Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | n/a |
0 / 0 |
n/a |
0 / 0 |
CRAP | n/a |
0 / 0 |
|||
| AuthToken | n/a |
0 / 0 |
n/a |
0 / 0 |
0 | n/a |
0 / 0 |
|||
| 1 | <?php |
| 2 | |
| 3 | declare(strict_types=1); |
| 4 | |
| 5 | /** |
| 6 | * This file is part of CodeIgniter Shield. |
| 7 | * |
| 8 | * (c) CodeIgniter Foundation <admin@codeigniter.com> |
| 9 | * |
| 10 | * For the full copyright and license information, please view |
| 11 | * the LICENSE file that was distributed with this source code. |
| 12 | */ |
| 13 | |
| 14 | namespace Config; |
| 15 | |
| 16 | use CodeIgniter\Shield\Config\AuthToken as ShieldAuthToken; |
| 17 | |
| 18 | /** |
| 19 | * Configuration for Token Auth and HMAC Auth |
| 20 | */ |
| 21 | class AuthToken extends ShieldAuthToken |
| 22 | { |
| 23 | /** |
| 24 | * -------------------------------------------------------------------- |
| 25 | * Record Login Attempts for Token Auth and HMAC Auth |
| 26 | * -------------------------------------------------------------------- |
| 27 | * Specify which login attempts are recorded in the database. |
| 28 | * |
| 29 | * Valid values are: |
| 30 | * - Auth::RECORD_LOGIN_ATTEMPT_NONE |
| 31 | * - Auth::RECORD_LOGIN_ATTEMPT_FAILURE |
| 32 | * - Auth::RECORD_LOGIN_ATTEMPT_ALL |
| 33 | */ |
| 34 | public int $recordLoginAttempt = Auth::RECORD_LOGIN_ATTEMPT_FAILURE; |
| 35 | |
| 36 | /** |
| 37 | * -------------------------------------------------------------------- |
| 38 | * Name of Authenticator Header |
| 39 | * -------------------------------------------------------------------- |
| 40 | * The name of Header that the Authorization token should be found. |
| 41 | * According to the specs, this should be `Authorization`, but rare |
| 42 | * circumstances might need a different header. |
| 43 | */ |
| 44 | public array $authenticatorHeader = [ |
| 45 | 'tokens' => 'Authorization', |
| 46 | 'hmac' => 'Authorization', |
| 47 | ]; |
| 48 | |
| 49 | /** |
| 50 | * -------------------------------------------------------------------- |
| 51 | * Unused Token Lifetime for Token Auth and HMAC Auth |
| 52 | * -------------------------------------------------------------------- |
| 53 | * Determines the amount of time, in seconds, that an unused token can |
| 54 | * be used. |
| 55 | */ |
| 56 | public int $unusedTokenLifetime = YEAR; |
| 57 | |
| 58 | /** |
| 59 | * -------------------------------------------------------------------- |
| 60 | * Secret2 storage character limit |
| 61 | * -------------------------------------------------------------------- |
| 62 | * Database size limit for the identities 'secret2' field. |
| 63 | */ |
| 64 | public int $secret2StorageLimit = 255; |
| 65 | |
| 66 | /** |
| 67 | * -------------------------------------------------------------------- |
| 68 | * HMAC secret key byte size |
| 69 | * -------------------------------------------------------------------- |
| 70 | * Specify in integer the desired byte size of the |
| 71 | * HMAC SHA256 byte size |
| 72 | */ |
| 73 | public int $hmacSecretKeyByteSize = 32; |
| 74 | |
| 75 | /** |
| 76 | * -------------------------------------------------------------------- |
| 77 | * HMAC encryption Keys |
| 78 | * -------------------------------------------------------------------- |
| 79 | * This sets the key to be used when encrypting a user's HMAC Secret Key. |
| 80 | * |
| 81 | * 'keys' is an array of keys which will facilitate key rotation. Valid |
| 82 | * keyTitles must include only [a-zA-Z0-9_] and should be kept to a |
| 83 | * max of 8 characters. |
| 84 | * |
| 85 | * Each keyTitle is an associative array containing the required 'key' |
| 86 | * value, and the optional 'driver' and 'digest' values. If the |
| 87 | * 'driver' and 'digest' values are not specified, the default 'driver' |
| 88 | * and 'digest' values will be used. |
| 89 | * |
| 90 | * Old keys will are used to decrypt existing Secret Keys. It is encouraged |
| 91 | * to run 'php spark shield:hmac reencrypt' to update existing Secret |
| 92 | * Key encryptions. |
| 93 | * |
| 94 | * @see https://codeigniter.com/user_guide/libraries/encryption.html |
| 95 | * |
| 96 | * @var array<string, array{key: string, driver?: string, digest?: string}>|string |
| 97 | * |
| 98 | * NOTE: The value becomes temporarily a string when setting value as JSON |
| 99 | * from environment variable. |
| 100 | * |
| 101 | * [key_name => ['key' => key_value]] |
| 102 | * or [key_name => ['key' => key_value, 'driver' => driver, 'digest' => digest]] |
| 103 | */ |
| 104 | public $hmacEncryptionKeys = [ |
| 105 | 'k1' => [ |
| 106 | 'key' => '', |
| 107 | ], |
| 108 | ]; |
| 109 | |
| 110 | /** |
| 111 | * -------------------------------------------------------------------- |
| 112 | * HMAC Current Encryption Key Selector |
| 113 | * -------------------------------------------------------------------- |
| 114 | * This specifies which of the encryption keys should be used. |
| 115 | */ |
| 116 | public string $hmacEncryptionCurrentKey = 'k1'; |
| 117 | |
| 118 | /** |
| 119 | * -------------------------------------------------------------------- |
| 120 | * HMAC Encryption Key Driver |
| 121 | * -------------------------------------------------------------------- |
| 122 | * This specifies which of the encryption drivers should be used. |
| 123 | * |
| 124 | * Available drivers: |
| 125 | * - OpenSSL |
| 126 | * - Sodium |
| 127 | */ |
| 128 | public string $hmacEncryptionDefaultDriver = 'OpenSSL'; |
| 129 | |
| 130 | /** |
| 131 | * -------------------------------------------------------------------- |
| 132 | * HMAC Encryption Key Driver |
| 133 | * -------------------------------------------------------------------- |
| 134 | * THis specifies the type of encryption to be used. |
| 135 | * e.g. 'SHA512' or 'SHA256'. |
| 136 | */ |
| 137 | public string $hmacEncryptionDefaultDigest = 'SHA512'; |
| 138 | } |