From 7213ed290c977ce8723f6d92addadc03913576ee Mon Sep 17 00:00:00 2001 From: Yassine Doghri Date: Sun, 16 Oct 2022 10:36:54 +0000 Subject: [PATCH] feat(auth): add auth.enable2FA config to enable two-factor authentication + update phpstan and rector configs --- app/Config/Events.php | 3 -- modules/Auth/Config/Auth.php | 17 +++++++++++ modules/Auth/Language/en/Auth.php | 4 +++ phpstan.neon | 5 ++++ public/index.php | 12 ++++++++ public/media/site/index.html | 0 rector.php | 2 ++ spark | 12 ++++++++ themes/cp_auth/email_2fa_show.php | 42 ++++++++++----------------- themes/cp_auth/email_2fa_verify.php | 44 +++++++++++------------------ 10 files changed, 84 insertions(+), 57 deletions(-) delete mode 100644 public/media/site/index.html diff --git a/app/Config/Events.php b/app/Config/Events.php index 07332c3d..6d7f32bb 100644 --- a/app/Config/Events.php +++ b/app/Config/Events.php @@ -28,7 +28,6 @@ use CodeIgniter\Exceptions\FrameworkException; */ Events::on('pre_system', static function () { - // @phpstan-ignore-next-line if (ENVIRONMENT !== 'testing') { if (ini_get('zlib.output_compression')) { throw FrameworkException::forEnabledZlibOutputCompression(); @@ -46,8 +45,6 @@ Events::on('pre_system', static function () { * Debug Toolbar Listeners. * -------------------------------------------------------------------- * If you delete, they will no longer be collected. - * - * @phpstan-ignore-next-line */ if (CI_DEBUG && ! is_cli()) { Events::on('DBQuery', 'CodeIgniter\Debug\Toolbar\Collectors\Database::collect'); diff --git a/modules/Auth/Config/Auth.php b/modules/Auth/Config/Auth.php index e9017374..24ef0c89 100644 --- a/modules/Auth/Config/Auth.php +++ b/modules/Auth/Config/Auth.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace Modules\Auth\Config; use CodeIgniter\Shield\Authentication\Actions\ActionInterface; +use CodeIgniter\Shield\Authentication\Actions\Email2FA; use CodeIgniter\Shield\Config\Auth as ShieldAuth; use Modules\Auth\Models\UserModel; @@ -75,6 +76,14 @@ class Auth extends ShieldAuth */ public bool $allowRegistration = true; + /** + * -------------------------------------------------------------------- + * Allow Two-Factor Authentication + * -------------------------------------------------------------------- + * Determines whether email 2FA is enabled. + */ + public bool $enable2FA = false; + /** * -------------------------------------------------------------------- * Welcome Link Lifetime @@ -108,6 +117,8 @@ class Auth extends ShieldAuth public function __construct() { + parent::__construct(); + $adminGateway = config('Admin') ->gateway; @@ -116,6 +127,12 @@ class Auth extends ShieldAuth 'login' => $adminGateway, 'logout' => $adminGateway, ]; + + // FIXME: enable2FA config can only be updated in the .env + // Using the settings service to have it set in the db causes infinite loop. + if ($this->enable2FA) { + $this->actions['login'] = Email2FA::class; + } } /** diff --git a/modules/Auth/Language/en/Auth.php b/modules/Auth/Language/en/Auth.php index 6928cf9b..09e3cd6b 100644 --- a/modules/Auth/Language/en/Auth.php +++ b/modules/Auth/Language/en/Auth.php @@ -80,6 +80,10 @@ return [ 'episodes.manage-publications' => 'Can publish/unpublish episodes and posts of podcast #{id}.', 'episodes.manage-comments' => 'Can create/remove episode comments of podcast #{id}.', ], + + // missing keys + 'code' => 'Your 6-digit code', + 'notEnoughPrivilege' => 'You do not have sufficient permissions to access that page.', 'set_password' => 'Set your password', diff --git a/phpstan.neon b/phpstan.neon index 8e79ac06..4c46c3fa 100644 --- a/phpstan.neon +++ b/phpstan.neon @@ -20,6 +20,11 @@ parameters: - app/Views/* - modules/*/Views/* - themes/* + dynamicConstantNames: + - APP_NAMESPACE + - CI_DEBUG + - ENVIRONMENT + - SODIUM_LIBRARY_VERSION ignoreErrors: - '#Cannot access property [\$a-z_]+ on ((array\|)?object)#' - '#^Call to an undefined method CodeIgniter\\Database\\ConnectionInterface#' diff --git a/public/index.php b/public/index.php index cc758a8b..b80d9fbf 100644 --- a/public/index.php +++ b/public/index.php @@ -6,6 +6,18 @@ use CodeIgniter\Config\DotEnv; use Config\Paths; use Config\Services; +// Check PHP version. +$minPhpVersion = '8.0'; // If you update this, don't forget to update `spark`. +if (version_compare(PHP_VERSION, $minPhpVersion, '<')) { + $message = sprintf( + 'Your PHP version must be %s or higher to run CodeIgniter. Current version: %s', + $minPhpVersion, + PHP_VERSION + ); + + exit($message); +} + // Path to the front controller (this file) define('FCPATH', __DIR__ . DIRECTORY_SEPARATOR); diff --git a/public/media/site/index.html b/public/media/site/index.html deleted file mode 100644 index e69de29b..00000000 diff --git a/rector.php b/rector.php index 881a5ebd..96dad228 100644 --- a/rector.php +++ b/rector.php @@ -10,6 +10,7 @@ use Rector\CodingStyle\Rector\Stmt\NewlineAfterStatementRector; use Rector\CodingStyle\Rector\String_\SymplifyQuoteEscapeRector; use Rector\Config\RectorConfig; use Rector\Core\ValueObject\PhpVersion; +use Rector\DeadCode\Rector\If_\UnwrapFutureCompatibleIfPhpVersionRector; use Rector\EarlyReturn\Rector\If_\ChangeOrIfContinueToMultiContinueRector; use Rector\EarlyReturn\Rector\If_\ChangeOrIfReturnToEarlyReturnRector; use Rector\Php55\Rector\String_\StringClassNameToClassConstantRector; @@ -61,6 +62,7 @@ return static function (RectorConfig $rectorConfig): void { UnSpreadOperatorRector::class, ExplicitMethodCallOverMagicGetSetRector::class, RemoveExtraParametersRector::class, + UnwrapFutureCompatibleIfPhpVersionRector::class, // skip rule in specific directory StringClassNameToClassConstantRector::class => [ diff --git a/spark b/spark index 225422aa..306cf957 100644 --- a/spark +++ b/spark @@ -26,6 +26,18 @@ if (strpos(PHP_SAPI, 'cgi') === 0) { exit("The cli tool is not supported when running php-cgi. It needs php-cli to function!\n\n"); } +// Check PHP version. +$minPhpVersion = '8.0'; // If you update this, don't forget to update `public/index.php`. +if (version_compare(PHP_VERSION, $minPhpVersion, '<')) { + $message = sprintf( + 'Your PHP version must be %s or higher to run CodeIgniter. Current version: %s', + $minPhpVersion, + PHP_VERSION + ); + + exit($message); +} + // We want errors to be shown when using it from the CLI. error_reporting(-1); ini_set('display_errors', '1'); diff --git a/themes/cp_auth/email_2fa_show.php b/themes/cp_auth/email_2fa_show.php index ddedc530..9e70a42a 100644 --- a/themes/cp_auth/email_2fa_show.php +++ b/themes/cp_auth/email_2fa_show.php @@ -1,38 +1,26 @@ + extend(config('Auth')->views['layout']) ?> section('title') ?> endSection() ?> section('content') ?> -
-
-
-
+
+ -

+ - -
- + + -
- - - -
- - value="email) ?>" required /> -
- -
- -
- -
-
-
-
endSection() ?> diff --git a/themes/cp_auth/email_2fa_verify.php b/themes/cp_auth/email_2fa_verify.php index e9dad7f4..18c67156 100644 --- a/themes/cp_auth/email_2fa_verify.php +++ b/themes/cp_auth/email_2fa_verify.php @@ -1,36 +1,26 @@ + extend(config('Auth')->views['layout']) ?> -section('title') ?> endSection() ?> +section('title') ?> endSection() ?> section('content') ?> -
-
-
-
+
+ -

+ - -
- - - - - - -
- -
- -
- -
- - -
-
-
+ + endSection() ?>