16344800892

Committed 17 Jul 2025 12:13PM UTC coverage: 66.494% (+6.6%) from 59.854%

Build # 16344800892

Build Type

push

github

Committed by

daycry

Commit Message

Add comprehensive unit tests for helpers and services

This commit introduces extensive unit tests for helper functions (auth, checkEndpoint, checkIp, email), libraries (CheckIpInRange, Logger), and service classes (AttemptHandler, ExceptionHandler, RequestLogger). Also fixes ReflectionProperty usage in ExceptionHandler to correctly pass the exception object. These tests improve code coverage and ensure reliability of authentication, endpoint, IP checking, email, logging, and exception handling features.

Run Details

1 of 1 new or added line in 1 file covered. (100.0%)

136 existing lines in 8 files now uncovered.

2177 of 3274 relevant lines covered (66.49%)

32.78 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/Filters/RatesFilter.php

<?php

declare(strict_types=1);

/**
 * This file is part of Daycry Auth.
 *
 * (c) Daycry <daycry9@proton.me>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace Daycry\Auth\Filters;

use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\IncomingRequest;
use CodeIgniter\HTTP\RedirectResponse;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
use Daycry\Auth\Entities\Endpoint;

/**
 * Auth Rate-Limiting Filter.
 *
 * Provides rated limiting intended for routes.
 */
class RatesFilter implements FilterInterface
{
    /**
     * Intened for use on auth form pages to restrict the number
     * of attempts that can be generated. Restricts it to 10 attempts
     * per minute, which is what auth0 uses.
     *
     * @see https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/database-connections-rate-limits
     *
     * @param array|null $arguments
     *
     * @return RedirectResponse|void
     */
    public function before(RequestInterface $request, $arguments = null)
    {
        if (! $request instanceof IncomingRequest) {
            return;
        }

        helper('checkEndpoint');

        $throttler = service('throttler');
        $router    = Services::router();

        $endpoint = checkEndpoint();

        $limit = service('settings')->get('Auth.requestLimit') ?? 10;
        $time  = service('settings')->get('Auth.timeLimit') ?? 60;

        if ($endpoint instanceof Endpoint) {
            $limit = $endpoint->limit ?: $limit;
            $time  = $endpoint->time ?: $time;
        }

        $limitMethod = service('settings')->get('Auth.limitMethod') ?? 'ROUTED_URL';
        $limited_uri = $this->buildLimitedUri($request, $router, $limitMethod);

        $ignoreLimits = false;
        if ($userId = auth()->id()) {
            $ignoreLimits = auth()->user()->ignore_rates ?? false;
        }

        // Restrict requests based on the configured method and limits
        if (! $ignoreLimits && $throttler->check(md5($limited_uri), $limit, $time, 1) === false) {
            return service('response')->setStatusCode(
                429,
                lang('Auth.throttled', [$throttler->getTokenTime()]), // message
            );
        }
    }

    /**
     * Build the URI used for rate limiting based on the configured method
     *
     * @param mixed $router
     */
    private function buildLimitedUri(RequestInterface $request, $router, string $limitMethod): string
    {
        switch ($limitMethod) {
            case 'IP_ADDRESS':
                return 'ip-address:' . $request->getIPAddress();

            case 'USER':
                $username = auth()->user()->username ?? 'anonymous';

                return 'user:' . $username;

            case 'METHOD_NAME':
                return 'method-name:' . $router->controllerName() . '::' . $router->methodName();

            case 'ROUTED_URL':
            default:
                return 'uri:' . $request->getUri()->getPath() . ':' . $request->getMethod();
        }
    }

    /**
     * We don't have anything to do here.
     *
     * @param array|null $arguments
     */
    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
    {
        // Nothing required
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	/**
6	* This file is part of Daycry Auth.
7	*
8	* (c) Daycry <daycry9@proton.me>
9	*
10	* For the full copyright and license information, please view
11	* the LICENSE file that was distributed with this source code.
12	*/
13
14	namespace Daycry\Auth\Filters;
15
16	use CodeIgniter\Filters\FilterInterface;
17	use CodeIgniter\HTTP\IncomingRequest;
18	use CodeIgniter\HTTP\RedirectResponse;
19	use CodeIgniter\HTTP\RequestInterface;
20	use CodeIgniter\HTTP\ResponseInterface;
21	use Config\Services;
22	use Daycry\Auth\Entities\Endpoint;
23
24	/**
25	* Auth Rate-Limiting Filter.
26	*
27	* Provides rated limiting intended for routes.
28	*/
29	class RatesFilter implements FilterInterface
30	{
31	/**
32	* Intened for use on auth form pages to restrict the number
33	* of attempts that can be generated. Restricts it to 10 attempts
34	* per minute, which is what auth0 uses.
35	*
36	* @see https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/database-connections-rate-limits
37	*
38	* @param array\|null $arguments
39	*
40	* @return RedirectResponse\|void
41	*/
42	public function before(RequestInterface $request, $arguments = null)
43	{
44	if (! $request instanceof IncomingRequest) {	×
45	return;	×
46	}
47
48	helper('checkEndpoint');	×
49
50	$throttler = service('throttler');	×
51	$router = Services::router();	×
52
53	$endpoint = checkEndpoint();	×
54
55	$limit = service('settings')->get('Auth.requestLimit') ?? 10;	×
56	$time = service('settings')->get('Auth.timeLimit') ?? 60;	×
57
58	if ($endpoint instanceof Endpoint) {	×
59	$limit = $endpoint->limit ?: $limit;	×
60	$time = $endpoint->time ?: $time;	×
61	}
62
63	$limitMethod = service('settings')->get('Auth.limitMethod') ?? 'ROUTED_URL';	×
64	$limited_uri = $this->buildLimitedUri($request, $router, $limitMethod);	×
65
66	$ignoreLimits = false;	×
67	if ($userId = auth()->id()) {	×
UNCOV 68	$ignoreLimits = auth()->user()->ignore_rates ?? false;	×
69	}
70
71	// Restrict requests based on the configured method and limits
UNCOV 72	if (! $ignoreLimits && $throttler->check(md5($limited_uri), $limit, $time, 1) === false) {	×
73	return service('response')->setStatusCode(	×
74	429,	×
75	lang('Auth.throttled', [$throttler->getTokenTime()]), // message	×
UNCOV 76	);	×
77	}
78	}
79
80	/**
81	* Build the URI used for rate limiting based on the configured method
82	*
83	* @param mixed $router
84	*/
85	private function buildLimitedUri(RequestInterface $request, $router, string $limitMethod): string
86	{
87	switch ($limitMethod) {
UNCOV 88	case 'IP_ADDRESS':	×
89	return 'ip-address:' . $request->getIPAddress();	×
90
91	case 'USER':	×
92	$username = auth()->user()->username ?? 'anonymous';	×
93
UNCOV 94	return 'user:' . $username;	×
95
UNCOV 96	case 'METHOD_NAME':	×
UNCOV 97	return 'method-name:' . $router->controllerName() . '::' . $router->methodName();	×
98
UNCOV 99	case 'ROUTED_URL':	×
100	default:
UNCOV 101	return 'uri:' . $request->getUri()->getPath() . ':' . $request->getMethod();	×
102	}
103	}
104
105	/**
106	* We don't have anything to do here.
107	*
108	* @param array\|null $arguments
109	*/
110	public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
111	{
112	// Nothing required
UNCOV 113	}	×
114	}

daycry / auth / 16344800892

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous