16343465380

Committed 17 Jul 2025 11:07AM UTC coverage: 59.224% (-0.6%) from 59.854%

Build # 16343465380

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #23 from daycry/development

Improvements

Coverage Stats

57 of 292 new or added lines in 16 files covered. (19.52%)

6 existing lines in 4 files now uncovered.

1939 of 3274 relevant lines covered (59.22%)

22.81 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

67.31

/src/Filters/AuthFilter.php

<?php

declare(strict_types=1);

/**
 * This file is part of Daycry Auth.
 *
 * (c) Daycry <daycry9@proton.me>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace Daycry\Auth\Filters;

use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\IncomingRequest;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
use Daycry\Auth\Authentication\Authenticators\Session;
use Daycry\Auth\Config\Auth;
use Daycry\Auth\Interfaces\AuthenticatorInterface;
use Daycry\Auth\Result;

/**
 * Authentication Filter.
 *
 * JSON Web Token authentication for web applications
 * Access Token authentication for web applications
 */
class AuthFilter implements FilterInterface
{
    public function before(RequestInterface $request, $arguments = null)
    {
        helper('checkEndpoint');

        if (! $request instanceof IncomingRequest) {
            return;
        }

        $endpoint = checkEndpoint();

        $alias = $this->determineAuthenticator($arguments, $endpoint);

        /** @var AuthenticatorInterface $authenticator */
        $authenticator = auth($alias)->getAuthenticator();

        /** @var Auth $config */
        $config = config(Auth::class);

        if ($authenticator instanceof Session) {
            return $this->handleSessionAuthentication($authenticator, $config);
        }

        return $this->handleTokenAuthentication($authenticator);
    }

    /**
     * Determine which authenticator to use
     *
     * @param mixed $endpoint
     */
    private function determineAuthenticator(?array $arguments, $endpoint): string
    {
        $alias = $arguments ? $arguments[0] : service('settings')->get('Auth.defaultAuthenticator');

        return ($endpoint && $endpoint->auth) ? $endpoint->auth : $alias;
    }

    /**
     * Handle session-based authentication
     */
    private function handleSessionAuthentication(Session $authenticator, Auth $config)
    {
        if (auth()->loggedIn()) {
            if (setting('Auth.recordActiveDate')) {
                $authenticator->recordActiveDate();
            }

            $user = $authenticator->getUser();

            // Check if user is banned
            if ($user->isBanned()) {
                $error = $user->getBanMessage() ?? lang('Auth.logOutBannedUser');
                $authenticator->logout();

                return redirect()->to($config->logoutRedirect())
                    ->with('error', $error);
            }

            // Check if user needs activation
            if ($user !== null && ! $user->isActivated()) {
                $hasAction = $authenticator->startUpAction('register', $user);
                if ($hasAction) {
                    return redirect()->route('auth-action-show')
                        ->with('error', lang('Auth.activationBlocked'));
                }
            }

            return;
        }

        // Handle pending actions
        if ($authenticator->isPending()) {
            return redirect()->route('auth-action-show')
                ->with('error', $authenticator->getPendingMessage());
        }

        // Save current URL for redirect after login
        if (uri_string() !== route_to('login')) {
            session()->setTempdata('beforeLoginUrl', current_url(), 300);
        }

        return redirect()->route('login');
    }

    /**
     * Handle token-based authentication
     */
    private function handleTokenAuthentication(AuthenticatorInterface $authenticator)
    {
        $result = $authenticator->attempt();

        if (! $result->isOK()) {
            return service('response')
                ->setStatusCode(ResponseInterface::HTTP_UNAUTHORIZED)
                ->setJson(['message' => $result->reason()]);
        }

        if (setting('Auth.recordActiveDate')) {
            $authenticator->recordActiveDate();
        }

        // Handle additional access token validation if enabled
        if (service('settings')->get('Auth.accessTokenEnabled')) {
            return $this->validateAccessToken();
        }
    }

    /**
     * Validate access token when enabled
     */
    private function validateAccessToken()
    {
        $accessToken = (Services::auth(false))->setAuthenticator('access_token')->attempt();

        if (! $accessToken->isOK() && service('settings')->get('Auth.strictApiAndAuth')) {
            return service('response')
                ->setStatusCode(ResponseInterface::HTTP_UNAUTHORIZED)
                ->setJson([
                    'message' => ($accessToken instanceof Result)
                        ? $accessToken->reason()
                        : lang('Auth.badToken'),
                ]);
        }
    }

