22520725744

Committed 27 Feb 2026 09:30PM UTC coverage: 65.761% (-1.1%) from 66.864%

Build # 22520725744

Build Type

push

github

Committed by

daycry

Commit Message

Add StatelessAuthenticator and refactor token handling

Introduce StatelessAuthenticator as a shared base for JWT/AccessToken and centralize token extraction (getTokenFromRequest). Refactor JWT and AccessToken to extend it and simplify header/query parsing. Add Utils::generateNumericCode and use it in Email2FA/EmailActivator to replace duplicated generators. Centralize model() calls in traits (HasAccessTokens, HasDeviceSessions, HasTotp) via small private getters. Improve filters and error handling: add buildDeniedResponse in AbstractAuthFilter, adjust Group/Permission filters to return ResponseInterface and reuse the builder. Replace static authorization flags with instance properties in AuthenticationException/AuthorizationException and update ExceptionHandler to read them safely. Misc: small controller/type fixes, email helper guard, DeviceSessionModel null handling, active-group/permission query fixes, phpstan baseline updates, and adjust tests to expect 403 for denied JSON responses.

Coverage Stats

56 of 68 new or added lines in 19 files covered. (82.35%)

115 existing lines in 7 files now uncovered.

2614 of 3975 relevant lines covered (65.76%)

42.9 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

33.33

/src/Exceptions/AuthenticationException.php

<?php

declare(strict_types=1);

/**
 * This file is part of Daycry Auth.
 *
 * (c) Daycry <daycry9@proton.me>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace Daycry\Auth\Exceptions;

use CodeIgniter\Exceptions\RuntimeException;
use CodeIgniter\HTTP\Exceptions\HTTPException;

class AuthenticationException extends RuntimeException
{
    /**
     * Whether the request was authorised (i.e. credentials were structurally
     * valid).  Set to false only when a specific user was rejected.
     * Stored as an instance property to avoid the race condition that a
     * static property would introduce in concurrent requests.
     */
    public bool $authorized = true;

    /**
     * HTTP 401 Unauthorized — the request lacks valid authentication credentials.
     */
    protected $code = 401;

    /**
     * @param string $alias Authenticator alias
     */
    public static function forUnknownAuthenticator(string $alias): self
    {
        return new self(lang('Auth.unknownAuthenticator', [$alias]));
    }

    public static function forInvalidLibraryImplementation(): self
    {
        return new self(lang('Auth.invalidLibraryImplementation'));
    }

    public static function forUnknownUserProvider(): self
    {
        return new self(lang('Auth.unknownUserProvider'));
    }

    public static function forInvalidUser(): self
    {
        $e             = new self(lang('Auth.invalidUser'));
        $e->authorized = false;

        return $e;
    }

    public static function forBannedUser(): self
    {
        $e             = new self(lang('Auth.invalidUser'));
        $e->authorized = false;

        return $e;
    }

    public static function forNoEntityProvided(): self
    {
        return new self(lang('Auth.noUserEntity'), 500);
    }

    /**
     * Fires when no minimumPasswordLength has been set
     * in the Auth config file.
     */
    public static function forUnsetPasswordLength(): self
    {
        return new self(lang('Auth.unsetPasswordLength'), 500);
    }

    /**
     * When the cURL request (to Have I Been Pwned) in PwnedValidator
     * throws a HTTPException it is re-thrown as this one
     */
    public static function forHIBPCurlFail(HTTPException $e): self
    {
        return new self($e->getMessage(), $e->getCode(), $e);
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	/**
6	* This file is part of Daycry Auth.
7	*
8	* (c) Daycry <daycry9@proton.me>
9	*
10	* For the full copyright and license information, please view
11	* the LICENSE file that was distributed with this source code.
12	*/
13
14	namespace Daycry\Auth\Exceptions;
15
16	use CodeIgniter\Exceptions\RuntimeException;
17	use CodeIgniter\HTTP\Exceptions\HTTPException;
18
19	class AuthenticationException extends RuntimeException
20	{
21	/**
22	* Whether the request was authorised (i.e. credentials were structurally
23	* valid). Set to false only when a specific user was rejected.
24	* Stored as an instance property to avoid the race condition that a
25	* static property would introduce in concurrent requests.
26	*/
27	public bool $authorized = true;
28
29	/**
30	* HTTP 401 Unauthorized — the request lacks valid authentication credentials.
31	*/
32	protected $code = 401;
33
34	/**
35	* @param string $alias Authenticator alias
36	*/
37	public static function forUnknownAuthenticator(string $alias): self
38	{
39	return new self(lang('Auth.unknownAuthenticator', [$alias]));	×
40	}
41
42	public static function forInvalidLibraryImplementation(): self
43	{
44	return new self(lang('Auth.invalidLibraryImplementation'));	×
45	}
46
47	public static function forUnknownUserProvider(): self
48	{
49	return new self(lang('Auth.unknownUserProvider'));	×
50	}
51
52	public static function forInvalidUser(): self
53	{
54	$e = new self(lang('Auth.invalidUser'));	3✔
55	$e->authorized = false;	3✔
56
57	return $e;	3✔
58	}
59
60	public static function forBannedUser(): self
61	{
NEW 62	$e = new self(lang('Auth.invalidUser'));	×
NEW 63	$e->authorized = false;	×
64
NEW 65	return $e;	×
66	}
67
68	public static function forNoEntityProvided(): self
69	{
70	return new self(lang('Auth.noUserEntity'), 500);	×
71	}
72
73	/**
74	* Fires when no minimumPasswordLength has been set
75	* in the Auth config file.
76	*/
77	public static function forUnsetPasswordLength(): self
78	{
79	return new self(lang('Auth.unsetPasswordLength'), 500);	1✔
80	}
81
82	/**
83	* When the cURL request (to Have I Been Pwned) in PwnedValidator
84	* throws a HTTPException it is re-thrown as this one
85	*/
86	public static function forHIBPCurlFail(HTTPException $e): self
87	{
88	return new self($e->getMessage(), $e->getCode(), $e);	×
89	}
90	}

daycry / auth / 22520725744

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous