12888658209

Committed 21 Jan 2025 02:05PM UTC coverage: 92.845% (+0.02%) from 92.822%

Build # 12888658209

Build Type

Pull #1229

github

Committed by

web-flow

Commit Message

Merge cd5f021c6 into b2ddb70df

Pull Request Pull Request #1229: fix: multilevel permissions in can() method

Run Details

19 of 19 new or added lines in 4 files covered. (100.0%)

2 existing lines in 1 file now uncovered.

2803 of 3019 relevant lines covered (92.85%)

49.01 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.75

/src/Controllers/RegisterController.php

<?php

declare(strict_types=1);

/**
 * This file is part of CodeIgniter Shield.
 *
 * (c) CodeIgniter Foundation <admin@codeigniter.com>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace CodeIgniter\Shield\Controllers;

use App\Controllers\BaseController;
use CodeIgniter\Events\Events;
use CodeIgniter\HTTP\RedirectResponse;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Shield\Authentication\Authenticators\Session;
use CodeIgniter\Shield\Entities\User;
use CodeIgniter\Shield\Exceptions\ValidationException;
use CodeIgniter\Shield\Models\UserModel;
use CodeIgniter\Shield\Traits\Viewable;
use CodeIgniter\Shield\Validation\ValidationRules;
use Psr\Log\LoggerInterface;

/**
 * Class RegisterController
 *
 * Handles displaying registration form,
 * and handling actual registration flow.
 */
class RegisterController extends BaseController
{
    use Viewable;

    public function initController(
        RequestInterface $request,
        ResponseInterface $response,
        LoggerInterface $logger
    ): void {
        parent::initController(
            $request,
            $response,
            $logger
        );
    }

    /**
     * Displays the registration form.
     *
     * @return RedirectResponse|string
     */
    public function registerView()
    {
        if (auth()->loggedIn()) {
            return redirect()->to(config('Auth')->registerRedirect());
        }

        // Check if registration is allowed
        if (! setting('Auth.allowRegistration')) {
            return redirect()->back()->withInput()
                ->with('error', lang('Auth.registerDisabled'));
        }

        /** @var Session $authenticator */
        $authenticator = auth('session')->getAuthenticator();

        // If an action has been defined, start it up.
        if ($authenticator->hasAction()) {
            return redirect()->route('auth-action-show');
        }

        return $this->view(setting('Auth.views')['register']);
    }

    /**
     * Attempts to register the user.
     */
    public function registerAction(): RedirectResponse
    {
        if (auth()->loggedIn()) {
            return redirect()->to(config('Auth')->registerRedirect());
        }

        // Check if registration is allowed
        if (! setting('Auth.allowRegistration')) {
            return redirect()->back()->withInput()
                ->with('error', lang('Auth.registerDisabled'));
        }

        $users = $this->getUserProvider();

        // Validate here first, since some things,
        // like the password, can only be validated properly here.
        $rules = $this->getValidationRules();

        if (! $this->validateData($this->request->getPost(), $rules, [], config('Auth')->DBGroup)) {
            return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());
        }

        // Save the user
        $allowedPostFields = array_keys($rules);
        $user              = $this->getUserEntity();
        $user->fill($this->request->getPost($allowedPostFields));

        // Workaround for email only registration/login
        if ($user->username === null) {
            $user->username = null;
        }

        try {
            $users->save($user);
        } catch (ValidationException $e) {
            return redirect()->back()->withInput()->with('errors', $users->errors());
        }

        // To get the complete user object with ID, we need to get from the database
        $user = $users->findById($users->getInsertID());

        // Add to default group
        $users->addToDefaultGroup($user);

        Events::trigger('register', $user);

        /** @var Session $authenticator */
        $authenticator = auth('session')->getAuthenticator();

        $authenticator->startLogin($user);

        // If an action has been defined for register, start it up.
        $hasAction = $authenticator->startUpAction('register', $user);
        if ($hasAction) {
            return redirect()->route('auth-action-show');
        }

        // Set the user active
        $user->activate();

        $authenticator->completeLogin($user);

        // Success!
        return redirect()->to(config('Auth')->registerRedirect())
            ->with('message', lang('Auth.registerSuccess'));
    }

    /**
     * Returns the User provider
     */
    protected function getUserProvider(): UserModel
    {
        $provider = model(setting('Auth.userProvider'));

        assert($provider instanceof UserModel, 'Config Auth.userProvider is not a valid UserProvider.');

        return $provider;
    }

    /**
     * Returns the Entity class that should be used
     */
    protected function getUserEntity(): User
    {
        return new User();
    }

    /**
     * Returns the rules that should be used for validation.
     *
     * @return array<string, array<string, list<string>|string>>
     */
    protected function getValidationRules(): array
    {
        $rules = new ValidationRules();

        return $rules->getRegistrationRules();
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	/**
6	* This file is part of CodeIgniter Shield.
7	*
8	* (c) CodeIgniter Foundation <admin@codeigniter.com>
9	*
10	* For the full copyright and license information, please view
11	* the LICENSE file that was distributed with this source code.
12	*/
13
14	namespace CodeIgniter\Shield\Controllers;
15
16	use App\Controllers\BaseController;
17	use CodeIgniter\Events\Events;
18	use CodeIgniter\HTTP\RedirectResponse;
19	use CodeIgniter\HTTP\RequestInterface;
20	use CodeIgniter\HTTP\ResponseInterface;
21	use CodeIgniter\Shield\Authentication\Authenticators\Session;
22	use CodeIgniter\Shield\Entities\User;
23	use CodeIgniter\Shield\Exceptions\ValidationException;
24	use CodeIgniter\Shield\Models\UserModel;
25	use CodeIgniter\Shield\Traits\Viewable;
26	use CodeIgniter\Shield\Validation\ValidationRules;
27	use Psr\Log\LoggerInterface;
28
29	/**
30	* Class RegisterController
31	*
32	* Handles displaying registration form,
33	* and handling actual registration flow.
34	*/
35	class RegisterController extends BaseController
36	{
37	use Viewable;
38
39	public function initController(
40	RequestInterface $request,
41	ResponseInterface $response,
42	LoggerInterface $logger
43	): void {
44	parent::initController(	30✔
45	$request,	30✔
46	$response,	30✔
47	$logger	30✔
48	);	30✔
49	}
50
51	/**
52	* Displays the registration form.
53	*
54	* @return RedirectResponse\|string
55	*/
56	public function registerView()
57	{
58	if (auth()->loggedIn()) {	8✔
59	return redirect()->to(config('Auth')->registerRedirect());	2✔
60	}
61
62	// Check if registration is allowed
63	if (! setting('Auth.allowRegistration')) {	6✔
64	return redirect()->back()->withInput()	2✔
65	->with('error', lang('Auth.registerDisabled'));	2✔
66	}
67
68	/** @var Session $authenticator */
69	$authenticator = auth('session')->getAuthenticator();	4✔
70
71	// If an action has been defined, start it up.
72	if ($authenticator->hasAction()) {	4✔
73	return redirect()->route('auth-action-show');	2✔
74	}
75
76	return $this->view(setting('Auth.views')['register']);	2✔
77	}
78
79	/**
80	* Attempts to register the user.
81	*/
82	public function registerAction(): RedirectResponse
83	{
84	if (auth()->loggedIn()) {	24✔
85	return redirect()->to(config('Auth')->registerRedirect());	2✔
86	}
87
88	// Check if registration is allowed
89	if (! setting('Auth.allowRegistration')) {	22✔
90	return redirect()->back()->withInput()	2✔
91	->with('error', lang('Auth.registerDisabled'));	2✔
92	}
93
94	$users = $this->getUserProvider();	20✔
95
96	// Validate here first, since some things,
97	// like the password, can only be validated properly here.
98	$rules = $this->getValidationRules();	20✔
99
100	if (! $this->validateData($this->request->getPost(), $rules, [], config('Auth')->DBGroup)) {	20✔
101	return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());	8✔
102	}
103
104	// Save the user
105	$allowedPostFields = array_keys($rules);	12✔
106	$user = $this->getUserEntity();	12✔
107	$user->fill($this->request->getPost($allowedPostFields));	12✔
108
109	// Workaround for email only registration/login
110	if ($user->username === null) {	12✔
UNCOV 111	$user->username = null;	×
112	}
113
114	try {
115	$users->save($user);	12✔
UNCOV 116	} catch (ValidationException $e) {	×
117	return redirect()->back()->withInput()->with('errors', $users->errors());	×
118	}
119
120	// To get the complete user object with ID, we need to get from the database
121	$user = $users->findById($users->getInsertID());	12✔
122
123	// Add to default group
124	$users->addToDefaultGroup($user);	12✔
125
126	Events::trigger('register', $user);	12✔
127
128	/** @var Session $authenticator */
129	$authenticator = auth('session')->getAuthenticator();	12✔
130
131	$authenticator->startLogin($user);	12✔
132
133	// If an action has been defined for register, start it up.
134	$hasAction = $authenticator->startUpAction('register', $user);	12✔
135	if ($hasAction) {	12✔
136	return redirect()->route('auth-action-show');	8✔
137	}
138
139	// Set the user active
140	$user->activate();	4✔
141
142	$authenticator->completeLogin($user);	4✔
143
144	// Success!
145	return redirect()->to(config('Auth')->registerRedirect())	4✔
146	->with('message', lang('Auth.registerSuccess'));	4✔
147	}
148
149	/**
150	* Returns the User provider
151	*/
152	protected function getUserProvider(): UserModel
153	{
154	$provider = model(setting('Auth.userProvider'));	20✔
155
156	assert($provider instanceof UserModel, 'Config Auth.userProvider is not a valid UserProvider.');
157
158	return $provider;	20✔
159	}
160
161	/**
162	* Returns the Entity class that should be used
163	*/
164	protected function getUserEntity(): User
165	{
166	return new User();	12✔
167	}
168
169	/**
170	* Returns the rules that should be used for validation.
171	*
172	* @return array<string, array<string, list<string>\|string>>
173	*/
174	protected function getValidationRules(): array
175	{
176	$rules = new ValidationRules();	20✔
177
178	return $rules->getRegistrationRules();	20✔
179	}
180	}

codeigniter4 / shield / 12888658209

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous