You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

381 lines
13KB

  1. <?php
  2. namespace Config;
  3. class Auth extends \Myth\Auth\Config\Auth
  4. {
  5. /**
  6. * --------------------------------------------------------------------
  7. * Default User Group
  8. * --------------------------------------------------------------------
  9. *
  10. * The name of a group a user will be added to when they register,
  11. * i.e. $defaultUserGroup = 'guests'.
  12. *
  13. * @var string
  14. */
  15. public $defaultUserGroup;
  16. /**
  17. * --------------------------------------------------------------------
  18. * Landing Route
  19. * --------------------------------------------------------------------
  20. *
  21. * This is your landing page (route name) after user success to login,
  22. * i.e $landingRoute = 'dashboard'.
  23. *
  24. * If you set $silent = true the Permission and Role filters will
  25. * use this config too for the routing.
  26. *
  27. * @var string
  28. */
  29. public $landingRoute = '/';
  30. /**
  31. * --------------------------------------------------------------------
  32. * Reserverd Routes
  33. * --------------------------------------------------------------------
  34. *
  35. * The auth routes config is listed in here and you can customize it,
  36. * i.e. $reservedRoutes = ['forgot' => 'forgot-password'].
  37. *
  38. * Do Not Change The Key!!! Because it's the identity for routing.
  39. *
  40. * @var array
  41. */
  42. public $reservedRoutes = [
  43. 'login' => 'login',
  44. 'logout' => 'logout',
  45. 'register' => 'register',
  46. 'activate-account' => 'activate-account',
  47. 'resend-activate-account' => 'resend-activate-account',
  48. 'forgot' => 'forgot',
  49. 'reset-password' => 'reset-password',
  50. ];
  51. /**
  52. * --------------------------------------------------------------------
  53. * Libraries
  54. * --------------------------------------------------------------------
  55. *
  56. * @var array
  57. */
  58. public $authenticationLibs = [
  59. 'local' => 'Myth\Auth\Authentication\LocalAuthenticator',
  60. ];
  61. /**
  62. * --------------------------------------------------------------------
  63. * Views used by Auth Controllers
  64. * --------------------------------------------------------------------
  65. *
  66. * @var array
  67. */
  68. public $views = [
  69. 'login' => 'App\Views\Auth\login',
  70. 'register' => 'App\Views\Auth\register',
  71. 'forgot' => 'App\Views\Auth\forgot',
  72. 'reset' => 'App\Views\Auth\reset',
  73. 'emailForgot' => 'App\Views\Auth\emails\forgot',
  74. 'emailActivation' => 'App\Views\Auth\emails\activation',
  75. ];
  76. /**
  77. * --------------------------------------------------------------------
  78. * Layout for the views to extend
  79. * --------------------------------------------------------------------
  80. *
  81. * @var string
  82. */
  83. public $viewLayout = 'App\Views\Auth\layout';
  84. /**
  85. * --------------------------------------------------------------------
  86. * Authentication
  87. * --------------------------------------------------------------------
  88. *
  89. * Fields that are available to be used as credentials for login.
  90. *
  91. * @var string[]
  92. */
  93. public $validFields = [
  94. 'email',
  95. ];
  96. /**
  97. * --------------------------------------------------------------------
  98. * Additional Fields for "Nothing Personal"
  99. * --------------------------------------------------------------------
  100. *
  101. * The `NothingPersonalValidator` prevents personal information from
  102. * being used in passwords. The email and username fields are always
  103. * considered by the validator. Do not enter those field names here.
  104. *
  105. * An extend User Entity might include other personal info such as
  106. * first and/or last names. `$personalFields` is where you can add
  107. * fields to be considered as "personal" by the NothingPersonalValidator.
  108. *
  109. * For example:
  110. * $personalFields = ['firstname', 'lastname'];
  111. *
  112. * @var string[]
  113. */
  114. public $personalFields = [];
  115. /**
  116. * --------------------------------------------------------------------
  117. * Password / Username Similarity
  118. * --------------------------------------------------------------------
  119. *
  120. * Among other things, the NothingPersonalValidator checks the
  121. * amount of sameness between the password and username.
  122. * Passwords that are too much like the username are invalid.
  123. *
  124. * The value set for $maxSimilarity represents the maximum percentage
  125. * of similarity at which the password will be accepted. In other words, any
  126. * calculated similarity equal to, or greater than $maxSimilarity
  127. * is rejected.
  128. *
  129. * The accepted range is 0-100, with 0 (zero) meaning don't check similarity.
  130. * Using values at either extreme of the *working range* (1-100) is
  131. * not advised. The low end is too restrictive and the high end is too permissive.
  132. * The suggested value for $maxSimilarity is 50.
  133. *
  134. * You may be thinking that a value of 100 should have the effect of accepting
  135. * everything like a value of 0 does. That's logical and probably true,
  136. * but is unproven and untested. Besides, 0 skips the work involved
  137. * making the calculation unlike when using 100.
  138. *
  139. * The (admittedly limited) testing that's been done suggests a useful working range
  140. * of 50 to 60. You can set it lower than 50, but site users will probably start
  141. * to complain about the large number of proposed passwords getting rejected.
  142. * At around 60 or more it starts to see pairs like 'captain joe' and 'joe*captain' as
  143. * perfectly acceptable which clearly they are not.
  144. *
  145. *
  146. * To disable similarity checking set the value to 0.
  147. * public $maxSimilarity = 0;
  148. *
  149. * @var int
  150. */
  151. public $maxSimilarity = 50;
  152. /**
  153. * --------------------------------------------------------------------
  154. * Allow User Registration
  155. * --------------------------------------------------------------------
  156. *
  157. * When enabled (default) any unregistered user may apply for a new
  158. * account. If you disable registration you may need to ensure your
  159. * controllers and views know not to offer registration.
  160. *
  161. * @var bool
  162. */
  163. public $allowRegistration = true;
  164. /**
  165. * --------------------------------------------------------------------
  166. * Require Confirmation Registration via Email
  167. * --------------------------------------------------------------------
  168. *
  169. * When enabled, every registered user will receive an email message
  170. * with an activation link to confirm the account.
  171. *
  172. * @var string|null Name of the ActivatorInterface class
  173. */
  174. public $requireActivation = 'Myth\Auth\Authentication\Activators\EmailActivator';
  175. /**
  176. * --------------------------------------------------------------------
  177. * Allow Password Reset via Email
  178. * --------------------------------------------------------------------
  179. *
  180. * When enabled, users will have the option to reset their password
  181. * via the specified Resetter. Default setting is email.
  182. *
  183. * @var string|null Name of the ResetterInterface class
  184. */
  185. public $activeResetter = 'Myth\Auth\Authentication\Resetters\EmailResetter';
  186. /**
  187. * --------------------------------------------------------------------
  188. * Allow Persistent Login Cookies (Remember me)
  189. * --------------------------------------------------------------------
  190. *
  191. * While every attempt has been made to create a very strong protection
  192. * with the remember me system, there are some cases (like when you
  193. * need extreme protection, like dealing with users financials) that
  194. * you might not want the extra risk associated with this cookie-based
  195. * solution.
  196. *
  197. * @var bool
  198. */
  199. public $allowRemembering = false;
  200. /**
  201. * --------------------------------------------------------------------
  202. * Remember Length
  203. * --------------------------------------------------------------------
  204. *
  205. * The amount of time, in seconds, that you want a login to last for.
  206. * Defaults to 30 days.
  207. *
  208. * @var int
  209. */
  210. public $rememberLength = 30 * DAY;
  211. /**
  212. * --------------------------------------------------------------------
  213. * Error handling
  214. * --------------------------------------------------------------------
  215. *
  216. * If true, will continue instead of throwing exceptions.
  217. *
  218. * @var bool
  219. */
  220. public $silent = false;
  221. /**
  222. * --------------------------------------------------------------------
  223. * Encryption Algorithm to Use
  224. * --------------------------------------------------------------------
  225. *
  226. * Valid values are
  227. * - PASSWORD_DEFAULT (default)
  228. * - PASSWORD_BCRYPT
  229. * - PASSWORD_ARGON2I - As of PHP 7.2 only if compiled with support for it
  230. * - PASSWORD_ARGON2ID - As of PHP 7.3 only if compiled with support for it
  231. *
  232. * If you choose to use any ARGON algorithm, then you might want to
  233. * uncomment the "ARGON2i/D Algorithm" options to suit your needs
  234. *
  235. * @var int|string
  236. */
  237. public $hashAlgorithm = PASSWORD_DEFAULT;
  238. /**
  239. * --------------------------------------------------------------------
  240. * ARGON2i/D Algorithm options
  241. * --------------------------------------------------------------------
  242. *
  243. * The ARGON2I method of encryption allows you to define the "memory_cost",
  244. * the "time_cost" and the number of "threads", whenever a password hash is
  245. * created.
  246. *
  247. * This defaults to a value of 10 which is an acceptable number.
  248. * However, depending on the security needs of your application
  249. * and the power of your hardware, you might want to increase the
  250. * cost. This makes the hashing process takes longer.
  251. */
  252. /**
  253. * @var int
  254. */
  255. public $hashMemoryCost = 2048; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST;
  256. /**
  257. * @var int
  258. */
  259. public $hashTimeCost = 4; // PASSWORD_ARGON2_DEFAULT_TIME_COST;
  260. /**
  261. * @var int
  262. */
  263. public $hashThreads = 4; // PASSWORD_ARGON2_DEFAULT_THREADS;
  264. /**
  265. * --------------------------------------------------------------------
  266. * Password Hashing Cost
  267. * --------------------------------------------------------------------
  268. *
  269. * The BCRYPT method of encryption allows you to define the "cost"
  270. * or number of iterations made, whenever a password hash is created.
  271. * This defaults to a value of 10 which is an acceptable number.
  272. * However, depending on the security needs of your application
  273. * and the power of your hardware, you might want to increase the
  274. * cost. This makes the hashing process takes longer.
  275. *
  276. * Valid range is between 4 - 31.
  277. *
  278. * @var int
  279. */
  280. public $hashCost = 10;
  281. /**
  282. * --------------------------------------------------------------------
  283. * Minimum Password Length
  284. * --------------------------------------------------------------------
  285. *
  286. * The minimum length that a password must be to be accepted.
  287. * Recommended minimum value by NIST = 8 characters.
  288. *
  289. * @var int
  290. */
  291. public $minimumPasswordLength = 8;
  292. /**
  293. * --------------------------------------------------------------------
  294. * Password Check Helpers
  295. * --------------------------------------------------------------------
  296. *
  297. * The PasswordValidator class runs the password through all of these
  298. * classes, each getting the opportunity to pass/fail the password.
  299. *
  300. * You can add custom classes as long as they adhere to the
  301. * Password\ValidatorInterface.
  302. *
  303. * @var string[]
  304. */
  305. public $passwordValidators = [
  306. 'Myth\Auth\Authentication\Passwords\CompositionValidator',
  307. 'Myth\Auth\Authentication\Passwords\NothingPersonalValidator',
  308. 'Myth\Auth\Authentication\Passwords\DictionaryValidator',
  309. // 'Myth\Auth\Authentication\Passwords\PwnedValidator',
  310. ];
  311. /**
  312. * --------------------------------------------------------------------
  313. * Activator classes
  314. * --------------------------------------------------------------------
  315. *
  316. * Available activators with config settings
  317. *
  318. * @var array
  319. */
  320. public $userActivators = [
  321. 'Myth\Auth\Authentication\Activators\EmailActivator' => [
  322. 'fromEmail' => null,
  323. 'fromName' => null,
  324. ],
  325. ];
  326. /**
  327. * --------------------------------------------------------------------
  328. * Resetter Classes
  329. * --------------------------------------------------------------------
  330. *
  331. * Available resetters with config settings
  332. *
  333. * @var array
  334. */
  335. public $userResetters = [
  336. 'Myth\Auth\Authentication\Resetters\EmailResetter' => [
  337. 'fromEmail' => null,
  338. 'fromName' => null,
  339. ],
  340. ];
  341. /**
  342. * --------------------------------------------------------------------
  343. * Reset Time
  344. * --------------------------------------------------------------------
  345. *
  346. * The amount of time that a password reset-token is valid for,
  347. * in seconds.
  348. *
  349. * @var int
  350. */
  351. public $resetTime = 3600;
  352. }