25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Auth.php 13KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385
  1. <?php
  2. namespace Config;
  3. class Auth extends \Myth\Auth\Config\Auth
  4. {
  5. /**
  6. * --------------------------------------------------------------------
  7. * Default User Group
  8. * --------------------------------------------------------------------
  9. *
  10. * The name of a group a user will be added to when they register,
  11. * i.e. $defaultUserGroup = 'guests'.
  12. *
  13. * @var string
  14. */
  15. public $defaultUserGroup = 'Prestadores';
  16. /**
  17. * --------------------------------------------------------------------
  18. * Landing Route
  19. * --------------------------------------------------------------------
  20. *
  21. * This is your landing page (route name) after user success to login,
  22. * i.e $landingRoute = 'dashboard'.
  23. *
  24. * If you set $silent = true the Permission and Role filters will
  25. * use this config too for the routing.
  26. *
  27. * @var string
  28. */
  29. public $landingRoute = '/';
  30. /**
  31. * --------------------------------------------------------------------
  32. * Reserverd Routes
  33. * --------------------------------------------------------------------
  34. *
  35. * The auth routes config is listed in here and you can customize it,
  36. * i.e. $reservedRoutes = ['forgot' => 'forgot-password'].
  37. *
  38. * Do Not Change The Key!!! Because it's the identity for routing.
  39. *
  40. * @var array
  41. */
  42. public $reservedRoutes = [
  43. 'login' => 'login',
  44. 'logout' => 'logout',
  45. 'register' => 'register',
  46. 'activate-account' => 'activate-account',
  47. 'resend-activate-account' => 'resend-activate-account',
  48. 'forgot' => 'forgot',
  49. 'reset-password' => 'reset-password',
  50. // ADMIN AUTH
  51. // 'custom_route' => 'custom_route',
  52. 'admin_login' => 'admin_login',
  53. 'admin_logout' => 'admin_logout',
  54. ];
  55. /**
  56. * --------------------------------------------------------------------
  57. * Libraries
  58. * --------------------------------------------------------------------
  59. *
  60. * @var array
  61. */
  62. public $authenticationLibs = [
  63. 'local' => 'Myth\Auth\Authentication\LocalAuthenticator',
  64. ];
  65. /**
  66. * --------------------------------------------------------------------
  67. * Views used by Auth Controllers
  68. * --------------------------------------------------------------------
  69. *
  70. * @var array
  71. */
  72. public $views = [
  73. 'login' => 'App\Views\Auth\login',
  74. 'register' => 'App\Views\Auth\register',
  75. 'forgot' => 'App\Views\Auth\forgot',
  76. 'reset' => 'App\Views\Auth\reset',
  77. 'emailForgot' => 'App\Views\Auth\emails\forgot',
  78. 'emailActivation' => 'App\Views\Auth\emails\activation',
  79. ];
  80. /**
  81. * --------------------------------------------------------------------
  82. * Layout for the views to extend
  83. * --------------------------------------------------------------------
  84. *
  85. * @var string
  86. */
  87. public $viewLayout = 'App\Views\Auth\layout';
  88. /**
  89. * --------------------------------------------------------------------
  90. * Authentication
  91. * --------------------------------------------------------------------
  92. *
  93. * Fields that are available to be used as credentials for login.
  94. *
  95. * @var string[]
  96. */
  97. public $validFields = [
  98. 'email',
  99. ];
  100. /**
  101. * --------------------------------------------------------------------
  102. * Additional Fields for "Nothing Personal"
  103. * --------------------------------------------------------------------
  104. *
  105. * The `NothingPersonalValidator` prevents personal information from
  106. * being used in passwords. The email and username fields are always
  107. * considered by the validator. Do not enter those field names here.
  108. *
  109. * An extend User Entity might include other personal info such as
  110. * first and/or last names. `$personalFields` is where you can add
  111. * fields to be considered as "personal" by the NothingPersonalValidator.
  112. *
  113. * For example:
  114. * $personalFields = ['firstname', 'lastname'];
  115. *
  116. * @var string[]
  117. */
  118. public $personalFields = [];
  119. /**
  120. * --------------------------------------------------------------------
  121. * Password / Username Similarity
  122. * --------------------------------------------------------------------
  123. *
  124. * Among other things, the NothingPersonalValidator checks the
  125. * amount of sameness between the password and username.
  126. * Passwords that are too much like the username are invalid.
  127. *
  128. * The value set for $maxSimilarity represents the maximum percentage
  129. * of similarity at which the password will be accepted. In other words, any
  130. * calculated similarity equal to, or greater than $maxSimilarity
  131. * is rejected.
  132. *
  133. * The accepted range is 0-100, with 0 (zero) meaning don't check similarity.
  134. * Using values at either extreme of the *working range* (1-100) is
  135. * not advised. The low end is too restrictive and the high end is too permissive.
  136. * The suggested value for $maxSimilarity is 50.
  137. *
  138. * You may be thinking that a value of 100 should have the effect of accepting
  139. * everything like a value of 0 does. That's logical and probably true,
  140. * but is unproven and untested. Besides, 0 skips the work involved
  141. * making the calculation unlike when using 100.
  142. *
  143. * The (admittedly limited) testing that's been done suggests a useful working range
  144. * of 50 to 60. You can set it lower than 50, but site users will probably start
  145. * to complain about the large number of proposed passwords getting rejected.
  146. * At around 60 or more it starts to see pairs like 'captain joe' and 'joe*captain' as
  147. * perfectly acceptable which clearly they are not.
  148. *
  149. *
  150. * To disable similarity checking set the value to 0.
  151. * public $maxSimilarity = 0;
  152. *
  153. * @var int
  154. */
  155. public $maxSimilarity = 50;
  156. /**
  157. * --------------------------------------------------------------------
  158. * Allow User Registration
  159. * --------------------------------------------------------------------
  160. *
  161. * When enabled (default) any unregistered user may apply for a new
  162. * account. If you disable registration you may need to ensure your
  163. * controllers and views know not to offer registration.
  164. *
  165. * @var bool
  166. */
  167. public $allowRegistration = true;
  168. /**
  169. * --------------------------------------------------------------------
  170. * Require Confirmation Registration via Email
  171. * --------------------------------------------------------------------
  172. *
  173. * When enabled, every registered user will receive an email message
  174. * with an activation link to confirm the account.
  175. *
  176. * @var string|null Name of the ActivatorInterface class
  177. */
  178. public $requireActivation = 'Myth\Auth\Authentication\Activators\EmailActivator';
  179. /**
  180. * --------------------------------------------------------------------
  181. * Allow Password Reset via Email
  182. * --------------------------------------------------------------------
  183. *
  184. * When enabled, users will have the option to reset their password
  185. * via the specified Resetter. Default setting is email.
  186. *
  187. * @var string|null Name of the ResetterInterface class
  188. */
  189. public $activeResetter = 'Myth\Auth\Authentication\Resetters\EmailResetter';
  190. /**
  191. * --------------------------------------------------------------------
  192. * Allow Persistent Login Cookies (Remember me)
  193. * --------------------------------------------------------------------
  194. *
  195. * While every attempt has been made to create a very strong protection
  196. * with the remember me system, there are some cases (like when you
  197. * need extreme protection, like dealing with users financials) that
  198. * you might not want the extra risk associated with this cookie-based
  199. * solution.
  200. *
  201. * @var bool
  202. */
  203. public $allowRemembering = false;
  204. /**
  205. * --------------------------------------------------------------------
  206. * Remember Length
  207. * --------------------------------------------------------------------
  208. *
  209. * The amount of time, in seconds, that you want a login to last for.
  210. * Defaults to 30 days.
  211. *
  212. * @var int
  213. */
  214. public $rememberLength = 30 * DAY;
  215. /**
  216. * --------------------------------------------------------------------
  217. * Error handling
  218. * --------------------------------------------------------------------
  219. *
  220. * If true, will continue instead of throwing exceptions.
  221. *
  222. * @var bool
  223. */
  224. public $silent = false;
  225. /**
  226. * --------------------------------------------------------------------
  227. * Encryption Algorithm to Use
  228. * --------------------------------------------------------------------
  229. *
  230. * Valid values are
  231. * - PASSWORD_DEFAULT (default)
  232. * - PASSWORD_BCRYPT
  233. * - PASSWORD_ARGON2I - As of PHP 7.2 only if compiled with support for it
  234. * - PASSWORD_ARGON2ID - As of PHP 7.3 only if compiled with support for it
  235. *
  236. * If you choose to use any ARGON algorithm, then you might want to
  237. * uncomment the "ARGON2i/D Algorithm" options to suit your needs
  238. *
  239. * @var int|string
  240. */
  241. public $hashAlgorithm = PASSWORD_DEFAULT;
  242. /**
  243. * --------------------------------------------------------------------
  244. * ARGON2i/D Algorithm options
  245. * --------------------------------------------------------------------
  246. *
  247. * The ARGON2I method of encryption allows you to define the "memory_cost",
  248. * the "time_cost" and the number of "threads", whenever a password hash is
  249. * created.
  250. *
  251. * This defaults to a value of 10 which is an acceptable number.
  252. * However, depending on the security needs of your application
  253. * and the power of your hardware, you might want to increase the
  254. * cost. This makes the hashing process takes longer.
  255. */
  256. /**
  257. * @var int
  258. */
  259. public $hashMemoryCost = 2048; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST;
  260. /**
  261. * @var int
  262. */
  263. public $hashTimeCost = 4; // PASSWORD_ARGON2_DEFAULT_TIME_COST;
  264. /**
  265. * @var int
  266. */
  267. public $hashThreads = 4; // PASSWORD_ARGON2_DEFAULT_THREADS;
  268. /**
  269. * --------------------------------------------------------------------
  270. * Password Hashing Cost
  271. * --------------------------------------------------------------------
  272. *
  273. * The BCRYPT method of encryption allows you to define the "cost"
  274. * or number of iterations made, whenever a password hash is created.
  275. * This defaults to a value of 10 which is an acceptable number.
  276. * However, depending on the security needs of your application
  277. * and the power of your hardware, you might want to increase the
  278. * cost. This makes the hashing process takes longer.
  279. *
  280. * Valid range is between 4 - 31.
  281. *
  282. * @var int
  283. */
  284. public $hashCost = 10;
  285. /**
  286. * --------------------------------------------------------------------
  287. * Minimum Password Length
  288. * --------------------------------------------------------------------
  289. *
  290. * The minimum length that a password must be to be accepted.
  291. * Recommended minimum value by NIST = 8 characters.
  292. *
  293. * @var int
  294. */
  295. public $minimumPasswordLength = 8;
  296. /**
  297. * --------------------------------------------------------------------
  298. * Password Check Helpers
  299. * --------------------------------------------------------------------
  300. *
  301. * The PasswordValidator class runs the password through all of these
  302. * classes, each getting the opportunity to pass/fail the password.
  303. *
  304. * You can add custom classes as long as they adhere to the
  305. * Password\ValidatorInterface.
  306. *
  307. * @var string[]
  308. */
  309. public $passwordValidators = [
  310. 'Myth\Auth\Authentication\Passwords\CompositionValidator',
  311. 'Myth\Auth\Authentication\Passwords\NothingPersonalValidator',
  312. 'Myth\Auth\Authentication\Passwords\DictionaryValidator',
  313. // 'Myth\Auth\Authentication\Passwords\PwnedValidator',
  314. ];
  315. /**
  316. * --------------------------------------------------------------------
  317. * Activator classes
  318. * --------------------------------------------------------------------
  319. *
  320. * Available activators with config settings
  321. *
  322. * @var array
  323. */
  324. public $userActivators = [
  325. 'Myth\Auth\Authentication\Activators\EmailActivator' => [
  326. 'fromEmail' => null,
  327. 'fromName' => null,
  328. ],
  329. ];
  330. /**
  331. * --------------------------------------------------------------------
  332. * Resetter Classes
  333. * --------------------------------------------------------------------
  334. *
  335. * Available resetters with config settings
  336. *
  337. * @var array
  338. */
  339. public $userResetters = [
  340. 'Myth\Auth\Authentication\Resetters\EmailResetter' => [
  341. 'fromEmail' => null,
  342. 'fromName' => null,
  343. ],
  344. ];
  345. /**
  346. * --------------------------------------------------------------------
  347. * Reset Time
  348. * --------------------------------------------------------------------
  349. *
  350. * The amount of time that a password reset-token is valid for,
  351. * in seconds.
  352. *
  353. * @var int
  354. */
  355. public $resetTime = 3600;
  356. }