FilesExpand file tree

 develop

/

AuthToken.php

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

136 lines (124 loc) · 4.88 KB

 develop

/

AuthToken.php

Top

File metadata and controls

• Code
• Blame

136 lines (124 loc) · 4.88 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

<?php

declare(strict_types=1);

/**

* This file is part of CodeIgniter Shield.

*

* (c) CodeIgniter Foundation <admin@codeigniter.com>

*

* For the full copyright and license information, please view

* the LICENSE file that was distributed with this source code.

*/

namespace CodeIgniter\Shield\Config;

/**

* Configuration for Token Auth and HMAC Auth

*/

class AuthToken extends BaseAuthToken

{

/**

* --------------------------------------------------------------------

* Record Login Attempts for Token Auth and HMAC Auth

* --------------------------------------------------------------------

* Specify which login attempts are recorded in the database.

*

* Valid values are:

* - Auth::RECORD_LOGIN_ATTEMPT_NONE

* - Auth::RECORD_LOGIN_ATTEMPT_FAILURE

* - Auth::RECORD_LOGIN_ATTEMPT_ALL

*/

public int $recordLoginAttempt = Auth::RECORD_LOGIN_ATTEMPT_FAILURE;

/**

* --------------------------------------------------------------------

* Name of Authenticator Header

* --------------------------------------------------------------------

* The name of Header that the Authorization token should be found.

* According to the specs, this should be `Authorization`, but rare

* circumstances might need a different header.

*/

public array $authenticatorHeader = [

'tokens' => 'Authorization',

'hmac' => 'Authorization',

];

/**

* --------------------------------------------------------------------

* Unused Token Lifetime for Token Auth and HMAC Auth

* --------------------------------------------------------------------

* Determines the amount of time, in seconds, that an unused token can

* be used.

*/

public int $unusedTokenLifetime = YEAR;

/**

* --------------------------------------------------------------------

* Secret2 storage character limit

* --------------------------------------------------------------------

* Database size limit for the identities 'secret2' field.

*/

public int $secret2StorageLimit = 255;

/**

* --------------------------------------------------------------------

* HMAC secret key byte size

* --------------------------------------------------------------------

* Specify in integer the desired byte size of the

* HMAC SHA256 byte size

*/

public int $hmacSecretKeyByteSize = 32;

/**

* --------------------------------------------------------------------

* HMAC encryption Keys

* --------------------------------------------------------------------

* This sets the key to be used when encrypting a user's HMAC Secret Key.

*

* 'keys' is an array of keys which will facilitate key rotation. Valid

* keyTitles must include only [a-zA-Z0-9_] and should be kept to a

* max of 8 characters.

*

* Each keyTitle is an associative array containing the required 'key'

* value, and the optional 'driver' and 'digest' values. If the

* 'driver' and 'digest' values are not specified, the default 'driver'

* and 'digest' values will be used.

*

* Old keys will are used to decrypt existing Secret Keys. It is encouraged

* to run 'php spark shield:hmac reencrypt' to update existing Secret

* Key encryptions.

*

* @see https://codeigniter.com/user_guide/libraries/encryption.html

*

* @var array<string, array{key: string, driver?: string, digest?: string}>|string

*

* NOTE: The value becomes temporarily a string when setting value as JSON

* from environment variable.

*

* [key_name => ['key' => key_value]]

* or [key_name => ['key' => key_value, 'driver' => driver, 'digest' => digest]]

*/

public $hmacEncryptionKeys = [

'k1' => [

'key' => '',

],

];

/**

* --------------------------------------------------------------------

* HMAC Current Encryption Key Selector

* --------------------------------------------------------------------

* This specifies which of the encryption keys should be used.

*/

public string $hmacEncryptionCurrentKey = 'k1';

/**

* --------------------------------------------------------------------

* HMAC Encryption Key Driver

* --------------------------------------------------------------------

* This specifies which of the encryption drivers should be used.

*

* Available drivers:

* - OpenSSL

* - Sodium

*/

public string $hmacEncryptionDefaultDriver = 'OpenSSL';

/**

* --------------------------------------------------------------------

* HMAC Encryption Key Driver

* --------------------------------------------------------------------

* THis specifies the type of encryption to be used.

* e.g. 'SHA512' or 'SHA256'.

*/

public string $hmacEncryptionDefaultDigest = 'SHA512';

}