'\App\Views\auth\login', 'register' => '\App\Views\auth\register', 'layout' => '\App\Views\templates\header', 'action_email_2fa' => '\App\Views\auth\email_2fa_show', 'action_email_2fa_verify' => '\App\Views\auth\email_2fa_verify', 'action_email_2fa_email' => '\App\Views\auth\email\email_2fa_email', 'action_email_activate_show' => '\App\Views\auth\email_activate_show', 'action_email_activate_email' => '\App\Views\auth\email\email_activate_email', 'magic-link-login' => '\App\Views\auth\magic_link_form', 'magic-link-message' => '\App\Views\auth\magic_link_message', 'magic-link-email' => '\App\Views\auth\email\magic_link_email', 'set-password' => '\App\Views\auth\set_password', ]; /** * -------------------------------------------------------------------- * Redirect URLs * -------------------------------------------------------------------- * The default URL that a user will be redirected to after various auth * auth actions. This can be either of the following: * * 1. An absolute URL. E.g. http://example.com OR https://example.com * 2. A named route that can be accessed using `route_to()` or `url_to()` * 3. A URI path within the application. e.g 'admin', 'login', 'expath' * * If you need more flexibility you can override the `getUrl()` method * to apply any logic you may need. */ public array $redirects = [ 'register' => '/', 'login' => '/', 'logout' => 'login', 'force_reset' => '/set-password', 'permission_denied' => '/', 'group_denied' => '/', ]; /** * -------------------------------------------------------------------- * Authentication Actions * -------------------------------------------------------------------- * Specifies the class that represents an action to take after * the user logs in or registers a new account at the site. * * You must register actions in the order of the actions to be performed. * * Available actions with Shield: * - register: \CodeIgniter\Shield\Authentication\Actions\EmailActivator::class * - login: \CodeIgniter\Shield\Authentication\Actions\Email2FA::class * * @var array|null> */ public array $actions = [ 'register' => null,//\CodeIgniter\Shield\Authentication\Actions\EmailActivator::class 'login' => null, ]; /** * -------------------------------------------------------------------- * Authenticators * -------------------------------------------------------------------- * The available authentication systems, listed * with alias and class name. These can be referenced * by alias in the auth helper: * auth('tokens')->attempt($credentials); * * @var array> */ public array $authenticators = [ 'tokens' => AccessTokens::class, 'session' => Session::class, ]; /** * -------------------------------------------------------------------- * Name of Authenticator Header * -------------------------------------------------------------------- * The name of Header that the Authorization token should be found. * According to the specs, this should be `Authorization`, but rare * circumstances might need a different header. */ public array $authenticatorHeader = [ 'tokens' => 'Authorization', ]; /** * -------------------------------------------------------------------- * Unused Token Lifetime * -------------------------------------------------------------------- * Determines the amount of time, in seconds, that an unused * access token can be used. */ public int $unusedTokenLifetime = YEAR; /** * -------------------------------------------------------------------- * Default Authenticator * -------------------------------------------------------------------- * The Authenticator to use when none is specified. * Uses the $key from the $authenticators array above. */ public string $defaultAuthenticator = 'session'; /** * -------------------------------------------------------------------- * Authentication Chain * -------------------------------------------------------------------- * The Authenticators to test logged in status against * when using the 'chain' filter. Each Authenticator listed will be checked. * If no match is found, then the next in the chain will be checked. * * @var string[] * @phpstan-var list */ public array $authenticationChain = [ 'session', 'tokens', ]; /** * -------------------------------------------------------------------- * Allow Registration * -------------------------------------------------------------------- * Determines whether users can register for the site. */ public bool $allowRegistration = true; /** * -------------------------------------------------------------------- * Record Last Active Date * -------------------------------------------------------------------- * If true, will always update the `last_active` datetime for the * logged in user on every page request. */ public bool $recordActiveDate = true; /** * -------------------------------------------------------------------- * Allow Magic Link Logins * -------------------------------------------------------------------- * If true, will