Merge pull request #97 from CakeDC/feature/magic-link

steinkel · web-flow · commit 51bf070e1633 · 2025-03-06T11:50:24.000Z
Add OneTimetokenAuthenticator as part of the magic link feature
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,30 +7,35 @@ on:
 
 jobs:
   testsuite:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
-        php-version: ['8.1', '8.2']
+        php-version: ['8.1', '8.2', '8.3', '8.4']
         db-type: [sqlite, mysql, pgsql]
         prefer-lowest: ['']
 
     steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
       - name: Setup MySQL latest
         if: matrix.db-type == 'mysql'
-        run: docker run --rm --name=mysqld -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=cakephp -p 3306:3306 -d mysql --default-authentication-plugin=mysql_native_password --disable-log-bin
+        run: |
+          sudo service mysql start
+          mysql -h 127.0.0.1 -u root -proot -e 'CREATE DATABASE cakephp;'
+
 
       - name: Setup PostgreSQL latest
         if: matrix.db-type == 'pgsql'
         run: docker run --rm --name=postgres -e POSTGRES_PASSWORD=postgres -e POSTGRES_DB=cakephp -p 5432:5432 -d postgres
 
-      - uses: actions/checkout@v2
-
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php-version }}
-          extensions: mbstring, intl, apcu, memcached, redis, pdo_${{ matrix.db-type }}
+          extensions: mbstring, intl, apcu, memcached, redis, pdo_${{ matrix.db-type }}, ${{ matrix.db-type }}
           ini-values: apc.enable_cli = 1
           coverage: pcov
 
@@ -43,7 +48,7 @@ jobs:
         run: echo "::set-output name=date::$(date +'%Y-%m')"
 
       - name: Cache composer dependencies
-        uses: actions/cache@v1
+        uses: actions/cache@v4
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
           key: ${{ runner.os }}-composer-${{ steps.key-date.outputs.date }}-${{ hashFiles('composer.json') }}-${{ matrix.prefer-lowest }}
@@ -57,22 +62,22 @@ jobs:
           fi
 
       - name: Setup problem matchers for PHPUnit
-        if: matrix.php-version == '8.1' && matrix.db-type == 'mysql'
+        if: matrix.php-version == '8.2' && matrix.db-type == 'mysql'
         run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
 
       - name: Run PHPUnit
         run: |
           if [[ ${{ matrix.db-type }} == 'sqlite' ]]; then export DB_URL='sqlite:///:memory:'; fi
-          if [[ ${{ matrix.db-type }} == 'mysql' ]]; then export DB_URL='mysql://root:root@127.0.0.1/cakephp'; fi
+          if [[ ${{ matrix.db-type }} == 'mysql' ]]; then export DB_URL='mysql://root:root@127.0.0.1/cakephp?encoding=utf8'; fi
           if [[ ${{ matrix.db-type }} == 'pgsql' ]]; then export DB_URL='postgres://postgres:postgres@127.0.0.1/postgres'; fi
-          if [[ ${{ matrix.php-version }} == '8.1' ]]; then
+          if [[ ${{ matrix.php-version }} == '8.2' ]]; then
             export CODECOVERAGE=1 && vendor/bin/phpunit --coverage-clover=coverage.xml
           else
             vendor/bin/phpunit
           fi
 
       - name: Submit code coverage
-        if: matrix.php-version == '8.1'
+        if: matrix.php-version == '8.2'
         uses: codecov/codecov-action@v1
 
   cs-stan:
@@ -85,7 +90,7 @@ jobs:
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '8.1'
+          php-version: '8.2'
           extensions: mbstring, intl, apcu, memcached, redis
           tools: cs2pr
           coverage: none
@@ -99,7 +104,7 @@ jobs:
         run: echo "::set-output name=date::$(date +'%Y-%m')"
 
       - name: Cache composer dependencies
-        uses: actions/cache@v1
+        uses: actions/cache@v4
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
           key: ${{ runner.os }}-composer-${{ steps.key-date.outputs.date }}-${{ hashFiles('composer.json') }}-${{ matrix.prefer-lowest }}
diff --git a/Docs/Documentation/TwoFactor.md b/Docs/Documentation/TwoFactor.md
@@ -8,6 +8,14 @@ Configuration
 
 Processors defined as Configure storage with key `TwoFactorProcessors`
 
+By default `\RobThree\Auth\Providers\Qr\EndroidQrCodeProvider` is used.
+
+You can disable it by adding this to any config file:
+
+`OneTimePasswordAuthenticator.qrcodeprovider` => `YOUR QR CODE PROVIDER`
+
+To get a list of available providers please visit [RobThree/TwoFactorAuth](https://robthree.github.io/TwoFactorAuth/qr-codes.html) documentation.
+
 
 Processors
 -------------
diff --git a/composer.json b/composer.json
@@ -26,18 +26,19 @@
         "source": "https://github.com/CakeDC/auth"
     },
     "require": {
-        "php": ">=8.1.0",
+        "php": ">=8.1",
         "cakephp/cakephp": "^5.0"
     },
     "require-dev": {
         "phpunit/phpunit": "^10.0",
+        "endroid/qr-code": "^6.0 || ^5.0",
         "league/oauth2-facebook": "@stable",
         "league/oauth2-instagram": "@stable",
         "league/oauth2-google": "@stable",
         "league/oauth2-linkedin": "@stable",
         "luchianenco/oauth2-amazon": "^1.1",
         "google/recaptcha": "@stable",
-        "robthree/twofactorauth": "^2.0",
+        "robthree/twofactorauth": "^3.0 || ^2.0",
         "league/oauth1-client": "^1.7",
         "cakephp/authorization": "^3.0",
         "cakephp/cakephp-codesniffer": "^5.0",
diff --git a/config/auth.php b/config/auth.php
@@ -108,7 +108,7 @@
         // The algorithm used
         'algorithm' => \RobThree\Auth\Algorithm::Sha1,
         // QR-code provider (more on this later)
-        'qrcodeprovider' => null,
+        'qrcodeprovider' => new \RobThree\Auth\Providers\Qr\EndroidQrCodeProvider(),
         // Random Number Generator provider (more on this later)
         'rngprovider' => null
     ],
diff --git a/src/Authenticator/OneTimeTokenAuthenticator.php b/src/Authenticator/OneTimeTokenAuthenticator.php
@@ -0,0 +1,41 @@
+<?php
+declare(strict_types=1);
+
+namespace CakeDC\Auth\Authenticator;
+
+use Authentication\Authenticator\AbstractAuthenticator;
+use Authentication\Authenticator\AuthenticatorInterface;
+use Authentication\Authenticator\Result;
+use Authentication\Authenticator\ResultInterface;
+use Cake\Core\Configure;
+use Cake\ORM\TableRegistry;
+use Psr\Http\Message\ServerRequestInterface;
+
+class OneTimeTokenAuthenticator extends AbstractAuthenticator implements AuthenticatorInterface
+{
+    /**
+     * @inheritDoc
+     */
+    public function authenticate(ServerRequestInterface $request): ResultInterface
+    {
+        /** @var \Cake\Http\ServerRequest $request */
+        $token = $request->getQuery('token') ?: $request->getData('token');
+        if (is_array($token)) {
+            $token = join($token);
+        }
+
+        if (!$token) {
+            return new Result(null, Result::FAILURE_CREDENTIALS_MISSING);
+        }
+
+        $usersTable = TableRegistry::getTableLocator()->get(Configure::read('Users.table'));
+
+        $user = $usersTable->loginWithToken($token);
+
+        if (!$user) {
+            return new Result(null, Result::FAILURE_CREDENTIALS_MISSING);
+        }
+
+        return new Result($user, Result::SUCCESS);
+    }
+}
diff --git a/src/Controller/Component/OneTimePasswordAuthenticatorComponent.php b/src/Controller/Component/OneTimePasswordAuthenticatorComponent.php
@@ -41,12 +41,12 @@ public function initialize(array $config): void
 
         if (Configure::read('OneTimePasswordAuthenticator.login')) {
             $this->tfa = new TwoFactorAuth(
-                Configure::read('OneTimePasswordAuthenticator.issuer'),
-                Configure::read('OneTimePasswordAuthenticator.digits'),
-                Configure::read('OneTimePasswordAuthenticator.period'),
-                Configure::read('OneTimePasswordAuthenticator.algorithm'),
-                Configure::read('OneTimePasswordAuthenticator.qrcodeprovider'),
-                Configure::read('OneTimePasswordAuthenticator.rngprovider')
+                qrcodeprovider: Configure::read('OneTimePasswordAuthenticator.qrcodeprovider'),
+                issuer: Configure::read('OneTimePasswordAuthenticator.issuer'),
+                digits: Configure::read('OneTimePasswordAuthenticator.digits'),
+                period: Configure::read('OneTimePasswordAuthenticator.period'),
+                algorithm: Configure::read('OneTimePasswordAuthenticator.algorithm'),
+                rngprovider: Configure::read('OneTimePasswordAuthenticator.rngprovider')
             );
         }
     }
diff --git a/tests/TestCase/Authenticator/CookieAuthenticatorTest.php b/tests/TestCase/Authenticator/CookieAuthenticatorTest.php
@@ -82,7 +82,7 @@ public function testPersistIdentity($setCookie, $field, array $post, array $sess
         $this->assertInstanceOf(RequestInterface::class, $result['request']);
         $this->assertInstanceOf(ResponseInterface::class, $result['response']);
         if ($setCookie) {
-            $this->assertStringContainsString('CookieAuth=%5B%22johndoe%22%2C%22%242y%2410%24', $result['response']->getHeaderLine('Set-Cookie'));
+            $this->assertStringContainsString('CookieAuth=%5B%22johndoe%22%2C%22%242y%24', $result['response']->getHeaderLine('Set-Cookie'));
         } else {
             $this->assertStringNotContainsString('CookieAuth', $result['response']->getHeaderLine('Set-Cookie'));
         }

Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,7 @@ public function testPersistIdentity($setCookie, $field, array $post, array $sess`
`82`	`82`	`$this->assertInstanceOf(RequestInterface::class, $result['request']);`
`83`	`83`	`$this->assertInstanceOf(ResponseInterface::class, $result['response']);`
`84`	`84`	`if ($setCookie) {`
`85`		`- $this->assertStringContainsString('CookieAuth=%5B%22johndoe%22%2C%22%242y%2410%24', $result['response']->getHeaderLine('Set-Cookie'));`
	`85`	`+ $this->assertStringContainsString('CookieAuth=%5B%22johndoe%22%2C%22%242y%24', $result['response']->getHeaderLine('Set-Cookie'));`
`86`	`86`	`} else {`
`87`	`87`	`$this->assertStringNotContainsString('CookieAuth', $result['response']->getHeaderLine('Set-Cookie'));`
`88`	`88`	`}`