Settings - Decouple from shield

Author: najdanovicivan

composer.json

@@ -25,8 +25,7 @@
         "slack": "https://codeigniterchat.slack.com"
     },
     "require": {
-        "php": "^7.4.3 || ^8.0",
-        "codeigniter4/settings": "^2.1"
+        "php": "^7.4.3 || ^8.0"
     },
     "require-dev": {
         "codeigniter/coding-standard": "1.7.*",
@@ -46,7 +45,8 @@
     },
     "suggest": {
         "ext-curl": "Required to use the password validation rule via PwnedValidator class.",
-        "ext-openssl": "Required to use the JWT Authenticator."
+        "ext-openssl": "Required to use the JWT Authenticator.",
+        "codeigniter4/settings": "Required to store groups and permissions in database"
     },
     "minimum-stability": "dev",
     "prefer-stable": true,

docs/addons/jwt.md

@@ -190,7 +190,7 @@ class LoginController extends BaseController
         }
 
         // Get the credentials for login
-        $credentials             = $this->request->getJsonVar(setting('Auth.validFields'));
+        $credentials             = $this->request->getJsonVar(shieldSetting('Auth.validFields'));
         $credentials             = array_filter($credentials);
         $credentials['password'] = $this->request->getJsonVar('password');
 

docs/customization/redirect_urls.md

@@ -9,7 +9,7 @@ public function loginRedirect(): string
 {
     $url = auth()->user()->inGroup('admin')
         ? '/admin'
-        : setting('Auth.redirects')['login'];
+        : shieldSetting('Auth.redirects')['login'];
 
     return $this->getUrl($url);
 }
@@ -27,7 +27,7 @@ public function loginRedirect(): string
         return '/admin';
     }
 
-    $url = setting('Auth.redirects')['login'];
+    $url = shieldSetting('Auth.redirects')['login'];
 
     return $this->getUrl($url);
 }
@@ -40,7 +40,7 @@ You can customize where a user is redirected to after registration in the `regis
 ```php
 public function registerRedirect(): string
 {
-    $url = setting('Auth.redirects')['register'];
+    $url = shieldSetting('Auth.redirects')['register'];
 
     return $this->getUrl($url);
 }
@@ -53,7 +53,7 @@ The logout redirect can also be overridden by the `logoutRedirect()` method of t
 ```php
 public function logoutRedirect(): string
 {
-    $url = setting('Auth.redirects')['logout'];
+    $url = shieldSetting('Auth.redirects')['logout'];
 
     return $this->getUrl($url);
 }

docs/guides/mobile_apps.md

@@ -27,7 +27,7 @@ class LoginController extends BaseController
     public function mobileLogin()
     {
         // Validate credentials
-        $rules = setting('Validation.login') ?? [
+        $rules = shieldSetting('Validation.login') ?? [
             'email' => config('Auth')->emailValidationRules,
             'password' => [
                 'label' => 'Auth.password',
@@ -46,7 +46,7 @@ class LoginController extends BaseController
         }
 
         // Get the credentials for login
-        $credentials             = $this->request->getPost(setting('Auth.validFields'));
+        $credentials             = $this->request->getPost(shieldSetting('Auth.validFields'));
         $credentials             = array_filter($credentials);
         $credentials['password'] = $this->request->getPost('password');
 

src/Authentication/Actions/Email2FA.php

@@ -50,7 +50,7 @@ public function show(): string
 
         $this->createIdentity($user);
 
-        return $this->view(setting('Auth.views')['action_email_2fa'], ['user' => $user]);
+        return $this->view(shieldSetting('Auth.views')['action_email_2fa'], ['user' => $user]);
     }
 
     /**
@@ -89,11 +89,11 @@ public function handle(IncomingRequest $request)
         // Send the user an email with the code
         helper('email');
         $email = emailer(['mailType' => 'html'])
-            ->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '');
+            ->setFrom(shieldSetting('Email.fromEmail'), shieldSetting('Email.fromName') ?? '');
         $email->setTo($user->email);
         $email->setSubject(lang('Auth.email2FASubject'));
         $email->setMessage($this->view(
-            setting('Auth.views')['action_email_2fa_email'],
+            shieldSetting('Auth.views')['action_email_2fa_email'],
             ['code'  => $identity->secret, 'user' => $user, 'ipAddress' => $ipAddress, 'userAgent' => $userAgent, 'date' => $date],
             ['debug' => false]
         ));
@@ -105,7 +105,7 @@ public function handle(IncomingRequest $request)
         // Clear the email
         $email->clear();
 
-        return $this->view(setting('Auth.views')['action_email_2fa_verify']);
+        return $this->view(shieldSetting('Auth.views')['action_email_2fa_verify']);
     }
 
     /**
@@ -131,7 +131,7 @@ public function verify(IncomingRequest $request)
         if (! $authenticator->checkAction($identity, $postedToken)) {
             session()->setFlashdata('error', lang('Auth.invalid2FAToken'));
 
-            return $this->view(setting('Auth.views')['action_email_2fa_verify']);
+            return $this->view(shieldSetting('Auth.views')['action_email_2fa_verify']);
         }
 
         // Get our login redirect url

src/Authentication/Actions/EmailActivator.php

@@ -66,11 +66,11 @@ public function show(): string
         // Send the email
         helper('email');
         $email = emailer(['mailType' => 'html'])
-            ->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '');
+            ->setFrom(shieldSetting('Email.fromEmail'), shieldSetting('Email.fromName') ?? '');
         $email->setTo($userEmail);
         $email->setSubject(lang('Auth.emailActivateSubject'));
         $email->setMessage($this->view(
-            setting('Auth.views')['action_email_activate_email'],
+            shieldSetting('Auth.views')['action_email_activate_email'],
             ['code'  => $code, 'user' => $user, 'ipAddress' => $ipAddress, 'userAgent' => $userAgent, 'date' => $date],
             ['debug' => false]
         ));
@@ -83,7 +83,7 @@ public function show(): string
         $email->clear();
 
         // Display the info page
-        return $this->view(setting('Auth.views')['action_email_activate_show'], ['user' => $user]);
+        return $this->view(shieldSetting('Auth.views')['action_email_activate_show'], ['user' => $user]);
     }
 
     /**
@@ -120,7 +120,7 @@ public function verify(IncomingRequest $request)
         if (! $authenticator->checkAction($identity, $postedToken)) {
             session()->setFlashdata('error', lang('Auth.invalidActivateToken'));
 
-            return $this->view(setting('Auth.views')['action_email_activate_show']);
+            return $this->view(shieldSetting('Auth.views')['action_email_activate_show']);
         }
 
         $user = $authenticator->getUser();

src/Authentication/Authenticators/Session.php

@@ -196,7 +196,7 @@ public function attempt(array $credentials): Result
      */
     public function startUpAction(string $type, User $user): bool
     {
-        $actionClass = setting('Auth.actions')[$type] ?? null;
+        $actionClass = shieldSetting('Auth.actions')[$type] ?? null;
 
         if ($actionClass === null) {
             return false;
@@ -417,7 +417,7 @@ private function checkUserState(): void
 
         // No User Info in Session.
         // Check remember-me token.
-        if (setting('Auth.sessionConfig')['allowRemembering']) {
+        if (shieldSetting('Auth.sessionConfig')['allowRemembering']) {
             if ($this->checkRememberMe()) {
                 $this->setAuthAction();
             }
@@ -473,7 +473,7 @@ private function setAuthAction(): bool
             return false;
         }
 
-        $authActions = setting('Auth.actions');
+        $authActions = shieldSetting('Auth.actions');
 
         foreach ($authActions as $actionClass) {
             if ($actionClass === null) {
@@ -516,7 +516,7 @@ private function getIdentitiesForAction(User $user): array
      */
     private function getActionTypes(): array
     {
-        $actions = setting('Auth.actions');
+        $actions = shieldSetting('Auth.actions');
         $types   = [];
 
         foreach ($actions as $actionClass) {
@@ -611,7 +611,7 @@ private function getRememberMeToken(): ?string
         /** @var IncomingRequest $request */
         $request = service('request');
 
-        $cookieName = setting('Cookie.prefix') . setting('Auth.sessionConfig')['rememberCookieName'];
+        $cookieName = shieldSetting('Cookie.prefix') . shieldSetting('Auth.sessionConfig')['rememberCookieName'];
 
         return $request->getCookie($cookieName);
     }
@@ -682,15 +682,15 @@ public function startLogin(User $user): void
      */
     protected function getSessionUserInfo(): array
     {
-        return session(setting('Auth.sessionConfig')['field']) ?? [];
+        return session(shieldSetting('Auth.sessionConfig')['field']) ?? [];
     }
 
     /**
      * Removes User Info in Session
      */
     protected function removeSessionUserInfo(): void
     {
-        session()->remove(setting('Auth.sessionConfig')['field']);
+        session()->remove(shieldSetting('Auth.sessionConfig')['field']);
     }
 
     /**
@@ -714,7 +714,7 @@ protected function setSessionUserKey(string $key, $value): void
     {
         $sessionUserInfo       = $this->getSessionUserInfo();
         $sessionUserInfo[$key] = $value;
-        session()->set(setting('Auth.sessionConfig')['field'], $sessionUserInfo);
+        session()->set(shieldSetting('Auth.sessionConfig')['field'], $sessionUserInfo);
     }
 
     /**
@@ -724,7 +724,7 @@ protected function removeSessionUserKey(string $key): void
     {
         $sessionUserInfo = $this->getSessionUserInfo();
         unset($sessionUserInfo[$key]);
-        session()->set(setting('Auth.sessionConfig')['field'], $sessionUserInfo);
+        session()->set(shieldSetting('Auth.sessionConfig')['field'], $sessionUserInfo);
     }
 
     /**
@@ -762,7 +762,7 @@ public function login(User $user): void
 
     private function issueRememberMeToken(): void
     {
-        if ($this->shouldRemember && setting('Auth.sessionConfig')['allowRemembering']) {
+        if ($this->shouldRemember && shieldSetting('Auth.sessionConfig')['allowRemembering']) {
             $this->rememberUser($this->user);
 
             // Reset so it doesn't mess up future calls.
@@ -788,10 +788,10 @@ private function removeRememberCookie(): void
 
         // Remove remember-me cookie
         $response->deleteCookie(
-            setting('Auth.sessionConfig')['rememberCookieName'],
-            setting('Cookie.domain'),
-            setting('Cookie.path'),
-            setting('Cookie.prefix')
+            shieldSetting('Auth.sessionConfig')['rememberCookieName'],
+            shieldSetting('Cookie.domain'),
+            shieldSetting('Cookie.path'),
+            shieldSetting('Cookie.prefix')
         );
     }
 
@@ -930,7 +930,7 @@ protected function rememberUser(User $user): void
 
     private function calcExpires(): Time
     {
-        $timestamp = Time::now()->getTimestamp() + setting('Auth.sessionConfig')['rememberLength'];
+        $timestamp = Time::now()->getTimestamp() + shieldSetting('Auth.sessionConfig')['rememberLength'];
 
         return Time::createFromTimestamp($timestamp);
     }
@@ -946,13 +946,13 @@ private function setRememberMeCookie(string $rawToken): void
         // Save it to the user's browser in a cookie.
         // Create the cookie
         $response->setCookie(
-            setting('Auth.sessionConfig')['rememberCookieName'],
+            shieldSetting('Auth.sessionConfig')['rememberCookieName'],
             $rawToken,                                             // Value
-            setting('Auth.sessionConfig')['rememberLength'],      // # Seconds until it expires
-            setting('Cookie.domain'),
-            setting('Cookie.path'),
-            setting('Cookie.prefix'),
-            setting('Cookie.secure'),                          // Only send over HTTPS?
+            shieldSetting('Auth.sessionConfig')['rememberLength'],      // # Seconds until it expires
+            shieldSetting('Cookie.domain'),
+            shieldSetting('Cookie.path'),
+            shieldSetting('Cookie.prefix'),
+            shieldSetting('Cookie.secure'),                          // Only send over HTTPS?
             true                                                  // Hide from Javascript?
         );
     }

src/Authorization/Groups.php

@@ -27,7 +27,7 @@ class Groups
      */
     public function info(string $group): ?Group
     {
-        $info = setting('AuthGroups.groups')[strtolower($group)] ?? null;
+        $info = shieldSetting('AuthGroups.groups')[strtolower($group)] ?? null;
 
         if (empty($info)) {
             return null;
@@ -47,7 +47,7 @@ public function save(Group $group): void
             throw new RuntimeException(lang('Auth.missingTitle'));
         }
 
-        $groups = setting('AuthGroups.groups');
+        $groups = shieldSetting('AuthGroups.groups');
 
         $alias = $group->alias;
 
@@ -61,6 +61,6 @@ public function save(Group $group): void
         ];
 
         // Save it
-        setting('AuthGroups.groups', $groups);
+        shieldSetting('AuthGroups.groups', $groups);
     }
 }

src/Authorization/Traits/Authorizable.php

@@ -251,7 +251,7 @@ public function can(string ...$permissions): bool
         $this->populateGroups();
 
         // Get the group matrix
-        $matrix = setting('AuthGroups.matrix');
+        $matrix = shieldSetting('AuthGroups.matrix');
 
         foreach ($permissions as $permission) {
             // Permission must contain a scope and action
@@ -406,6 +406,6 @@ private function saveGroupsOrPermissions(string $type, $model, array $cache): vo
      */
     private function getConfigPermissions(): array
     {
-        return array_keys(setting('AuthGroups.permissions'));
+        return array_keys(shieldSetting('AuthGroups.permissions'));
     }
 }