allow the use of "magic links" sent via the email * as a way to log a user in without the need for a password. * By default, this is used in place of a password reset flow, but * could be modified as the only method of login once an account * has been set up. */ public bool $allowMagicLinkLogins = true; /** * -------------------------------------------------------------------- * Magic Link Lifetime * -------------------------------------------------------------------- * Specifies the amount of time, in seconds, that a magic link is valid. * You can use Time Constants or any desired number. */ public int $magicLinkLifetime = HOUR; /** * -------------------------------------------------------------------- * Session Authenticator Configuration * -------------------------------------------------------------------- * These settings only apply if you are using the Session Authenticator * for authentication. * * - field The name of the key the current user info is stored in session * - allowRemembering Does the system allow use of "remember-me" * - rememberCookieName The name of the cookie to use for "remember-me" * - rememberLength The length of time, in seconds, to remember a user. * * @var array */ public array $sessionConfig = [ 'field' => 'user', 'allowRemembering' => true, 'rememberCookieName' => 'remember', 'rememberLength' => 30 * DAY, ]; /** * -------------------------------------------------------------------- * Minimum Password Length * -------------------------------------------------------------------- * The minimum length that a password must be to be accepted. * Recommended minimum value by NIST = 8 characters. */ public int $minimumPasswordLength = 8; /** * -------------------------------------------------------------------- * Password Check Helpers * -------------------------------------------------------------------- * The PasswordValidator class runs the password through all of these * classes, each getting the opportunity to pass/fail the password. * You can add custom classes as long as they adhere to the * CodeIgniter\Shield\Authentication\Passwords\ValidatorInterface. * * @var class-string[] */ public array $passwordValidators = [ CompositionValidator::class, // 비밀번호가 8자리 이상 NothingPersonalValidator::class, // 비밀번호에 개인 정보(예: 이메일, 사용자 이름)가 포함되지 않았는지 확인합니다. DictionaryValidator::class, // 비밀번호가 사전에 있는 단어와 일치하지 않는지 확인합니다. // PwnedValidator::class, ]; /** * -------------------------------------------------------------------- * Valid login fields * -------------------------------------------------------------------- * Fields that are available to be used as credentials for login. */ public array $validFields = [ 'email', 'username', ]; /** * -------------------------------------------------------------------- * Additional Fields for "Nothing Personal" * -------------------------------------------------------------------- * The NothingPersonalValidator prevents personal information from * being used in passwords. The email and username fields are always * considered by the validator. Do not enter those field names here. * * An extended User Entity might include other personal info such as * first and/or last names. $personalFields is where you can add * fields to be considered as "personal" by the NothingPersonalValidator. * For example: * $personalFields = ['firstname', 'lastname']; */ public array $personalFields = []; /** * -------------------------------------------------------------------- * Password / Username Similarity * -------------------------------------------------------------------- * Among other things, the NothingPersonalValidator checks the * amount of sameness between the password and username. * Passwords that are too much like the username are invalid. * * The value set for $maxSimilarity represents the maximum percentage * of similarity at which the password will be accepted. In other words, any * calculated similarity equal to, or greater than $maxSimilarity * is rejected. * * The accepted range is 0-100, with 0 (zero) meaning don't check similarity. * Using values at either extreme of the *working range* (1-100) is * not advised. The low end is too restrictive and the high end is too permissive. * The suggested value for $maxSimilarity is 50. * * You may be thinking that a value of 100 should have the effect of accepting * everything like a value of 0 does. That's logical and probably true, * but is unproven and untested. Besides, 0 skips the work involved * making the calculation unlike when using 100. * * The (admittedly limited) testing that's been done suggests a useful working range * of 50 to 60. You can set it lower than 50, but site users will probably start * to complain about the large number of proposed passwords getting rejected. * At around 60 or more it starts to see pairs like 'captain joe' and 'joe*captain' as * perfectly acceptable which clearly they are not. * * To disable