    /**
     * We don't have anything to do here.
     *
     * @param array|null $arguments
     */
    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
    {
        // Nothing required
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	/**
6	* This file is part of Daycry Auth.
7	*
8	* (c) Daycry <daycry9@proton.me>
9	*
10	* For the full copyright and license information, please view
11	* the LICENSE file that was distributed with this source code.
12	*/
13
14	namespace Daycry\Auth\Filters;
15
16	use CodeIgniter\Filters\FilterInterface;
17	use CodeIgniter\HTTP\IncomingRequest;
18	use CodeIgniter\HTTP\RequestInterface;
19	use CodeIgniter\HTTP\ResponseInterface;
20	use Config\Services;
21	use Daycry\Auth\Authentication\Authenticators\Session;
22	use Daycry\Auth\Config\Auth;
23	use Daycry\Auth\Interfaces\AuthenticatorInterface;
24	use Daycry\Auth\Result;
25
26	/**
27	* Authentication Filter.
28	*
29	* JSON Web Token authentication for web applications
30	* Access Token authentication for web applications
31	*/
32	class AuthFilter implements FilterInterface
33	{
34	public function before(RequestInterface $request, $arguments = null)
35	{
36	helper('checkEndpoint');	9✔
37
38	if (! $request instanceof IncomingRequest) {	9✔
39	return;	×
40	}
41
42	$endpoint = checkEndpoint();	9✔
43
44	$alias = $this->determineAuthenticator($arguments, $endpoint);	9✔
45
46	/** @var AuthenticatorInterface $authenticator */
47	$authenticator = auth($alias)->getAuthenticator();	9✔
48
49	/** @var Auth $config */
50	$config = config(Auth::class);	9✔
51
52	if ($authenticator instanceof Session) {	9✔
53	return $this->handleSessionAuthentication($authenticator, $config);	3✔
54	}
55
56	return $this->handleTokenAuthentication($authenticator);	6✔
57	}
58
59	/**
60	* Determine which authenticator to use
61	*
62	* @param mixed $endpoint
63	*/
64	private function determineAuthenticator(?array $arguments, $endpoint): string
65	{
66	$alias = $arguments ? $arguments[0] : service('settings')->get('Auth.defaultAuthenticator');	9✔
67
68	return ($endpoint && $endpoint->auth) ? $endpoint->auth : $alias;	9✔
69	}
70
71	/**
72	* Handle session-based authentication
73	*/
74	private function handleSessionAuthentication(Session $authenticator, Auth $config)
75	{
76	if (auth()->loggedIn()) {	3✔
77	if (setting('Auth.recordActiveDate')) {	2✔
78	$authenticator->recordActiveDate();	2✔
79	}
80
81	$user = $authenticator->getUser();	2✔
82
83	// Check if user is banned
84	if ($user->isBanned()) {	2✔
85	$error = $user->getBanMessage() ?? lang('Auth.logOutBannedUser');	1✔
86	$authenticator->logout();	1✔
87
88	return redirect()->to($config->logoutRedirect())	1✔
89	->with('error', $error);	1✔
90	}
91
92	// Check if user needs activation
93	if ($user !== null && ! $user->isActivated()) {	1✔
NEW 94	$hasAction = $authenticator->startUpAction('register', $user);	×
NEW 95	if ($hasAction) {	×
NEW 96	return redirect()->route('auth-action-show')	×
NEW 97	->with('error', lang('Auth.activationBlocked'));	×
98	}
99	}
100
101	return;	1✔
102	}
103
104	// Handle pending actions
105	if ($authenticator->isPending()) {	1✔
NEW 106	return redirect()->route('auth-action-show')	×
NEW 107	->with('error', $authenticator->getPendingMessage());	×
108	}
109
110	// Save current URL for redirect after login
111	if (uri_string() !== route_to('login')) {	1✔
112	session()->setTempdata('beforeLoginUrl', current_url(), 300);	1✔
113	}
114
115	return redirect()->route('login');	1✔
116	}
117
118	/**
119	* Handle token-based authentication
120	*/
121	private function handleTokenAuthentication(AuthenticatorInterface $authenticator)
122	{
123	$result = $authenticator->attempt();	6✔
124
125	if (! $result->isOK()) {	6✔
126	return service('response')	4✔
127	->setStatusCode(ResponseInterface::HTTP_UNAUTHORIZED)	4✔
128	->setJson(['message' => $result->reason()]);	4✔
129	}
130
131	if (setting('Auth.recordActiveDate')) {	2✔
132	$authenticator->recordActiveDate();	2✔
133	}
134
135	// Handle additional access token validation if enabled
136	if (service('settings')->get('Auth.accessTokenEnabled')) {	2✔
NEW 137	return $this->validateAccessToken();	×
138	}
139	}
140
141	/**
142	* Validate access token when enabled
143	*/
144	private function validateAccessToken()
145	{
NEW 146	$accessToken = (Services::auth(false))->setAuthenticator('access_token')->attempt();	×
147
NEW 148	if (! $accessToken->isOK() && service('settings')->get('Auth.strictApiAndAuth')) {	×
NEW 149	return service('response')	×
NEW 150	->setStatusCode(ResponseInterface::HTTP_UNAUTHORIZED)	×
NEW 151	->setJson([	×
NEW 152	'message' => ($accessToken instanceof Result)	×
NEW 153	? $accessToken->reason()	×
NEW 154	: lang('Auth.badToken'),	×
NEW 155	]);	×
156	}
157	}
158
159	/**
160	* We don't have anything to do here.
161	*
162	* @param array\|null $arguments
163	*/
164	public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
165	{
166	// Nothing required
167	}	3✔
168	}

daycry / auth / 16343465380

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous