Aauth v3.0.0

[REJack]

Hi Guys,

i'm planning to start with v3.0.0 of Aauth,
the first Version without support for CodeIgniter 2.x

My plans are:

• write from scratch in MVC (move DB actions into models)
  • drop CodeIgniter 2 support
  • remove hash_password()
  • some code finetuning
  • enhance language lines with sprintf
  • whole code in one code style (CI3 PHP Style Guide)
  • change License to MIT
• PHPUnit tests over Travis-CI.org
• a proper documentation on GitBook
  • replace config explanation with a docs link
• social sign-in (google, github, facebok, etc.)
• basic ui (login/register, user-, group-, perm-management, pm center, etc.)
• my Aauth Init Class
  • it allows to remove the SQL files
  • creates automatic all database
  • easy database updates in further releases
  • should works flawless with other databases (postgre, odbc, etc.)

overall Aauth would need PHP 5.5 or higher

If anyone has some suggestions, feel free to answer on this issue 😃.

EDIT/ADDITIONAL:

• change licence to MIT (Change licence? #88)
• add composer decencies instead of the reCAPTCHA & TOTP helpers
  • (on release push) travis would creates 2 zips & upload it to the release
    • the zips would only contain the config, language, libraries & models-folders + the docs as PDF
    • 1 with vendor-folder, downloaded/integrated composer
      (there some website hosts they not give a ability for a SSH access)
    • 1 without vendor-folder, not integrated composer decencies
• add .editorconfig EditorConfig helps to define and maintain consistent coding styles between different editors and IDEs,
  • Plugins available for many IDE's
• add CI's Form Validation support
• easy Migration from v2.X
• add foreign key to database tables (working dbforge solution for Aauth Init Class usage)
• Unspecific session variable names for user (Unspecific session variable names for user #177)
• Login with email and username (idk main behavior or config option)

[tswagger]

Raphael -

I think this sounds like a good plan. Please let me know where I can help.

TIM

[REJack]

thx tim, nice to know that you want to help 😄

english is not my native language you could check the docs when they are ready/finished 😃

[paulcanning]

I'll certainly do some testing :)

[REJack]

Default/self testing are not really needed with v3.0.0 😃

PHPUnit tests over Travis-CI.org

i started writing v3.0.0 as Test-driven development.

[paulcanning]

Test's don't always catch bugs :D

[REJack]

well but almost all :P

[emreakay]

it is very good. I will also code a simple control panel to arrange users and permissions from web gui.

[REJack]

I have made good progress this week with v3.0.0.
I finished the Users-, User_Variables- & Login_Attempts-model incl. tests & docs.

I tested it with PHPunit 4.8 on PHP5.5 and PHPunit 5.4 with PHP5.6 & 7.0,
the results are from PHPunit 5.4 with PHP5.6.
Here you can see the Code Coverage from PHPunit, and here a preview of the Docs.
The info's about the Database are in the Code Coverage.

@emreakay thats a point in my plans too

basic ui (login/register, user-, group-, perm-management, pm center, etc.)

[neilsf]

The user model could have magic getters mapped to the user variables. It would be very convenient to use such code:

$address = $usr->address;
$phone = $usr->phone_number;

Magic __isset() method in addition would make it even more convenient.

[terrylinooo]

Magic functions are better use in library, not use in Controller-Model construction, or you will meet many problems. You can try put __get() in Controller then you will know what I mean.

[REJack]

@neilsf Don't think wrong but you wouldn't use the models. You would still use the library, the models are only for database actions that are used by the library.

@terrylinooo I thought the same thing 😃 it's more a enhancement for the library than for the model.

I considered to make create_user "magic" too, like this create_user($email, $password, $username = NULL, $variables = array()).

[neilsf]

@terrylinooo
@REJack
OK, thanks!

[REJack]

Hey guys I'm making good progress with v3,
I'm thinking about changing some Database & Model names for a nice order and faster identifying 😄.

• user_to_group => group_to_user
• group_to_group => group_to_subgroup
• user_to_perm => perm_to_user
• group_to_perm => perm_to_group

What you think about this?

P.S.: I'll update the CodeCoverage & Docs next weekend.

[paulcanning]

Looks good. Was going to ask for an update earlier :D

[tswagger]

the group_to_subgroup change makes a lot of sense. The other three are probably personal preference, but I have no objections.

On Jun 30, 2016, at 2:07 PM, Raphael Jackstadt notifications@github.com wrote:

Hey guys I'm making good progress with v3,
I'm thinking about changing some Database & Model names for a nice order and faster identifying 😄.

user_to_group => group_to_user
group_to_group => group_to_subgroup
user_to_perm => perm_to_user
group_to_perm => perm_to_group
What you think about this?

P.S.: I'll update the CodeCoverage & Docs next weekend.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub #151 (comment), or mute the thread https://github.com/notifications/unsubscribe/AH-nUAlzLpF8s1DuUDysylIwXqm3quR4ks5qRBQEgaJpZM4ItqgG.

[REJack]

Guys sry for the lack of updates i will update the codecoverage & docs later in the day

[tpw1314]

When is the estimated release date for Aauth 3 though ? I am kind of afraid to pick up Aauth 2 because it might become a problem when migrating/upgrading to Aauth 3 since CI2 will no longer be supported.

[paulcanning]

CI2 is no longer supported by its developers, so you should look to migrate to CI3. It's pretty easy to do and means you are fully up to date!

[REJack]

There is no estimated release date at the moment, but Aauth v3 will be easy to migration from v2.

From the CI Download page:

CodeIgniter 2 has reached its end-of-life for support and updates, as of October 31, 2015. No further updates are planned.
We encourage you to upgrade to CodeIgniter 3.x!

[k-msalehi]

i thin in previews version there was no relation between users and user_variables tables.
when i had deleted a user, the user's information were still in user_variables.

anyway i done this relation manually.
should i be worry about unexpected problems?

[REJack]

@pars0097 which version you mean?

[k-msalehi]

@REJack
v2.5.10

[REJack]

I've never heard about this problem, if you look into the code in L932 there you see it delete user's perms, groups, variables & the user it self.

[k-msalehi]

yes you right.
i meant if from phpmyadmin when i deleted a user the variables and pms stayed.
from code you right but if you make a relation between
users table and pms, variables and user_to_group
the code change to:

$this->aauth_db->where('user_id', $user_id);
$this->aauth_db->delete($this->config_vars['users']);

anyway this problem just happen when use phpmyadmin to delete a user.

[REJack]

Oh ok, but i dont think that we can implement that because we going to use a automatic database initialization class with CI's DB Forge and there is no way to set the relation between this 2 tables, maybe it comes with CI4 😄

[k-msalehi]

remove hash_password()
it means use password_hash and password_verify as default?

[REJack]

Correct.
I'll remove hash_password() & verify_password() and switch them with password_hash() & verify_password().

The old password hashing method is not really secure 😃.

[nimrod-cohen]

@REJack
Would you consider creating a migration script for people that are currently using the 2.x version?
assuming that db changes are part of the v-up...

[REJack]

@nimrod-cohen yes

[k-msalehi]

when will you release v3 exactly?

[REJack]

At the moment i know no exact release date, i hope end of this year.

[perenstrom]

I have another suggestion for v3. Add foreign key constraints to the database tables.

[REJack]

nice idea, i added it to the list 😄

[perenstrom]

Nice!

Another suggestion: remove (or significantly increase) the default max number for passwords. There is absolutely no reason to limit the password lengths. The single greatest security variable in passwords are length. And perhaps increase the minimum as well.

[REJack]

I have that already in my head the whole config file defaults will be changed 😄 i change it anytime i use Aauth in a project.

My personal settings are max 32 & min 8, i would use these for the v3 defaults.

[perenstrom]

Why such a low number as 32? Let users go bonkers, set it at 256. (A bit of interesting Saturday reading: https://blog.codinghorror.com/your-password-is-too-damn-short/ )

[REJack]

Idk how much max chars bcrypt allows and how long the result is for the db,
but i make some tests and then i set the max for default 😄

We can add also multiple config file like a minimal security, default security & maximum security 😃

[perenstrom]

I'll keep posting suggestions for v3 here now that I'm working with Aauth a bit.

A user should be able to log in using email and username, there is no reason to restrict it to one. If you feel the need to restrict you can add a config option.

[REJack]

nice idea, but i dont know right now how to handle this as "the" only way or a simple config option 😄

I am add this to the list.

[AzrielOmega]

Just leave my comment here to show how much I appreciate your awesome work and I'm very excited to hear your upgrading to Aauth 3.

PS: You should post your work on CodeIgniter forum, or even better, make an official site and add donation method so at least I can buy you a drink or two.

http://forum.codeigniter.com/forum-13.html

[REJack]

Thanks @AzrielOmega, it's not only my work, I am only a contributor 😄

I'll talk with @emreakay about CI Forum thread, Official Site & Donations.

[REJack]

Hi everyone

Sorry for this massive delay with v3 state updates, I had a lot of work.

I created a Project on GitHub for v3 with the actual state of my work,
I will push the code to develop & release v3.0.0-rc1 next weekend with:

• all base models
• first version of the docs with the created models
• Travis-CI for PHPUnit tests and more

---

P.S.: I'll push tomorrow the last version of 2.5 (in my opinion) with this changes/enhancements:

• add sort parameter to list_users (Add sort parameter to list_users #176)
• is_allowed improvement (is_allowed improvement #166)

[REJack]

Hi Guys,

i was busy with my Job but i created a fork for v3 and published the state of my work plus Travis-CI for testing and Coveralls CodeCoverage publishing.

My Fork

I've removed the Waffle.io badge from README.md in my fork, because i use GitHub's Project feature here.
I'll merge my fork in the next days, but i don't know right now if need @emreakay for repo creation or activation in Travis or Coveralls.

regards REJack

[steflight]

thank , i check

[steflight]

@REJack i want to contribute by writing french documentation base on engish one.
my suggestion is to have something like a REST version .so that we can do http request with...

[REJack]

@steflight how you mean "something like a REST version", like a controller for codeigniter-restserver or something else?

[steflight]

@REJack sorry for my silence ; yes i'm talking about something like codeigniter restserver

[REJack]

@steflight do you know if there is any better alternative to codeigniter-restserver? I've never used a REST in CI 😄

[steflight]

ok @REJack i will try to set up it like a REST API

[REJack]

I'll close this issue, it's a new v3 news there (#191).

regards REJack