From 94ec23406d773134aaa3e5889bed867909490a8f Mon Sep 17 00:00:00 2001 From: Pooya Parsa Dadashi Date: Sun, 16 Feb 2025 03:21:13 +0330 Subject: [PATCH 1/3] refactor: load config once in the constructor for better efficiency --- .../Authenticators/HmacSha256.php | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/Authentication/Authenticators/HmacSha256.php b/src/Authentication/Authenticators/HmacSha256.php index 482562f01..2a442e318 100644 --- a/src/Authentication/Authenticators/HmacSha256.php +++ b/src/Authentication/Authenticators/HmacSha256.php @@ -19,6 +19,7 @@ use CodeIgniter\Shield\Authentication\AuthenticatorInterface; use CodeIgniter\Shield\Authentication\HMAC\HmacEncrypter; use CodeIgniter\Shield\Config\Auth; +use CodeIgniter\Shield\Config\AuthToken; use CodeIgniter\Shield\Entities\User; use CodeIgniter\Shield\Exceptions\InvalidArgumentException; use CodeIgniter\Shield\Models\TokenLoginModel; @@ -32,6 +33,7 @@ class HmacSha256 implements AuthenticatorInterface protected ?User $user = null; protected TokenLoginModel $loginModel; + protected AuthToken $authTokenConfig; /** * @param UserModel $provider The persistence engine @@ -39,7 +41,8 @@ class HmacSha256 implements AuthenticatorInterface public function __construct( protected UserModel $provider, ) { - $this->loginModel = model(TokenLoginModel::class); + $this->authTokenConfig = config('AuthToken'); + $this->loginModel = model(TokenLoginModel::class); } /** @@ -50,8 +53,6 @@ public function __construct( */ public function attempt(array $credentials): Result { - $config = config('AuthToken'); - /** @var IncomingRequest $request */ $request = service('request'); @@ -61,7 +62,7 @@ public function attempt(array $credentials): Result $result = $this->check($credentials); if (! $result->isOK()) { - if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) { + if ($this->authTokenConfig->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) { // Record all failed login attempts. $this->loginModel->recordLoginAttempt( self::ID_TYPE_HMAC_TOKEN, @@ -79,7 +80,7 @@ public function attempt(array $credentials): Result $token = $user->getHmacToken($this->getHmacKeyFromToken()); if ($user->isBanned()) { - if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) { + if ($this->authTokenConfig->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) { // Record a banned login attempt. $this->loginModel->recordLoginAttempt( self::ID_TYPE_HMAC_TOKEN, @@ -103,7 +104,7 @@ public function attempt(array $credentials): Result $this->login($user); - if ($config->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) { + if ($this->authTokenConfig->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) { // Record a successful login attempt. $this->loginModel->recordLoginAttempt( self::ID_TYPE_HMAC_TOKEN, @@ -132,7 +133,7 @@ public function check(array $credentials): Result 'success' => false, 'reason' => lang( 'Auth.noToken', - [config('AuthToken')->authenticatorHeader['hmac']], + [$this->authTokenConfig->authenticatorHeader['hmac']], ), ]); } @@ -174,7 +175,7 @@ public function check(array $credentials): Result if ( isset($token->last_used_at) && $token->last_used_at->isBefore( - Time::now()->subSeconds(config('AuthToken')->unusedTokenLifetime), + Time::now()->subSeconds($this->authTokenConfig->unusedTokenLifetime), ) ) { return new Result([ @@ -215,7 +216,7 @@ public function loggedIn(): bool return $this->attempt([ 'token' => $request->getHeaderLine( - config('AuthToken')->authenticatorHeader['hmac'], + $this->authTokenConfig->authenticatorHeader['hmac'], ), ])->isOK(); } @@ -276,7 +277,7 @@ public function getFullHmacToken(): ?string /** @var IncomingRequest $request */ $request = service('request'); - $header = $request->getHeaderLine(config('AuthToken')->authenticatorHeader['hmac']); + $header = $request->getHeaderLine($this->authTokenConfig->authenticatorHeader['hmac']); if ($header === '') { return null; From fd89a5dc434ebb204f35c29621f0261ff578a7d9 Mon Sep 17 00:00:00 2001 From: Pooya Parsa Dadashi Date: Sun, 16 Feb 2025 03:51:48 +0330 Subject: [PATCH 2/3] refactor: load config once in the constructor --- .../Authenticators/AccessTokens.php | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/Authentication/Authenticators/AccessTokens.php b/src/Authentication/Authenticators/AccessTokens.php index ce86155a9..40d824ac7 100644 --- a/src/Authentication/Authenticators/AccessTokens.php +++ b/src/Authentication/Authenticators/AccessTokens.php @@ -18,6 +18,7 @@ use CodeIgniter\Shield\Authentication\AuthenticationException; use CodeIgniter\Shield\Authentication\AuthenticatorInterface; use CodeIgniter\Shield\Config\Auth; +use CodeIgniter\Shield\Config\AuthToken; use CodeIgniter\Shield\Entities\User; use CodeIgniter\Shield\Exceptions\InvalidArgumentException; use CodeIgniter\Shield\Models\TokenLoginModel; @@ -29,6 +30,7 @@ class AccessTokens implements AuthenticatorInterface { public const ID_TYPE_ACCESS_TOKEN = 'access_token'; + protected AuthToken $authTokenConfig; protected ?User $user = null; protected TokenLoginModel $loginModel; @@ -38,7 +40,8 @@ class AccessTokens implements AuthenticatorInterface public function __construct( protected UserModel $provider, ) { - $this->loginModel = model(TokenLoginModel::class); + $this->authTokenConfig = config('AuthToken'); + $this->loginModel = model(TokenLoginModel::class); } /** @@ -49,8 +52,6 @@ public function __construct( */ public function attempt(array $credentials): Result { - $config = config('AuthToken'); - /** @var IncomingRequest $request */ $request = service('request'); @@ -60,7 +61,7 @@ public function attempt(array $credentials): Result $result = $this->check($credentials); if (! $result->isOK()) { - if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) { + if ($this->authTokenConfig->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) { // Record all failed login attempts. $this->loginModel->recordLoginAttempt( self::ID_TYPE_ACCESS_TOKEN, @@ -78,7 +79,7 @@ public function attempt(array $credentials): Result $token = $user->getAccessToken($this->getBearerToken()); if ($user->isBanned()) { - if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) { + if ($this->authTokenConfig->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) { // Record a banned login attempt. $this->loginModel->recordLoginAttempt( self::ID_TYPE_ACCESS_TOKEN, @@ -102,7 +103,7 @@ public function attempt(array $credentials): Result $this->login($user); - if ($config->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) { + if ($this->authTokenConfig->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) { // Record a successful login attempt. $this->loginModel->recordLoginAttempt( self::ID_TYPE_ACCESS_TOKEN, @@ -131,7 +132,7 @@ public function check(array $credentials): Result 'success' => false, 'reason' => lang( 'Auth.noToken', - [config('AuthToken')->authenticatorHeader['tokens']], + [$this->authTokenConfig->authenticatorHeader['tokens']], ), ]); } @@ -158,7 +159,7 @@ public function check(array $credentials): Result if ( $token->last_used_at && $token->last_used_at->isBefore( - Time::now()->subSeconds(config('AuthToken')->unusedTokenLifetime), + Time::now()->subSeconds($this->authTokenConfig->unusedTokenLifetime), ) ) { return new Result([ @@ -199,7 +200,7 @@ public function loggedIn(): bool return $this->attempt([ 'token' => $request->getHeaderLine( - config('AuthToken')->authenticatorHeader['tokens'], + $this->authTokenConfig->authenticatorHeader['tokens'], ), ])->isOK(); } @@ -258,7 +259,7 @@ public function getBearerToken(): ?string /** @var IncomingRequest $request */ $request = service('request'); - $header = $request->getHeaderLine(config('AuthToken')->authenticatorHeader['tokens']); + $header = $request->getHeaderLine($this->authTokenConfig->authenticatorHeader['tokens']); if (empty($header)) { return null; From 03821fe0068d1d287bef1495737f918fb9f4c3b1 Mon Sep 17 00:00:00 2001 From: Pooya Parsa Dadashi Date: Sun, 16 Feb 2025 04:00:12 +0330 Subject: [PATCH 3/3] refactor: load config once in the constructor --- src/Authentication/Authenticators/JWT.php | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/src/Authentication/Authenticators/JWT.php b/src/Authentication/Authenticators/JWT.php index 61deddb20..dc3e3c6d6 100644 --- a/src/Authentication/Authenticators/JWT.php +++ b/src/Authentication/Authenticators/JWT.php @@ -40,6 +40,7 @@ class JWT implements AuthenticatorInterface */ public const ID_TYPE_JWT = 'jwt'; + protected AuthJWT $authJWTConfig; protected ?User $user = null; protected JWTManager $jwtManager; protected TokenLoginModel $tokenLoginModel; @@ -56,6 +57,7 @@ class JWT implements AuthenticatorInterface public function __construct( protected UserModel $provider, ) { + $this->authJWTConfig = config('AuthJWT'); $this->jwtManager = service('jwtmanager'); $this->tokenLoginModel = model(TokenLoginModel::class); } @@ -68,9 +70,6 @@ public function __construct( */ public function attempt(array $credentials): Result { - /** @var AuthJWT $config */ - $config = config('AuthJWT'); - /** @var IncomingRequest $request */ $request = service('request'); @@ -80,7 +79,7 @@ public function attempt(array $credentials): Result $result = $this->check($credentials); if (! $result->isOK()) { - if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) { + if ($this->authJWTConfig->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) { // Record a failed login attempt. $this->tokenLoginModel->recordLoginAttempt( self::ID_TYPE_JWT, @@ -97,7 +96,7 @@ public function attempt(array $credentials): Result $user = $result->extraInfo(); if ($user->isBanned()) { - if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) { + if ($this->authJWTConfig->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) { // Record a banned login attempt. $this->tokenLoginModel->recordLoginAttempt( self::ID_TYPE_JWT, @@ -119,7 +118,7 @@ public function attempt(array $credentials): Result $this->login($user); - if ($config->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) { + if ($this->authJWTConfig->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) { // Record a successful login attempt. $this->tokenLoginModel->recordLoginAttempt( self::ID_TYPE_JWT, @@ -150,7 +149,7 @@ public function check(array $credentials): Result 'success' => false, 'reason' => lang( 'Auth.noToken', - [config('AuthJWT')->authenticatorHeader], + [$this->authJWTConfig->authenticatorHeader], ), ]); } @@ -218,11 +217,8 @@ public function getTokenFromRequest(RequestInterface $request): string { assert($request instanceof IncomingRequest); - /** @var AuthJWT $config */ - $config = config('AuthJWT'); - $tokenHeader = $request->getHeaderLine( - $config->authenticatorHeader ?? 'Authorization', + $this->authJWTConfig->authenticatorHeader ?? 'Authorization', ); if (str_starts_with($tokenHeader, 'Bearer')) {