similarity checking set the value to 0. * public $maxSimilarity = 0; */ public int $maxSimilarity = 50; /** * -------------------------------------------------------------------- * Hashing Algorithm to use * -------------------------------------------------------------------- * Valid values are * - PASSWORD_DEFAULT (default) * - PASSWORD_BCRYPT * - PASSWORD_ARGON2I - As of PHP 7.2 only if compiled with support for it * - PASSWORD_ARGON2ID - As of PHP 7.3 only if compiled with support for it */ public string $hashAlgorithm = PASSWORD_DEFAULT; /** * -------------------------------------------------------------------- * ARGON2I/ARGON2ID Algorithm options * -------------------------------------------------------------------- * The ARGON2I method of hashing allows you to define the "memory_cost", * the "time_cost" and the number of "threads", whenever a password hash is * created. */ public int $hashMemoryCost = 65536; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST; public int $hashTimeCost = 4; // PASSWORD_ARGON2_DEFAULT_TIME_COST; public int $hashThreads = 1; // PASSWORD_ARGON2_DEFAULT_THREADS; /** * -------------------------------------------------------------------- * BCRYPT Algorithm options * -------------------------------------------------------------------- * The BCRYPT method of hashing allows you to define the "cost" * or number of iterations made, whenever a password hash is created. * This defaults to a value of 10 which is an acceptable number. * However, depending on the security needs of your application * and the power of your hardware, you might want to increase the * cost. This makes the hashing process takes longer. * * Valid range is between 4 - 31. */ public int $hashCost = 10; /** * //////////////////////////////////////////////////////////////////// * OTHER SETTINGS * //////////////////////////////////////////////////////////////////// */ /** * -------------------------------------------------------------------- * User Provider * -------------------------------------------------------------------- * The name of the class that handles user persistence. * By default, this is the included UserModel, which * works with any of the database engines supported by CodeIgniter. * You can change it as long as they adhere to the * CodeIgniter\Shield\Models\UserModel. * * @var class-string */ public string $userProvider = UserModel::class; /** * Returns the URL that a user should be redirected * to after a successful login. */ public function loginRedirect(): string { if(auth()->user()->inGroup('guest')){ return $this->getUrl('/guest'); } if(auth()->user()->inGroup('advertiser', 'agency')){ return $this->getUrl('/integrate'); } $url = setting('Auth.redirects')['login']; return $this->getUrl($url); } /** * Returns the URL that a user should be redirected * to after they are logged out. */ public function logoutRedirect(): string { $url = setting('Auth.redirects')['logout']; return $this->getUrl($url); } /** * Returns the URL the user should be redirected to * after a successful registration. */ public function registerRedirect(): string { if(auth()->user()->inGroup('guest')){ return $this->getUrl('/guest'); } $url = setting('Auth.redirects')['register']; return $this->getUrl($url); } /** * Returns the URL the user should be redirected to * if force_reset identity is set to true. */ public function forcePasswordResetRedirect(): string { $url = setting('Auth.redirects')['force_reset']; return $this->getUrl($url); } /** * Returns the URL the user should be redirected to * if permission denied. */ public function permissionDeniedRedirect(): string { if(auth()->user()->inGroup('guest')){ return $this->getUrl('/guest'); } if(auth()->user()->inGroup('advertiser', 'agency')){ return $this->getUrl('/integrate'); } $url = setting('Auth.redirects')['permission_denied']; return $this->getUrl($url); } /** * Returns the URL the user should be redirected to * if group denied. */ public function groupDeniedRedirect(): string { if(auth()->user()->inGroup('guest')){ return $this->getUrl('/guest'); } if(auth()->user()->inGroup('advertiser', 'agency')){ return $this->getUrl('/integrate'); } $url = setting('Auth.redirects')['group_denied']; return $this->getUrl($url); } /** * Accepts a string which can be an absolute URL or * a named route or just a URI path, and returns the * full path. * * @param string $url an absolute URL or a named route or just URI path */ protected function getUrl(string $url): string { // To accommodate all url patterns $final_url = ''; switch (true) { case strpos($url, 'http://') === 0 || strpos($url, 'https://') === 0: // URL begins with 'http' or 'https'. E.g. http://example.com $final_url = $url; break; case route_to($url) !== false: // URL is a named-route $final_url = rtrim(url_to($url), '/ '); break; default: // URL is a route (URI path) $final_url = rtrim(site_url($url), '/ '); break; } return $final_url; } }