Merge branch 'develop' into quick-start-docs

lonnieezell · lonnieezell · commit 3f443a84e968 · 2022-06-30T23:32:55.000-05:00
diff --git a/docs/customization.md b/docs/customization.md
@@ -86,3 +86,32 @@ class LoginController extends ShieldLogin
     }
 }
 ```
+
+## Custom validation rules
+
+### Registration
+
+Shield has the following rules for registration:
+
+```php
+[
+    'username'         => 'required|alpha_numeric_space|min_length[3]|is_unique[users.username]',
+    'email'            => 'required|valid_email|is_unique[auth_identities.secret]',
+    'password'         => 'required|strong_password',
+    'password_confirm' => 'required|matches[password]',
+];
+```
+
+If you need a different set of rules for registration, you can specify them in your `Validation` configuration (**app\Config\Validation.php**) like:
+
+```php
+//--------------------------------------------------------------------
+// Rules
+//--------------------------------------------------------------------
+public $registration = [
+    'username'         => 'required|alpha_numeric_space|min_length[3]|is_unique[users.username]',
+    'email'            => 'required|valid_email|is_unique[auth_identities.secret]',
+    'password'         => 'required|strong_password',
+    'password_confirm' => 'required|matches[password]',
+];
+```
diff --git a/src/Authentication/Authenticators/AccessTokens.php b/src/Authentication/Authenticators/AccessTokens.php
@@ -124,7 +124,7 @@ public function check(array $credentials): Result
             ]);
         }
 
-        $token->last_used_at = Time::now()->toDateTimeString();
+        $token->last_used_at = Time::now()->format('Y-m-d H:i:s');
         $identityModel->save($token);
 
         // Ensure the token is set as the current token
diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
@@ -836,10 +836,9 @@ protected function rememberUser(User $user): void
 
     private function calcExpires(): string
     {
-        return date(
-            'Y-m-d H:i:s',
-            time() + setting('Auth.sessionConfig')['rememberLength']
-        );
+        $timestamp = Time::now()->getTimestamp() + setting('Auth.sessionConfig')['rememberLength'];
+
+        return Time::createFromTimestamp($timestamp)->format('Y-m-d H:i:s');
     }
 
     private function setRememberMeCookie(string $rawToken): void
diff --git a/src/Authorization/Traits/Authorizable.php b/src/Authorization/Traits/Authorizable.php
@@ -367,7 +367,7 @@ private function saveGroupsOrPermissions(string $type, $model, array $cache): vo
                 $inserts[] = [
                     'user_id'    => $this->id,
                     $type        => $item,
-                    'created_at' => Time::now()->toDateTimeString(),
+                    'created_at' => Time::now()->format('Y-m-d H:i:s'),
                 ];
             }
 
diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
@@ -3,9 +3,7 @@
 namespace CodeIgniter\Shield\Controllers;
 
 use App\Controllers\BaseController;
-use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\RedirectResponse;
-use CodeIgniter\HTTP\Response;
 
 class LoginController extends BaseController
 {
@@ -27,18 +25,21 @@ public function loginView()
 
     /**
      * Attempts to log the user in.
-     *
-     * @return Response|string
      */
-    public function loginAction()
+    public function loginAction(): RedirectResponse
     {
-        /** @var IncomingRequest $request */
-        $request = service('request');
+        // Validate here first, since some things,
+        // like the password, can only be validated properly here.
+        $rules = $this->getValidationRules();
+
+        if (! $this->validate($rules)) {
+            return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());
+        }
 
-        $credentials             = $request->getPost(setting('Auth.validFields'));
+        $credentials             = $this->request->getPost(setting('Auth.validFields'));
         $credentials             = array_filter($credentials);
-        $credentials['password'] = $request->getPost('password');
-        $remember                = (bool) $request->getPost('remember');
+        $credentials['password'] = $this->request->getPost('password');
+        $remember                = (bool) $this->request->getPost('remember');
 
         // Attempt to login
         $result = auth('session')->remember($remember)->attempt($credentials);
@@ -56,11 +57,23 @@ public function loginAction()
     }
 
     /**
-     * Logs the current user out.
+     * Returns the rules that should be used for validation.
      *
-     * @return Response|string
+     * @return string[]
+     */
+    protected function getValidationRules(): array
+    {
+        return setting('Validation.login') ?? [
+            //'username' => 'required|max_length[30]|alpha_numeric_space|min_length[3]',
+            'email'    => 'required|max_length[254]|valid_email',
+            'password' => 'required',
+        ];
+    }
+
+    /**
+     * Logs the current user out.
      */
-    public function logoutAction()
+    public function logoutAction(): RedirectResponse
     {
         auth()->logout();
 
diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
@@ -85,7 +85,7 @@ public function loginAction()
             'user_id' => $user->id,
             'type'    => Session::ID_TYPE_MAGIC_LINK,
             'secret'  => $token,
-            'expires' => Time::now()->addSeconds(setting('Auth.magicLinkLifetime'))->toDateTimeString(),
+            'expires' => Time::now()->addSeconds(setting('Auth.magicLinkLifetime'))->format('Y-m-d H:i:s'),
         ]);
 
         // Send the user an email with the code
diff --git a/src/Controllers/RegisterController.php b/src/Controllers/RegisterController.php
@@ -8,7 +8,6 @@
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
 use CodeIgniter\Shield\Entities\User;
 use CodeIgniter\Shield\Models\UserModel;
-use CodeIgniter\Validation\Validation;
 
 /**
  * Class RegisterController
@@ -53,11 +52,8 @@ public function registerAction(): RedirectResponse
         // like the password, can only be validated properly here.
         $rules = $this->getValidationRules();
 
-        /** @var Validation $validation */
-        $validation = service('validation');
-
         if (! $this->validate($rules)) {
-            return redirect()->back()->withInput()->with('errors', $validation->getErrors());
+            return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());
         }
 
         // Save the user
@@ -134,7 +130,7 @@ protected function getUserEntity(): User
      */
     protected function getValidationRules(): array
     {
-        return [
+        return setting('Validation.registration') ?? [
             'username'         => 'required|alpha_numeric_space|min_length[3]|is_unique[users.username]',
             'email'            => 'required|valid_email|is_unique[auth_identities.secret]',
             'password'         => 'required|strong_password',
diff --git a/src/Models/LoginModel.php b/src/Models/LoginModel.php
@@ -61,7 +61,7 @@ public function recordLoginAttempt(
             'id_type'    => $idType,
             'identifier' => $identifier,
             'user_id'    => $userId,
-            'date'       => date('Y-m-d H:i:s'),
+            'date'       => Time::now()->format('Y-m-d H:i:s'),
             'success'    => (int) $success,
         ]);
 
@@ -91,7 +91,7 @@ public function fake(Generator &$faker): Login
             'id_type'    => Session::ID_TYPE_EMAIL_PASSWORD,
             'identifier' => $faker->email,
             'user_id'    => null,
-            'date'       => Time::parse('-1 day')->toDateTimeString(),
+            'date'       => Time::parse('-1 day')->format('Y-m-d H:i:s'),
             'success'    => true,
         ]);
     }
diff --git a/src/Models/TokenLoginModel.php b/src/Models/TokenLoginModel.php
@@ -22,7 +22,7 @@ public function fake(Generator &$faker): Login
             'ip_address' => $faker->ipv4,
             'identifier' => 'token: ' . random_string('crypto', 64),
             'user_id'    => fake(UserModel::class)->id,
-            'date'       => Time::parse('-1 day')->toDateTimeString(),
+            'date'       => Time::parse('-1 day')->format('Y-m-d H:i:s'),
             'success'    => true,
         ]);
     }
diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php
@@ -2,6 +2,7 @@
 
 namespace CodeIgniter\Shield\Models;
 
+use CodeIgniter\I18n\Time;
 use CodeIgniter\Model;
 use CodeIgniter\Shield\Authentication\Authenticators\AccessTokens;
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
@@ -247,7 +248,7 @@ public function getIdentitiesByTypes(User $user, array $types): array
      */
     public function touchIdentity(UserIdentity $identity): void
     {
-        $identity->last_used_at = date('Y-m-d H:i:s');
+        $identity->last_used_at = Time::now()->format('Y-m-d H:i:s');
 
         $return = $this->save($identity);
 
diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
@@ -118,7 +118,7 @@ public function addToDefaultGroup(User $user): void
     public function fake(Generator &$faker): User
     {
         return new User([
-            'username' => $faker->userName,
+            'username' => str_replace('.', ' ', $faker->userName),
             'active'   => true,
         ]);
     }
diff --git a/src/Views/layout.php b/src/Views/layout.php
@@ -7,7 +7,7 @@
     <title><?= $this->renderSection('title') ?></title>
 
     <!-- Bootstrap core CSS -->
-    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-giJF6kkoqNQ00vy+HMDP7azOuL0xtbfIcaT9wjKHr8RbDVddVHyTfAAsrekwKmP1" crossorigin="anonymous">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
 
     <?= $this->renderSection('pageStyles') ?>
 </head>
diff --git a/src/Views/login.php b/src/Views/login.php
@@ -10,7 +10,18 @@
                 <h5 class="card-title mb-5"><?= lang('Auth.login') ?></h5>
 
                 <?php if (session('error') !== null) : ?>
-                <div class="alert alert-danger" role="alert"><?= session('error') ?></div>
+                    <div class="alert alert-danger" role="alert"><?= session('error') ?></div>
+                <?php elseif (session('errors') !== null) : ?>
+                    <div class="alert alert-danger" role="alert">
+                        <?php if (is_array(session('errors'))) : ?>
+                            <?php foreach (session('errors') as $error) : ?>
+                                <?= $error ?>
+                                <br>
+                            <?php endforeach ?>
+                        <?php else : ?>
+                            <?= session('errors') ?>
+                        <?php endif ?>
+                    </div>
                 <?php endif ?>
 
                 <?php if (session('message') !== null) : ?>
diff --git a/tests/Authorization/AuthorizableTest.php b/tests/Authorization/AuthorizableTest.php
@@ -6,6 +6,7 @@
 use CodeIgniter\Shield\Authorization\AuthorizationException;
 use CodeIgniter\Shield\Models\UserModel;
 use CodeIgniter\Test\DatabaseTestTrait;
+use Locale;
 use Tests\Support\FakeUser;
 use Tests\Support\TestCase;
 
@@ -295,4 +296,26 @@ public function testCanCascadesToGroupsWithWildcards(): void
 
         $this->assertTrue($this->user->can('admin.access'));
     }
+
+    /**
+     * @see https://github.com/codeigniter4/shield/pull/238
+     */
+    public function testCreatedAtIfDefaultLocaleSetFaWithAddGroup(): void
+    {
+        $currentLocale = Locale::getDefault();
+        Locale::setDefault('fa');
+
+        Time::setTestNow('March 10, 2017', 'America/Chicago');
+
+        $this->user->addGroup('admin');
+
+        $this->seeInDatabase('auth_groups_users', [
+            'user_id'    => $this->user->id,
+            'group'      => 'admin',
+            'created_at' => '2017-03-10 00:00:00',
+        ]);
+
+        Locale::setDefault($currentLocale);
+        Time::setTestNow();
+    }
 }
diff --git a/tests/Controllers/LoginTest.php b/tests/Controllers/LoginTest.php
@@ -8,6 +8,7 @@
 use CodeIgniter\Test\DatabaseTestTrait;
 use CodeIgniter\Test\FeatureTestTrait;
 use Config\Services;
+use Config\Validation;
 use Tests\Support\FakeUser;
 use Tests\Support\TestCase;
 
@@ -63,6 +64,8 @@ public function testLoginBadEmail(): void
 
     public function testLoginActionEmailSuccess(): void
     {
+        Time::setTestNow('March 10, 2017', 'America/Chicago');
+
         $this->user->createEmailIdentity([
             'email'    => 'foo@example.com',
             'password' => 'secret123',
@@ -73,6 +76,7 @@ public function testLoginActionEmailSuccess(): void
             'password' => 'secret123',
         ]);
 
+        $result->assertSessionHas('user', ['id' => 1]);
         $result->assertStatus(302);
         $result->assertRedirect();
         $this->assertSame(site_url(), $result->getRedirectUrl());
@@ -85,13 +89,15 @@ public function testLoginActionEmailSuccess(): void
         ]);
         // Last Used date should have been set
         $identity = $this->user->getEmailIdentity();
-        $this->assertCloseEnough($identity->last_used_at->getTimestamp(), Time::now()->getTimestamp());
+        $this->assertSame(Time::now()->getTimestamp(), $identity->last_used_at->getTimestamp());
 
         // Session should have `logged_in` value with user's id
         $this->assertSame($this->user->id, session('user')['id']);
+
+        Time::setTestNow();
     }
 
-    public function testAfterLoggedInNotDesplayLoginPage(): void
+    public function testAfterLoggedInNotDisplayLoginPage(): void
     {
         $this->user->createEmailIdentity([
             'email'    => 'foo@example.com',
@@ -109,6 +115,17 @@ public function testAfterLoggedInNotDesplayLoginPage(): void
 
     public function testLoginActionUsernameSuccess(): void
     {
+        Time::setTestNow('March 10, 2017', 'America/Chicago');
+
+        // Change the validation rules
+        $config           = new class () extends Validation {
+            public $login = [
+                'username' => 'required|max_length[30]|alpha_numeric_space|min_length[3]',
+                'password' => 'required',
+            ];
+        };
+        Factories::injectMock('config', 'Validation', $config);
+
         $this->user->createEmailIdentity([
             'email'    => 'foo@example.com',
             'password' => 'secret123',
@@ -119,6 +136,7 @@ public function testLoginActionUsernameSuccess(): void
             'password' => 'secret123',
         ]);
 
+        $result->assertSessionHas('user', ['id' => 1]);
         $result->assertStatus(302);
         $result->assertRedirect();
         $this->assertSame(site_url(), $result->getRedirectUrl());
@@ -131,10 +149,12 @@ public function testLoginActionUsernameSuccess(): void
         ]);
         // Last Used date should have been set
         $identity = $this->user->getEmailIdentity();
-        $this->assertCloseEnough($identity->last_used_at->getTimestamp(), Time::now()->getTimestamp());
+        $this->assertSame(Time::now()->getTimestamp(), $identity->last_used_at->getTimestamp());
 
         // Session should have `logged_in` value with user's id
         $this->assertSame($this->user->id, session('user')['id']);
+
+        Time::setTestNow();
     }
 
     public function testLogoutAction(): void

Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,7 @@ public function check(array $credentials): Result`
`124`	`124`	`]);`
`125`	`125`	`}`
`126`	`126`
`127`		`- $token->last_used_at = Time::now()->toDateTimeString();`
	`127`	`+ $token->last_used_at = Time::now()->format('Y-m-d H:i:s');`
`128`	`128`	`$identityModel->save($token);`
`129`	`129`
`130`	`130`	`// Ensure the token is set as the current token`
Original file line number	Diff line number	Diff line change
`@@ -836,10 +836,9 @@ protected function rememberUser(User $user): void`
`836`	`836`
`837`	`837`	`private function calcExpires(): string`
`838`	`838`	`{`
`839`		`- return date(`
`840`		`- 'Y-m-d H:i:s',`
`841`		`- time() + setting('Auth.sessionConfig')['rememberLength']`
`842`		`- );`
	`839`	`+ $timestamp = Time::now()->getTimestamp() + setting('Auth.sessionConfig')['rememberLength'];`
	`840`	`+`
	`841`	`+ return Time::createFromTimestamp($timestamp)->format('Y-m-d H:i:s');`
`843`	`842`	`}`
`844`	`843`
`845`	`844`	`private function setRememberMeCookie(string $rawToken): void`
Original file line number	Diff line number	Diff line change
`@@ -367,7 +367,7 @@ private function saveGroupsOrPermissions(string $type, $model, array $cache): vo`
`367`	`367`	`$inserts[] = [`
`368`	`368`	`'user_id' => $this->id,`
`369`	`369`	`$type => $item,`
`370`		`- 'created_at' => Time::now()->toDateTimeString(),`
	`370`	`+ 'created_at' => Time::now()->format('Y-m-d H:i:s'),`
`371`	`371`	`];`
`372`	`372`	`}`
`373`	`373`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ public function fake(Generator &$faker): Login`
`22`	`22`	`'ip_address' => $faker->ipv4,`
`23`	`23`	`'identifier' => 'token: ' . random_string('crypto', 64),`
`24`	`24`	`'user_id' => fake(UserModel::class)->id,`
`25`		`- 'date' => Time::parse('-1 day')->toDateTimeString(),`
	`25`	`+ 'date' => Time::parse('-1 day')->format('Y-m-d H:i:s'),`
`26`	`26`	`'success' => true,`
`27`	`27`	`]);`
`28`	`28`	`}`