------------------------------------------------------------
@ -94,10 +80,8 @@ class App extends BaseConfig
* language to use based on the value of the Accept-Language header.
*
* If false, no automatic detection will be performed.
*
* @var bool
*/
public $negotiateLocale = true;
public bool $negotiateLocale = false;
/**
* --------------------------------------------------------------------------
@ -108,9 +92,11 @@ class App extends BaseConfig
* by the application in descending order of priority. If no match is
* found, the first locale will be used.
*
* @var string[]
* IncomingRequest::setLocale() also uses this list.
*
* @var list<string>
*/
public $supportedLocales = ['en','es'];
public array $supportedLocales = ['en', 'es'];
/**
* --------------------------------------------------------------------------
@ -120,9 +106,10 @@ class App extends BaseConfig
* The default timezone that will be used in your application to display
* dates with the date helper, and can be retrieved through app_timezone()
*
* @var string
* @see https://www.php.net/manual/en/timezones.php for list of timezones
* supported by PHP.
*/
public $appTimezone = 'Europe/Madrid';
public string $appTimezone = 'Europe/Madrid';
/**
* --------------------------------------------------------------------------
@ -133,211 +120,20 @@ class App extends BaseConfig
* that require a character set to be provided.
*
* @see http://php.net/htmlspecialchars for a list of supported charsets.
*
* @var string
*/
public $charset = 'UTF-8';
public string $charset = 'UTF-8';
/**
* --------------------------------------------------------------------------
* URI PROTOCOL
* Force Global Secure Requests
* --------------------------------------------------------------------------
*
* If true, this will force every request made to this application to be
* made via a secure connection (HTTPS). If the incoming request is not
* secure, the user will be redirected to a secure version of the page
* and the HTTP Strict Transport Security header will be set.
*
* @var bool
* and the HTTP Strict Transport Security (HSTS) header will be set.
*/
public $forceGlobalSecureRequests = false;
/**
* --------------------------------------------------------------------------
* Session Driver
* --------------------------------------------------------------------------
*
* The session storage driver to use:
* - `CodeIgniter\Session\Handlers\FileHandler`
* - `CodeIgniter\Session\Handlers\DatabaseHandler`
* - `CodeIgniter\Session\Handlers\MemcachedHandler`
* - `CodeIgniter\Session\Handlers\RedisHandler`
*
* @var string
*/
public $sessionDriver = 'CodeIgniter\Session\Handlers\FileHandler';
/**
* --------------------------------------------------------------------------
* Session Cookie Name
* --------------------------------------------------------------------------
*
* The session cookie name, must contain only [0-9a-z_-] characters
*
* @var string
*/
public $sessionCookieName = 'ci_session';
/**
* --------------------------------------------------------------------------
* Session Expiration
* --------------------------------------------------------------------------
*
* The number of SECONDS you want the session to last.
* Setting to 0 (zero) means expire when the browser is closed.
*
* @var int
*/
public $sessionExpiration = 7200;
/**
* --------------------------------------------------------------------------
* Session Save Path
* --------------------------------------------------------------------------
*
* The location to save sessions to and is driver dependent.
*
* For the 'files' driver, it's a path to a writable directory.
* WARNING: Only absolute paths are supported!
*
* For the 'database' driver, it's a table name.
* Please read up the manual for the format with other session drivers.
*
* IMPORTANT: You are REQUIRED to set a valid save path!
*
* @var string
*/
public $sessionSavePath = WRITEPATH . 'session';
/**
* --------------------------------------------------------------------------
* Session Match IP
* --------------------------------------------------------------------------
*
* Whether to match the user's IP address when reading the session data.
*
* WARNING: If you're using the database driver, don't forget to update
* your session table's PRIMARY KEY when changing this setting.
*
* @var bool
*/
public $sessionMatchIP = false;
/**
* --------------------------------------------------------------------------
* Session Time to Update
* --------------------------------------------------------------------------
*
* How many seconds between CI regenerating the session ID.
*
* @var int
*/
public $sessionTimeToUpdate = 300;
/**
* --------------------------------------------------------------------------
* Session Regenerate Destroy
* --------------------------------------------------------------------------
*
* Whether to destroy session data associated with the old session ID
* when auto-regenerating the session ID. When set to FALSE, the data
* will be later deleted by the garbage collector.
*
* @var bool
*/
public $sessionRegenerateDestroy = false;
/**
* --------------------------------------------------------------------------
* Cookie Prefix
* --------------------------------------------------------------------------
*
* Set a cookie name prefix if you need to avoid collisions.
*
* @var string
*
* @deprecated use Config\Cookie::$prefix property instead.
*/
public $cookiePrefix = '';
/**
* --------------------------------------------------------------------------
* Cookie Domain
* --------------------------------------------------------------------------
*
* Set to `.your-domain.com` for site-wide cookies.
*
* @var string
*
* @deprecated use Config\Cookie::$domain property instead.
*/
public $cookieDomain = '';
/**
* --------------------------------------------------------------------------
* Cookie Path
* --------------------------------------------------------------------------
*
* Typically will be a forward slash.
*
* @var string
*
* @deprecated use Config\Cookie::$path property instead.
*/
public $cookiePath = '/';
/**
* --------------------------------------------------------------------------
* Cookie Secure
* --------------------------------------------------------------------------
*
* Cookie will only be set if a secure HTTPS connection exists.
*
* @var bool
*
* @deprecated use Config\Cookie::$secure property instead.
*/
public $cookieSecure = false;
/**
* --------------------------------------------------------------------------
* Cookie HttpOnly
* --------------------------------------------------------------------------
*
* Cookie will only be accessible via HTTP(S) (no JavaScript).
*
* @var bool
*
* @deprecated use Config\Cookie::$httponly property instead.
*/
public $cookieHTTPOnly = true;
/**
* --------------------------------------------------------------------------
* Cookie SameSite
* --------------------------------------------------------------------------
*
* Configure cookie SameSite setting. Allowed values are:
* - None
* - Lax
* - Strict
* - ''
*
* Alternatively, you can use the constant names:
* - `Cookie::SAMESITE_NONE`
* - `Cookie::SAMESITE_LAX`
* - `Cookie::SAMESITE_STRICT`
*
* Defaults to `Lax` for compatibility with modern browsers. Setting `''`
* (empty string) means default SameSite attribute set by browsers (`Lax`)
* will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
*
* @var string
*
* @deprecated use Config\Cookie::$samesite property instead.
*/
public $cookieSameSite = 'Lax';
public bool $forceGlobalSecureRequests = false;
/**
* --------------------------------------------------------------------------
@ -362,104 +158,6 @@ class App extends BaseConfig
*/
public array $proxyIPs = [];
/**
* --------------------------------------------------------------------------
* CSRF Token Name
* --------------------------------------------------------------------------
*
* The token name.
*
* @deprecated Use `Config\Security` $tokenName property instead of using this property.
*
* @var string
*/
public $CSRFTokenName = 'csrf_test_name';
/**
* --------------------------------------------------------------------------
* CSRF Header Name
* --------------------------------------------------------------------------
*
* The header name.
*
* @deprecated Use `Config\Security` $headerName property instead of using this property.
*
* @var string
*/
public $CSRFHeaderName = 'X-CSRF-TOKEN';
/**
* --------------------------------------------------------------------------
* CSRF Cookie Name
* --------------------------------------------------------------------------
*
* The cookie name.
*
* @deprecated Use `Config\Security` $cookieName property instead of using this property.
*
* @var string
*/
public $CSRFCookieName = 'csrf_cookie_name';
/**
* --------------------------------------------------------------------------
* CSRF Expire
* --------------------------------------------------------------------------
*
* The number in seconds the token should expire.
*
* @deprecated Use `Config\Security` $expire property instead of using this property.
*
* @var int
*/
public $CSRFExpire = 7200;
/**
* --------------------------------------------------------------------------
* CSRF Regenerate
* --------------------------------------------------------------------------
*
* Regenerate token on every submission?
*
* @deprecated Use `Config\Security` $regenerate property instead of using this property.
*
* @var bool
*/
public $CSRFRegenerate = true;
/**
* --------------------------------------------------------------------------
* CSRF Redirect
* --------------------------------------------------------------------------
*
* Redirect to previous page with error on failure?
*
* @deprecated Use `Config\Security` $redirect property instead of using this property.
*
* @var bool
*/
public $CSRFRedirect = true;
/**
* --------------------------------------------------------------------------
* CSRF SameSite
* --------------------------------------------------------------------------
*
* Setting for CSRF SameSite cookie token. Allowed values are:
* - None
* - Lax
* - Strict
* - ''
*
* Defaults to `Lax` as recommended in this link:
*
* @see https://portswigger.net/web-security/csrf/samesite-cookies
* @deprecated Use `Config\Security` $samesite property instead of using this property.
*
* @var string
*/
public $CSRFSameSite = 'Lax';
/**
* --------------------------------------------------------------------------
* Content Security Policy
@ -475,9 +173,6 @@ class App extends BaseConfig
*
* @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
* @see http://www.w3.org/TR/CSP/
*
* @var bool
*/
public $CSPEnabled = false;
public bool $CSPEnabled = false;
}

529
ci4/app/Config/Auth.php Normal file
View File

@ -0,0 +1,529 @@
<?php
declare(strict_types=1);
/**
* This file is part of CodeIgniter Shield.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Config;
use CodeIgniter\Shield\Config\Auth as ShieldAuth;
use CodeIgniter\Shield\Authentication\Actions\ActionInterface;
use CodeIgniter\Shield\Authentication\AuthenticatorInterface;
use CodeIgniter\Shield\Authentication\Authenticators\AccessTokens;
use CodeIgniter\Shield\Authentication\Authenticators\HmacSha256;
use CodeIgniter\Shield\Authentication\Authenticators\JWT;
use CodeIgniter\Shield\Authentication\Authenticators\Session;
use CodeIgniter\Shield\Authentication\Passwords\CompositionValidator;
use CodeIgniter\Shield\Authentication\Passwords\DictionaryValidator;
use CodeIgniter\Shield\Authentication\Passwords\NothingPersonalValidator;
use CodeIgniter\Shield\Authentication\Passwords\PwnedValidator;
use CodeIgniter\Shield\Authentication\Passwords\ValidatorInterface;
use CodeIgniter\Shield\Models\UserModel;
class Auth extends ShieldAuth
{
/**
* ////////////////////////////////////////////////////////////////////
* AUTHENTICATION
* ////////////////////////////////////////////////////////////////////
*/
// Constants for Record Login Attempts. Do not change.
public const RECORD_LOGIN_ATTEMPT_NONE = 0; // Do not record at all
public const RECORD_LOGIN_ATTEMPT_FAILURE = 1; // Record only failures
public const RECORD_LOGIN_ATTEMPT_ALL = 2; // Record all login attempts
/**
* --------------------------------------------------------------------
* View files
* --------------------------------------------------------------------
*/
public array $views = [
'login' => '\App\Views\Shield\login',
'register' => '\App\Views\Shield\register',
'layout' => '\App\Views\Shield\layout',
'action_email_2fa' => '\CodeIgniter\Shield\Views\email_2fa_show',
'action_email_2fa_verify' => '\CodeIgniter\Shield\Views\email_2fa_verify',
'action_email_2fa_email' => '\CodeIgniter\Shield\Views\Email\email_2fa_email',
'action_email_activate_show' => '\CodeIgniter\Shield\Views\email_activate_show',
'action_email_activate_email' => '\CodeIgniter\Shield\Views\Email\email_activate_email',
'magic-link-login' => '\App\Views\Shield\magic_link_form',
'magic-link-message' => '\CodeIgniter\Shield\Views\magic_link_message',
'magic-link-email' => '\CodeIgniter\Shield\Views\Email\magic_link_email',
];
/**
* --------------------------------------------------------------------
* Redirect URLs
* --------------------------------------------------------------------
* The default URL that a user will be redirected to after various auth
* actions. This can be either of the following:
*
* 1. An absolute URL. E.g. http://example.com OR https://example.com
* 2. A named route that can be accessed using `route_to()` or `url_to()`
* 3. A URI path within the application. e.g 'admin', 'login', 'expath'
*
* If you need more flexibility you can override the `getUrl()` method
* to apply any logic you may need.
*/
public array $redirects = [
'register' => '/',
'login' => '/',
'logout' => 'login',
'force_reset' => '/',
'permission_denied' => '/',
'group_denied' => '/',
];
/**
* --------------------------------------------------------------------
* Authentication Actions
* --------------------------------------------------------------------
* Specifies the class that represents an action to take after
* the user logs in or registers a new account at the site.
*
* You must register actions in the order of the actions to be performed.
*
* Available actions with Shield:
* - register: \CodeIgniter\Shield\Authentication\Actions\EmailActivator::class
* - login: \CodeIgniter\Shield\Authentication\Actions\Email2FA::class
*
* @var array<string, class-string<ActionInterface>|null>
*/
public array $actions = [
'register' => null,
'login' => null,
];
/**
* --------------------------------------------------------------------
* Authenticators
* --------------------------------------------------------------------
* The available authentication systems, listed
* with alias and class name. These can be referenced
* by alias in the auth helper:
* auth('tokens')->attempt($credentials);
*
* @var array<string, class-string<AuthenticatorInterface>>
*/
public array $authenticators = [
'tokens' => AccessTokens::class,
'session' => Session::class,
'hmac' => HmacSha256::class,
// 'jwt' => JWT::class,
];
/**
* --------------------------------------------------------------------
* Default Authenticator
* --------------------------------------------------------------------
* The Authenticator to use when none is specified.
* Uses the $key from the $authenticators array above.
*/
public string $defaultAuthenticator = 'session';
/**
* --------------------------------------------------------------------
* Authentication Chain
* --------------------------------------------------------------------
* The Authenticators to test logged in status against
* when using the 'chain' filter. Each Authenticator listed will be checked.
* If no match is found, then the next in the chain will be checked.
*
* @var string[]
* @phpstan-var list<string>
*/
public array $authenticationChain = [
'session',
'tokens',
'hmac',
// 'jwt',
];
/**
* --------------------------------------------------------------------
* Allow Registration
* --------------------------------------------------------------------
* Determines whether users can register for the site.
*/
public bool $allowRegistration = true;
/**
* --------------------------------------------------------------------
* Record Last Active Date
* --------------------------------------------------------------------
* If true, will always update the `last_active` datetime for the
* logged-in user on every page request.
* This feature only works when session/tokens filter is active.
*
* @see https://codeigniter4.github.io/shield/quick_start_guide/using_session_auth/#protecting-pages for set filters.
*/
public bool $recordActiveDate = true;
/**
* --------------------------------------------------------------------
* Allow Magic Link Logins
* --------------------------------------------------------------------
* If true, will allow the use of "magic links" sent via the email
* as a way to log a user in without the need for a password.
* By default, this is used in place of a password reset flow, but
* could be modified as the only method of login once an account
* has been set up.
*/
public bool $allowMagicLinkLogins = true;
/**
* --------------------------------------------------------------------
* Magic Link Lifetime
* --------------------------------------------------------------------
* Specifies the amount of time, in seconds, that a magic link is valid.
* You can use Time Constants or any desired number.
*/
public int $magicLinkLifetime = HOUR;
/**
* --------------------------------------------------------------------
* Session Authenticator Configuration
* --------------------------------------------------------------------
* These settings only apply if you are using the Session Authenticator
* for authentication.
*
* - field The name of the key the current user info is stored in session
* - allowRemembering Does the system allow use of "remember-me"
* - rememberCookieName The name of the cookie to use for "remember-me"
* - rememberLength The length of time, in seconds, to remember a user.
*
* @var array<string, bool|int|string>
*/
public array $sessionConfig = [
'field' => 'user',
'allowRemembering' => true,
'rememberCookieName' => 'remember',
'rememberLength' => 30 * DAY,
];
/**
* --------------------------------------------------------------------
* The validation rules for username
* --------------------------------------------------------------------
*
* Do not use string rules like `required|valid_email`.
*
* @var array<string, array<int, string>|string>
*/
public array $usernameValidationRules = [
'label' => 'Auth.username',
'rules' => [
'required',
'max_length[30]',
'min_length[3]',
'regex_match[/\A[a-zA-Z0-9\.]+\z/]',
],
];
/**
* --------------------------------------------------------------------
* The validation rules for email
* --------------------------------------------------------------------
*
* Do not use string rules like `required|valid_email`.
*
* @var array<string, array<int, string>|string>
*/
public array $emailValidationRules = [
'label' => 'Auth.email',
'rules' => [
'required',
'max_length[254]',
'valid_email',
],
];
/**
* --------------------------------------------------------------------
* Minimum Password Length
* --------------------------------------------------------------------
* The minimum length that a password must be to be accepted.
* Recommended minimum value by NIST = 8 characters.
*/
public int $minimumPasswordLength = 8;
/**
* --------------------------------------------------------------------
* Password Check Helpers
* --------------------------------------------------------------------
* The PasswordValidator class runs the password through all of these
* classes, each getting the opportunity to pass/fail the password.
* You can add custom classes as long as they adhere to the
* CodeIgniter\Shield\Authentication\Passwords\ValidatorInterface.
*
* @var class-string<ValidatorInterface>[]
*/
public array $passwordValidators = [
CompositionValidator::class,
NothingPersonalValidator::class,
DictionaryValidator::class,
// PwnedValidator::class,
];
/**
* --------------------------------------------------------------------
* Valid login fields
* --------------------------------------------------------------------
* Fields that are available to be used as credentials for login.
*/
public array $validFields = [
'email',
// 'username',
];
/**
* --------------------------------------------------------------------
* Additional Fields for "Nothing Personal"
* --------------------------------------------------------------------
* The NothingPersonalValidator prevents personal information from
* being used in passwords. The email and username fields are always
* considered by the validator. Do not enter those field names here.
*
* An extended User Entity might include other personal info such as
* first and/or last names. $personalFields is where you can add
* fields to be considered as "personal" by the NothingPersonalValidator.
* For example:
* $personalFields = ['firstname', 'lastname'];
*/
public array $personalFields = [];
/**
* --------------------------------------------------------------------
* Password / Username Similarity
* --------------------------------------------------------------------
* Among other things, the NothingPersonalValidator checks the
* amount of sameness between the password and username.
* Passwords that are too much like the username are invalid.
*
* The value set for $maxSimilarity represents the maximum percentage
* of similarity at which the password will be accepted. In other words, any
* calculated similarity equal to, or greater than $maxSimilarity
* is rejected.
*
* The accepted range is 0-100, with 0 (zero) meaning don't check similarity.
* Using values at either extreme of the *working range* (1-100) is
* not advised. The low end is too restrictive and the high end is too permissive.
* The suggested value for $maxSimilarity is 50.
*
* You may be thinking that a value of 100 should have the effect of accepting
* everything like a value of 0 does. That's logical and probably true,
* but is unproven and untested. Besides, 0 skips the work involved
* making the calculation unlike when using 100.
*
* The (admittedly limited) testing that's been done suggests a useful working range
* of 50 to 60. You can set it lower than 50, but site users will probably start
* to complain about the large number of proposed passwords getting rejected.
* At around 60 or more it starts to see pairs like 'captain joe' and 'joe*captain' as
* perfectly acceptable which clearly they are not.
*
* To disable similarity checking set the value to 0.
* public $maxSimilarity = 0;
*/
public int $maxSimilarity = 50;
/**
* --------------------------------------------------------------------
* Hashing Algorithm to use
* --------------------------------------------------------------------
* Valid values are
* - PASSWORD_DEFAULT (default)
* - PASSWORD_BCRYPT
* - PASSWORD_ARGON2I - As of PHP 7.2 only if compiled with support for it
* - PASSWORD_ARGON2ID - As of PHP 7.3 only if compiled with support for it
*/
public string $hashAlgorithm = PASSWORD_DEFAULT;
/**
* --------------------------------------------------------------------
* ARGON2I/ARGON2ID Algorithm options
* --------------------------------------------------------------------
* The ARGON2I method of hashing allows you to define the "memory_cost",
* the "time_cost" and the number of "threads", whenever a password hash is
* created.
*/
public int $hashMemoryCost = 65536; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST;
public int $hashTimeCost = 4; // PASSWORD_ARGON2_DEFAULT_TIME_COST;
public int $hashThreads = 1; // PASSWORD_ARGON2_DEFAULT_THREADS;
/**
* --------------------------------------------------------------------
* BCRYPT Algorithm options
* --------------------------------------------------------------------
* The BCRYPT method of hashing allows you to define the "cost"
* or number of iterations made, whenever a password hash is created.
* This defaults to a value of 12 which is an acceptable number.
* However, depending on the security needs of your application
* and the power of your hardware, you might want to increase the
* cost. This makes the hashing process takes longer.
*
* Valid range is between 4 - 31.
*/
public int $hashCost = 12;
/**
* ////////////////////////////////////////////////////////////////////
* OTHER SETTINGS
* ////////////////////////////////////////////////////////////////////
*/
/**
* --------------------------------------------------------------------
* Customize the DB group used for each model
* --------------------------------------------------------------------
*/
public ?string $DBGroup = null;
/**
* --------------------------------------------------------------------
* Customize Name of Shield Tables
* --------------------------------------------------------------------
* Only change if you want to rename the default Shield table names
*
* It may be necessary to change the names of the tables for
* security reasons, to prevent the conflict of table names,
* the internal policy of the companies or any other reason.
*
* - users Auth Users Table, the users info is stored.
* - auth_identities Auth Identities Table, Used for storage of passwords, access tokens, social login identities, etc.
* - auth_logins Auth Login Attempts, Table records login attempts.
* - auth_token_logins Auth Token Login Attempts Table, Records Bearer Token type login attempts.
* - auth_remember_tokens Auth Remember Tokens (remember-me) Table.
* - auth_groups_users Groups Users Table.
* - auth_permissions_users Users Permissions Table.
*
* @var array<string, string>
*/
public array $tables = [
'users' => 'users',
'identities' => 'auth_identities',
'logins' => 'auth_logins',
'token_logins' => 'auth_token_logins',
'remember_tokens' => 'auth_remember_tokens',
'groups_users' => 'auth_groups_users',
'permissions_users' => 'auth_permissions_users',
];
/**
* --------------------------------------------------------------------
* User Provider
* --------------------------------------------------------------------
* The name of the class that handles user persistence.
* By default, this is the included UserModel, which
* works with any of the database engines supported by CodeIgniter.
* You can change it as long as they adhere to the
* CodeIgniter\Shield\Models\UserModel.
*
* @var class-string<UserModel>
*/
public string $userProvider = UserModel::class;
/**
* Returns the URL that a user should be redirected
* to after a successful login.
*/
public function loginRedirect(): string
{
$session = session();
$url = $session->getTempdata('beforeLoginUrl') ?? setting('Auth.redirects')['login'];
return $this->getUrl($url);
}
/**
* Returns the URL that a user should be redirected
* to after they are logged out.
*/
public function logoutRedirect(): string
{
$url = setting('Auth.redirects')['logout'];
return $this->getUrl($url);
}
/**
* Returns the URL the user should be redirected to
* after a successful registration.
*/
public function registerRedirect(): string
{
$url = setting('Auth.redirects')['register'];
return $this->getUrl($url);
}
/**
* Returns the URL the user should be redirected to
* if force_reset identity is set to true.
*/
public function forcePasswordResetRedirect(): string
{
$url = setting('Auth.redirects')['force_reset'];
return $this->getUrl($url);
}
/**
* Returns the URL the user should be redirected to
* if permission denied.
*/
public function permissionDeniedRedirect(): string
{
$url = setting('Auth.redirects')['permission_denied'];
return $this->getUrl($url);
}
/**
* Returns the URL the user should be redirected to
* if group denied.
*/
public function groupDeniedRedirect(): string
{
$url = setting('Auth.redirects')['group_denied'];
return $this->getUrl($url);
}
/**
* Accepts a string which can be an absolute URL or
* a named route or just a URI path, and returns the
* full path.
*
* @param string $url an absolute URL or a named route or just URI path
*/
protected function getUrl(string $url): string
{
// To accommodate all url patterns
$final_url = '';
switch (true) {
case strpos($url, 'http://') === 0 || strpos($url, 'https://') === 0: // URL begins with 'http' or 'https'. E.g. http://example.com
$final_url = $url;
break;
case route_to($url) !== false: // URL is a named-route
$final_url = rtrim(url_to($url), '/ ');
break;
default: // URL is a route (URI path)
$final_url = rtrim(site_url($url), '/ ');
break;
}
return $final_url;
}
}

120
ci4/app/Config/AuthGroups.php Normal file
View File

@ -0,0 +1,120 @@
<?php
declare(strict_types=1);
/**
* This file is part of CodeIgniter Shield.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Config;
use CodeIgniter\Shield\Config\AuthGroups as ShieldAuthGroups;
class AuthGroups extends ShieldAuthGroups
{
/**
* --------------------------------------------------------------------
* Default Group
* --------------------------------------------------------------------
* The group that a newly registered user is added to.
*/
public string $defaultGroup = 'user';
/**
* --------------------------------------------------------------------
* Groups
* --------------------------------------------------------------------
* An associative array of the available groups in the system, where the keys
* are the group names and the values are arrays of the group info.
*
* Whatever value you assign as the key will be used to refer to the group
* when using functions such as:
* $user->addGroup('superadmin');
*
* @var array<string, array<string, string>>
*
* @see https://codeigniter4.github.io/shield/quick_start_guide/using_authorization/#change-available-groups for more info
*/
public array $groups = [
'superadmin' => [
'title' => 'Super Admin',
'description' => 'Complete control of the site.',
],
'admin' => [
'title' => 'Admin',
'description' => 'Day to day administrators of the site.',
],
'developer' => [
'title' => 'Developer',
'description' => 'Site programmers.',
],
'user' => [
'title' => 'User',
'description' => 'General users of the site. Often customers.',
],
'beta' => [
'title' => 'Beta User',
'description' => 'Has access to beta-level features.',
],
];
/**
* --------------------------------------------------------------------
* Permissions
* --------------------------------------------------------------------
* The available permissions in the system.
*
* If a permission is not listed here it cannot be used.
*/
public array $permissions = [
'admin.access' => 'Can access the sites admin area',
'admin.settings' => 'Can access the main site settings',
'users.manage-admins' => 'Can manage other admins',
'users.list' => 'Can list user stuff',
'users.create' => 'Can create new non-admin users',
'users.edit' => 'Can edit existing non-admin users',
'users.delete' => 'Can delete existing non-admin users',
'beta.access' => 'Can access beta-level features',
];
/**
* --------------------------------------------------------------------
* Permissions Matrix
* --------------------------------------------------------------------
* Maps permissions to groups.
*
* This defines group-level permissions.
*/
public array $matrix = [
"superadmin"=> [
"admin.*",
"users.*",
"beta.*"
],
"admin"=> [
"admin.access",
"users.create",
"users.edit",
"users.delete",
"beta.access"
],
"developer"=> [
"admin.access",
"admin.settings",
"users.create",
"users.edit",
"beta.access"
],
"user"=> [
"users.list"
],
"beta"=> [
"beta.access"
]
];
}

138
ci4/app/Config/AuthToken.php Normal file
View File

@ -0,0 +1,138 @@
<?php
declare(strict_types=1);
/**
* This file is part of CodeIgniter Shield.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Config;
use CodeIgniter\Shield\Config\AuthToken as ShieldAuthToken;
/**
* Configuration for Token Auth and HMAC Auth
*/
class AuthToken extends ShieldAuthToken
{
/**
* --------------------------------------------------------------------
* Record Login Attempts for Token Auth and HMAC Auth
* --------------------------------------------------------------------
* Specify which login attempts are recorded in the database.
*
* Valid values are:
* - Auth::RECORD_LOGIN_ATTEMPT_NONE
* - Auth::RECORD_LOGIN_ATTEMPT_FAILURE
* - Auth::RECORD_LOGIN_ATTEMPT_ALL
*/
public int $recordLoginAttempt = Auth::RECORD_LOGIN_ATTEMPT_FAILURE;
/**
* --------------------------------------------------------------------
* Name of Authenticator Header
* --------------------------------------------------------------------
* The name of Header that the Authorization token should be found.
* According to the specs, this should be `Authorization`, but rare
* circumstances might need a different header.
*/
public array $authenticatorHeader = [
'tokens' => 'Authorization',
'hmac' => 'Authorization',
];
/**
* --------------------------------------------------------------------
* Unused Token Lifetime for Token Auth and HMAC Auth
* --------------------------------------------------------------------
* Determines the amount of time, in seconds, that an unused token can
* be used.
*/
public int $unusedTokenLifetime = YEAR;
/**
* --------------------------------------------------------------------
* Secret2 storage character limit
* --------------------------------------------------------------------
* Database size limit for the identities 'secret2' field.
*/
public int $secret2StorageLimit = 255;
/**
* --------------------------------------------------------------------
* HMAC secret key byte size
* --------------------------------------------------------------------
* Specify in integer the desired byte size of the
* HMAC SHA256 byte size
*/
public int $hmacSecretKeyByteSize = 32;
/**
* --------------------------------------------------------------------
* HMAC encryption Keys
* --------------------------------------------------------------------
* This sets the key to be used when encrypting a user's HMAC Secret Key.
*
* 'keys' is an array of keys which will facilitate key rotation. Valid
* keyTitles must include only [a-zA-Z0-9_] and should be kept to a
* max of 8 characters.
*
* Each keyTitle is an associative array containing the required 'key'
* value, and the optional 'driver' and 'digest' values. If the
* 'driver' and 'digest' values are not specified, the default 'driver'
* and 'digest' values will be used.
*
* Old keys will are used to decrypt existing Secret Keys. It is encouraged
* to run 'php spark shield:hmac reencrypt' to update existing Secret
* Key encryptions.
*
* @see https://codeigniter.com/user_guide/libraries/encryption.html
*
* @var array<string, array{key: string, driver?: string, digest?: string}>|string
*
* NOTE: The value becomes temporarily a string when setting value as JSON
* from environment variable.
*
* [key_name => ['key' => key_value]]
* or [key_name => ['key' => key_value, 'driver' => driver, 'digest' => digest]]
*/
public $hmacEncryptionKeys = [
'k1' => [
'key' => '',
],
];
/**
* --------------------------------------------------------------------
* HMAC Current Encryption Key Selector
* --------------------------------------------------------------------
* This specifies which of the encryption keys should be used.
*/
public string $hmacEncryptionCurrentKey = 'k1';
/**
* --------------------------------------------------------------------
* HMAC Encryption Key Driver
* --------------------------------------------------------------------
* This specifies which of the encryption drivers should be used.
*
* Available drivers:
* - OpenSSL
* - Sodium
*/
public string $hmacEncryptionDefaultDriver = 'OpenSSL';
/**
* --------------------------------------------------------------------
* HMAC Encryption Key Driver
* --------------------------------------------------------------------
* THis specifies the type of encryption to be used.
* e.g. 'SHA512' or 'SHA256'.
*/
public string $hmacEncryptionDefaultDigest = 'SHA512';
}

13
ci4/app/Config/Autoload.php
View File

@ -85,4 +85,17 @@ class Autoload extends AutoloadConfig
* @var array<int, string>
*/
public $files = [];
/**
* -------------------------------------------------------------------
* Helpers
* -------------------------------------------------------------------
* Prototype:
* $helpers = [
* 'form',
* ];
*
* @var list<string>
*/
public $helpers = ['auth', 'setting'];
}

82
ci4/app/Config/Filters.php
View File

@ -2,13 +2,13 @@
namespace Config;
use App\Filters\JWTAuthFilter;
use App\Filters\LoginAuthFilter;
use App\Filters\ThrottlerFilter;
use CodeIgniter\Config\BaseConfig;
use CodeIgniter\Filters\CSRF;
use CodeIgniter\Filters\DebugToolbar;
use CodeIgniter\Filters\Honeypot;
use CodeIgniter\Filters\InvalidChars;
use CodeIgniter\Filters\SecureHeaders;
class Filters extends BaseConfig
{
@ -16,54 +16,40 @@ class Filters extends BaseConfig
* Configures aliases for Filter classes to
* make reading things nicer and simpler.
*
* @var array
* @var array<string, class-string|list<class-string>> [filter_name => classname]
* or [filter_name => [classname1, classname2, ...]]
*/
public $aliases = [
'csrf' => CSRF::class,
'toolbar' => DebugToolbar::class,
public array $aliases = [
'csrf' => CSRF::class,
'toolbar' => DebugToolbar::class,
'honeypot' => Honeypot::class,
'auth' => JWTAuthFilter::class,
'throttler' => ThrottlerFilter::class,
'login' => LoginAuthFilter::class,
'invalidchars' => InvalidChars::class,
'secureheaders' => SecureHeaders::class,
];
/**
* List of filter aliases that are always
* applied before and after every request.
*
* @var array
* @var array<string, array<string, array<string, string>>>|array<string, list<string>>
*/
public $globals = [
public array $globals = [
'before' => [
'login' => [
'except' => [
'login',
'login/*',
'oauth',
'oauth/*',
'api',
'api/*',
'cron',
'cron/*',
'lang',
'lang/*',
'language',
'language/*',
'integration',
'integration/*'
]
],
// 'honeypot',
'csrf' => [
// 'csrf',
// 'invalidchars',
'session' => [
'except' => [
'api',
'api/*'
]
'login*',
'register',
'auth/a/*',
'logout']
],
],
'after' => [
'toolbar',
// 'honeypot',
// 'secureheaders',
],
];
@ -72,14 +58,13 @@ class Filters extends BaseConfig
* particular HTTP method (GET, POST, etc.).
*
* Example:
* 'post' => ['csrf', 'throttle']
* 'post' => ['foo', 'bar']
*
* @var array
* If you use this, you should disable auto-routing because auto-routing
* permits any HTTP method to access a controller. Accessing the controller
* with a method you don't expect could bypass the filter.
*/
public $methods = [
// 'get' => ['throttler'],
// 'post' => ['throttler']
];
public array $methods = [];
/**
* List of filter aliases that should run on any
@ -87,21 +72,6 @@ class Filters extends BaseConfig
*
* Example:
* 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
*
* @var array
*/
public $filters = [
'auth' => [
'before' => [
'api/user/*',
'api/user/'
],
],
'throttler' => [
'before' => [
'api/*',
'api/'
]
]
];
public array $filters = [];
}

39
ci4/app/Config/Kint.php Executable file → Normal file
View File

@ -3,7 +3,10 @@
namespace Config;
use CodeIgniter\Config\BaseConfig;
use Kint\Parser\ConstructablePluginInterface;
use Kint\Renderer\AbstractRenderer;
use Kint\Renderer\Rich\TabPluginInterface;
use Kint\Renderer\Rich\ValuePluginInterface;
/**
* --------------------------------------------------------------------------
@ -23,27 +26,32 @@ class Kint extends BaseConfig
|--------------------------------------------------------------------------
*/
/**
* @var list<class-string<ConstructablePluginInterface>|ConstructablePluginInterface>|null
*/
public $plugins;
public $maxDepth = 6;
public $displayCalledFrom = true;
public $expanded = false;
public int $maxDepth = 6;
public bool $displayCalledFrom = true;
public bool $expanded = false;
/*
|--------------------------------------------------------------------------
| RichRenderer Settings
|--------------------------------------------------------------------------
*/
public $richTheme = 'aante-light.css';
public $richFolder = false;
public $richSort = AbstractRenderer::SORT_FULL;
public string $richTheme = 'aante-light.css';
public bool $richFolder = false;
public int $richSort = AbstractRenderer::SORT_FULL;
/**
* @var array<string, class-string<ValuePluginInterface>>|null
*/
public $richObjectPlugins;
/**
* @var array<string, class-string<TabPluginInterface>>|null
*/
public $richTabPlugins;
/*
@ -51,11 +59,8 @@ class Kint extends BaseConfig
| CLI Settings
|--------------------------------------------------------------------------
*/
public $cliColors = true;
public $cliForceUTF8 = false;
public $cliDetectWidth = true;
public $cliMinWidth = 40;
public bool $cliColors = true;
public bool $cliForceUTF8 = false;
public bool $cliDetectWidth = true;
public int $cliMinWidth = 40;
}

28
ci4/app/Config/Publisher.php Normal file
View File

@ -0,0 +1,28 @@
<?php
namespace Config;
use CodeIgniter\Config\Publisher as BasePublisher;
/**
* Publisher Configuration
*
* Defines basic security restrictions for the Publisher class
* to prevent abuse by injecting malicious files into a project.
*/
class Publisher extends BasePublisher
{
/**
* A list of allowed destinations with a (pseudo-)regex
* of allowed files for each destination.
* Attempts to publish to directories not in this list will
* result in a PublisherException. Files that do no fit the
* pattern will cause copy/merge to fail.
*
* @var array<string, string>
*/
public $restrictions = [
ROOTPATH => '*',
FCPATH => '#\.(s?css|js|map|html?|xml|json|webmanifest|ttf|eot|woff2?|gif|jpe?g|tiff?|png|webp|bmp|ico|svg)$#i',
];
}

31
ci4/app/Config/Routes.php
View File

@ -1,36 +1,13 @@
<?php
namespace Config;
use CodeIgniter\Router\RouteCollection;
/*
// Create a new instance of our RouteCollection class.
$routes = Services::routes();
// Load the system's routing file first, so that the app and ENVIRONMENT
// can override as needed.
if (file_exists(SYSTEMPATH . 'Config/Routes.php')) {
require SYSTEMPATH . 'Config/Routes.php';
}
*/
/*
* --------------------------------------------------------------------
* Router Setup
* --------------------------------------------------------------------
/**
* @var RouteCollection $routes
*/
/*
$routes->setDefaultNamespace('App\Controllers');
$routes->setDefaultController('Home');
$routes->setDefaultMethod('index');
$routes->setTranslateURIDashes(false);
$routes->set404Override();
$routes->setAutoRoute(true);
*/
// Create a new instance of our RouteCollection class.
$routes = Services::routes();
//service('auth')->routes($routes, ['except' => ['login', 'register']]);
service('auth')->routes($routes);
//WEB ROUTER ------------------------------------------------------
//------------------------------------------------------------------

2
ci4/app/Config/Routing.php
View File

@ -87,7 +87,7 @@ class Routing extends BaseRouting
*
* If FALSE, will stop searching and do NO automatic routing.
*/
public bool $autoRoute = true;
public bool $autoRoute = false;
/**
* If TRUE, will enable the use of the 'prioritize' option

0
ci4/app/Config/Toolbar.php Executable file → Normal file
View File