25518434194

Committed 07 May 2026 07:49PM UTC coverage: 58.608% (-6.4%) from 64.989%

Build # 25518434194

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #47 from daycry/development

Implement security enhancements and new account features

Coverage Stats

277 of 1030 new or added lines in 55 files covered. (26.89%)

11 existing lines in 6 files now uncovered.

3544 of 6047 relevant lines covered (58.61%)

47.97 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

66.67

/src/Filters/ChainAuthFilter.php

<?php

declare(strict_types=1);

/**
 * This file is part of Daycry Auth.
 *
 * (c) Daycry <daycry9@proton.me>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace Daycry\Auth\Filters;

use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\IncomingRequest;
use CodeIgniter\HTTP\RedirectResponse;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\Response;
use CodeIgniter\HTTP\ResponseInterface;
use Daycry\Auth\Config\Auth;
use Exception;

/**
 * Chain Authentication Filter.
 *
 * Checks all authentication systems specified within
 * `Config\Auth->authenticationChain`
 */
class ChainAuthFilter implements FilterInterface
{
    /**
     * Do whatever processing this filter needs to do.
     * By default it should not return anything during
     * normal execution. However, when an abnormal state
     * is found, it should return an instance of
     * CodeIgniter\HTTP\Response. If it does, script
     * execution will end and that Response will be
     * sent back to the client, allowing for error pages,
     * redirects, etc.
     *
     * @param array|null $arguments
     *
     * @return RedirectResponse|void
     */
    public function before(RequestInterface $request, $arguments = null)
    {
        if (! $request instanceof IncomingRequest) {
            return;
        }

        helper('settings');

        /** @var Auth $config */
        $config = config(Auth::class);
        $chain  = $config->authenticationChain;

        foreach ($chain as $alias) {
            try {
                if (auth($alias)->loggedIn()) {
                    // Make sure Auth uses this Authenticator
                    auth()->setAuthenticator($alias);

                    return;
                }
            } catch (Exception) {
                continue;
            }
        }

        $acceptHeader = $request->getHeaderLine('Accept');
        if (str_contains($acceptHeader, 'application/json') || str_contains($acceptHeader, 'application/xml')) {
            return service('response')->setStatusCode(
                401,
                lang('Auth.invalidUser'),
            );
        }

        return redirect()->route('login');
    }

    /**
     * We don't have anything to do here.
     *
     * @param array|null $arguments
     */
    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
    {
        // Nothing required
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	/**
6	* This file is part of Daycry Auth.
7	*
8	* (c) Daycry <daycry9@proton.me>
9	*
10	* For the full copyright and license information, please view
11	* the LICENSE file that was distributed with this source code.
12	*/
13
14	namespace Daycry\Auth\Filters;
15
16	use CodeIgniter\Filters\FilterInterface;
17	use CodeIgniter\HTTP\IncomingRequest;
18	use CodeIgniter\HTTP\RedirectResponse;
19	use CodeIgniter\HTTP\RequestInterface;
20	use CodeIgniter\HTTP\Response;
21	use CodeIgniter\HTTP\ResponseInterface;
22	use Daycry\Auth\Config\Auth;
23	use Exception;
24
25	/**
26	* Chain Authentication Filter.
27	*
28	* Checks all authentication systems specified within
29	* `Config\Auth->authenticationChain`
30	*/
31	class ChainAuthFilter implements FilterInterface
32	{
33	/**
34	* Do whatever processing this filter needs to do.
35	* By default it should not return anything during
36	* normal execution. However, when an abnormal state
37	* is found, it should return an instance of
38	* CodeIgniter\HTTP\Response. If it does, script
39	* execution will end and that Response will be
40	* sent back to the client, allowing for error pages,
41	* redirects, etc.
42	*
43	* @param array\|null $arguments
44	*
45	* @return RedirectResponse\|void
46	*/
47	public function before(RequestInterface $request, $arguments = null)	3✔
48	{
49	if (! $request instanceof IncomingRequest) {	3✔
50	return;	×
51	}
52
53	helper('settings');	3✔
54
55	/** @var Auth $config */
56	$config = config(Auth::class);	3✔
57	$chain = $config->authenticationChain;	3✔
58
59	foreach ($chain as $alias) {	3✔
60	try {
61	if (auth($alias)->loggedIn()) {	3✔
62	// Make sure Auth uses this Authenticator
63	auth()->setAuthenticator($alias);	2✔
64
65	return;	3✔
66	}
NEW 67	} catch (Exception) {	×
68	continue;	×
69	}
70	}
71
72	$acceptHeader = $request->getHeaderLine('Accept');	1✔
73	if (str_contains($acceptHeader, 'application/json') \|\| str_contains($acceptHeader, 'application/xml')) {	1✔
74	return service('response')->setStatusCode(	×
75	401,	×
76	lang('Auth.invalidUser'),	×
77	);	×
78	}
79
80	return redirect()->route('login');	1✔
81	}
82
83	/**
84	* We don't have anything to do here.
85	*
86	* @param array\|null $arguments
87	*/
88	public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void	2✔
89	{
90	// Nothing required
91	}	2✔
92	}

daycry / auth / 25518434194

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous