|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380 |
- <?php
-
- namespace Config;
-
-
- class Auth extends \Myth\Auth\Config\Auth
- {
- /**
- * --------------------------------------------------------------------
- * Default User Group
- * --------------------------------------------------------------------
- *
- * The name of a group a user will be added to when they register,
- * i.e. $defaultUserGroup = 'guests'.
- *
- * @var string
- */
- public $defaultUserGroup;
-
- /**
- * --------------------------------------------------------------------
- * Landing Route
- * --------------------------------------------------------------------
- *
- * This is your landing page (route name) after user success to login,
- * i.e $landingRoute = 'dashboard'.
- *
- * If you set $silent = true the Permission and Role filters will
- * use this config too for the routing.
- *
- * @var string
- */
- public $landingRoute = '/';
-
- /**
- * --------------------------------------------------------------------
- * Reserverd Routes
- * --------------------------------------------------------------------
- *
- * The auth routes config is listed in here and you can customize it,
- * i.e. $reservedRoutes = ['forgot' => 'forgot-password'].
- *
- * Do Not Change The Key!!! Because it's the identity for routing.
- *
- * @var array
- */
- public $reservedRoutes = [
- 'login' => 'login',
- 'logout' => 'logout',
- 'register' => 'register',
- 'activate-account' => 'activate-account',
- 'resend-activate-account' => 'resend-activate-account',
- 'forgot' => 'forgot',
- 'reset-password' => 'reset-password',
- ];
-
- /**
- * --------------------------------------------------------------------
- * Libraries
- * --------------------------------------------------------------------
- *
- * @var array
- */
- public $authenticationLibs = [
- 'local' => 'Myth\Auth\Authentication\LocalAuthenticator',
- ];
-
- /**
- * --------------------------------------------------------------------
- * Views used by Auth Controllers
- * --------------------------------------------------------------------
- *
- * @var array
- */
- public $views = [
- 'login' => 'App\Views\Auth\login',
- 'register' => 'App\Views\Auth\register',
- 'forgot' => 'App\Views\Auth\forgot',
- 'reset' => 'App\Views\Auth\reset',
- 'emailForgot' => 'App\Views\Auth\emails\forgot',
- 'emailActivation' => 'App\Views\Auth\emails\activation',
- ];
-
- /**
- * --------------------------------------------------------------------
- * Layout for the views to extend
- * --------------------------------------------------------------------
- *
- * @var string
- */
- public $viewLayout = 'App\Views\Auth\layout';
-
- /**
- * --------------------------------------------------------------------
- * Authentication
- * --------------------------------------------------------------------
- *
- * Fields that are available to be used as credentials for login.
- *
- * @var string[]
- */
- public $validFields = [
- 'email',
- ];
-
- /**
- * --------------------------------------------------------------------
- * Additional Fields for "Nothing Personal"
- * --------------------------------------------------------------------
- *
- * The `NothingPersonalValidator` prevents personal information from
- * being used in passwords. The email and username fields are always
- * considered by the validator. Do not enter those field names here.
- *
- * An extend User Entity might include other personal info such as
- * first and/or last names. `$personalFields` is where you can add
- * fields to be considered as "personal" by the NothingPersonalValidator.
- *
- * For example:
- * $personalFields = ['firstname', 'lastname'];
- *
- * @var string[]
- */
- public $personalFields = [];
-
- /**
- * --------------------------------------------------------------------
- * Password / Username Similarity
- * --------------------------------------------------------------------
- *
- * Among other things, the NothingPersonalValidator checks the
- * amount of sameness between the password and username.
- * Passwords that are too much like the username are invalid.
- *
- * The value set for $maxSimilarity represents the maximum percentage
- * of similarity at which the password will be accepted. In other words, any
- * calculated similarity equal to, or greater than $maxSimilarity
- * is rejected.
- *
- * The accepted range is 0-100, with 0 (zero) meaning don't check similarity.
- * Using values at either extreme of the *working range* (1-100) is
- * not advised. The low end is too restrictive and the high end is too permissive.
- * The suggested value for $maxSimilarity is 50.
- *
- * You may be thinking that a value of 100 should have the effect of accepting
- * everything like a value of 0 does. That's logical and probably true,
- * but is unproven and untested. Besides, 0 skips the work involved
- * making the calculation unlike when using 100.
- *
- * The (admittedly limited) testing that's been done suggests a useful working range
- * of 50 to 60. You can set it lower than 50, but site users will probably start
- * to complain about the large number of proposed passwords getting rejected.
- * At around 60 or more it starts to see pairs like 'captain joe' and 'joe*captain' as
- * perfectly acceptable which clearly they are not.
- *
- *
- * To disable similarity checking set the value to 0.
- * public $maxSimilarity = 0;
- *
- * @var int
- */
- public $maxSimilarity = 50;
-
- /**
- * --------------------------------------------------------------------
- * Allow User Registration
- * --------------------------------------------------------------------
- *
- * When enabled (default) any unregistered user may apply for a new
- * account. If you disable registration you may need to ensure your
- * controllers and views know not to offer registration.
- *
- * @var bool
- */
- public $allowRegistration = true;
-
- /**
- * --------------------------------------------------------------------
- * Require Confirmation Registration via Email
- * --------------------------------------------------------------------
- *
- * When enabled, every registered user will receive an email message
- * with an activation link to confirm the account.
- *
- * @var string|null Name of the ActivatorInterface class
- */
- public $requireActivation = 'Myth\Auth\Authentication\Activators\EmailActivator';
-
- /**
- * --------------------------------------------------------------------
- * Allow Password Reset via Email
- * --------------------------------------------------------------------
- *
- * When enabled, users will have the option to reset their password
- * via the specified Resetter. Default setting is email.
- *
- * @var string|null Name of the ResetterInterface class
- */
- public $activeResetter = 'Myth\Auth\Authentication\Resetters\EmailResetter';
-
- /**
- * --------------------------------------------------------------------
- * Allow Persistent Login Cookies (Remember me)
- * --------------------------------------------------------------------
- *
- * While every attempt has been made to create a very strong protection
- * with the remember me system, there are some cases (like when you
- * need extreme protection, like dealing with users financials) that
- * you might not want the extra risk associated with this cookie-based
- * solution.
- *
- * @var bool
- */
- public $allowRemembering = false;
-
- /**
- * --------------------------------------------------------------------
- * Remember Length
- * --------------------------------------------------------------------
- *
- * The amount of time, in seconds, that you want a login to last for.
- * Defaults to 30 days.
- *
- * @var int
- */
- public $rememberLength = 30 * DAY;
-
- /**
- * --------------------------------------------------------------------
- * Error handling
- * --------------------------------------------------------------------
- *
- * If true, will continue instead of throwing exceptions.
- *
- * @var bool
- */
- public $silent = false;
-
- /**
- * --------------------------------------------------------------------
- * Encryption Algorithm to Use
- * --------------------------------------------------------------------
- *
- * Valid values are
- * - PASSWORD_DEFAULT (default)
- * - PASSWORD_BCRYPT
- * - PASSWORD_ARGON2I - As of PHP 7.2 only if compiled with support for it
- * - PASSWORD_ARGON2ID - As of PHP 7.3 only if compiled with support for it
- *
- * If you choose to use any ARGON algorithm, then you might want to
- * uncomment the "ARGON2i/D Algorithm" options to suit your needs
- *
- * @var int|string
- */
- public $hashAlgorithm = PASSWORD_DEFAULT;
-
- /**
- * --------------------------------------------------------------------
- * ARGON2i/D Algorithm options
- * --------------------------------------------------------------------
- *
- * The ARGON2I method of encryption allows you to define the "memory_cost",
- * the "time_cost" and the number of "threads", whenever a password hash is
- * created.
- *
- * This defaults to a value of 10 which is an acceptable number.
- * However, depending on the security needs of your application
- * and the power of your hardware, you might want to increase the
- * cost. This makes the hashing process takes longer.
- */
-
- /**
- * @var int
- */
- public $hashMemoryCost = 2048; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST;
-
- /**
- * @var int
- */
- public $hashTimeCost = 4; // PASSWORD_ARGON2_DEFAULT_TIME_COST;
-
- /**
- * @var int
- */
- public $hashThreads = 4; // PASSWORD_ARGON2_DEFAULT_THREADS;
-
- /**
- * --------------------------------------------------------------------
- * Password Hashing Cost
- * --------------------------------------------------------------------
- *
- * The BCRYPT method of encryption allows you to define the "cost"
- * or number of iterations made, whenever a password hash is created.
- * This defaults to a value of 10 which is an acceptable number.
- * However, depending on the security needs of your application
- * and the power of your hardware, you might want to increase the
- * cost. This makes the hashing process takes longer.
- *
- * Valid range is between 4 - 31.
- *
- * @var int
- */
- public $hashCost = 10;
-
- /**
- * --------------------------------------------------------------------
- * Minimum Password Length
- * --------------------------------------------------------------------
- *
- * The minimum length that a password must be to be accepted.
- * Recommended minimum value by NIST = 8 characters.
- *
- * @var int
- */
- public $minimumPasswordLength = 8;
-
- /**
- * --------------------------------------------------------------------
- * Password Check Helpers
- * --------------------------------------------------------------------
- *
- * The PasswordValidator class runs the password through all of these
- * classes, each getting the opportunity to pass/fail the password.
- *
- * You can add custom classes as long as they adhere to the
- * Password\ValidatorInterface.
- *
- * @var string[]
- */
- public $passwordValidators = [
- 'Myth\Auth\Authentication\Passwords\CompositionValidator',
- 'Myth\Auth\Authentication\Passwords\NothingPersonalValidator',
- 'Myth\Auth\Authentication\Passwords\DictionaryValidator',
- // 'Myth\Auth\Authentication\Passwords\PwnedValidator',
- ];
-
- /**
- * --------------------------------------------------------------------
- * Activator classes
- * --------------------------------------------------------------------
- *
- * Available activators with config settings
- *
- * @var array
- */
- public $userActivators = [
- 'Myth\Auth\Authentication\Activators\EmailActivator' => [
- 'fromEmail' => null,
- 'fromName' => null,
- ],
- ];
-
- /**
- * --------------------------------------------------------------------
- * Resetter Classes
- * --------------------------------------------------------------------
- *
- * Available resetters with config settings
- *
- * @var array
- */
- public $userResetters = [
- 'Myth\Auth\Authentication\Resetters\EmailResetter' => [
- 'fromEmail' => null,
- 'fromName' => null,
- ],
- ];
-
- /**
- * --------------------------------------------------------------------
- * Reset Time
- * --------------------------------------------------------------------
- *
- * The amount of time that a password reset-token is valid for,
- * in seconds.
- *
- * @var int
- */
- public $resetTime = 3600;
- }
|