codeigniter4 · datamweb · Feb 15, 2025 · Feb 16, 2025 · Feb 16, 2025
diff --git a/src/Authentication/Authenticators/AccessTokens.php b/src/Authentication/Authenticators/AccessTokens.php
@@ -18,6 +18,7 @@
 use CodeIgniter\Shield\Authentication\AuthenticationException;
 use CodeIgniter\Shield\Authentication\AuthenticatorInterface;
 use CodeIgniter\Shield\Config\Auth;
+use CodeIgniter\Shield\Config\AuthToken;
 use CodeIgniter\Shield\Entities\User;
 use CodeIgniter\Shield\Exceptions\InvalidArgumentException;
 use CodeIgniter\Shield\Models\TokenLoginModel;
@@ -29,6 +30,7 @@ class AccessTokens implements AuthenticatorInterface
 {
     public const ID_TYPE_ACCESS_TOKEN = 'access_token';
 
+    protected AuthToken $authTokenConfig;
     protected ?User $user = null;
     protected TokenLoginModel $loginModel;
 
@@ -38,7 +40,8 @@ class AccessTokens implements AuthenticatorInterface
     public function __construct(
         protected UserModel $provider,
     ) {
-        $this->loginModel = model(TokenLoginModel::class);
+        $this->authTokenConfig = config('AuthToken');
+        $this->loginModel      = model(TokenLoginModel::class);
     }
 
     /**
@@ -49,8 +52,6 @@ public function __construct(
      */
     public function attempt(array $credentials): Result
     {
-        $config = config('AuthToken');
-
         /** @var IncomingRequest $request */
         $request = service('request');
 
@@ -60,7 +61,7 @@ public function attempt(array $credentials): Result
         $result = $this->check($credentials);
 
         if (! $result->isOK()) {
-            if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
+            if ($this->authTokenConfig->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
                 // Record all failed login attempts.
                 $this->loginModel->recordLoginAttempt(
                     self::ID_TYPE_ACCESS_TOKEN,
@@ -78,7 +79,7 @@ public function attempt(array $credentials): Result
         $token = $user->getAccessToken($this->getBearerToken());
 
         if ($user->isBanned()) {
-            if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
+            if ($this->authTokenConfig->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
                 // Record a banned login attempt.
                 $this->loginModel->recordLoginAttempt(
                     self::ID_TYPE_ACCESS_TOKEN,
@@ -102,7 +103,7 @@ public function attempt(array $credentials): Result
 
         $this->login($user);
 
-        if ($config->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) {
+        if ($this->authTokenConfig->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) {
             // Record a successful login attempt.
             $this->loginModel->recordLoginAttempt(
                 self::ID_TYPE_ACCESS_TOKEN,
@@ -131,7 +132,7 @@ public function check(array $credentials): Result
                 'success' => false,
                 'reason'  => lang(
                     'Auth.noToken',
-                    [config('AuthToken')->authenticatorHeader['tokens']],
+                    [$this->authTokenConfig->authenticatorHeader['tokens']],
                 ),
             ]);
         }
@@ -158,7 +159,7 @@ public function check(array $credentials): Result
         if (
             $token->last_used_at
             && $token->last_used_at->isBefore(
-                Time::now()->subSeconds(config('AuthToken')->unusedTokenLifetime),
+                Time::now()->subSeconds($this->authTokenConfig->unusedTokenLifetime),
             )
         ) {
             return new Result([
@@ -199,7 +200,7 @@ public function loggedIn(): bool
 
         return $this->attempt([
             'token' => $request->getHeaderLine(
-                config('AuthToken')->authenticatorHeader['tokens'],
+                $this->authTokenConfig->authenticatorHeader['tokens'],
             ),
         ])->isOK();
     }
@@ -258,7 +259,7 @@ public function getBearerToken(): ?string
         /** @var IncomingRequest $request */
         $request = service('request');
 
-        $header = $request->getHeaderLine(config('AuthToken')->authenticatorHeader['tokens']);
+        $header = $request->getHeaderLine($this->authTokenConfig->authenticatorHeader['tokens']);
 
         if (empty($header)) {
             return null;

diff --git a/src/Authentication/Authenticators/HmacSha256.php b/src/Authentication/Authenticators/HmacSha256.php
@@ -19,6 +19,7 @@
 use CodeIgniter\Shield\Authentication\AuthenticatorInterface;
 use CodeIgniter\Shield\Authentication\HMAC\HmacEncrypter;
 use CodeIgniter\Shield\Config\Auth;
+use CodeIgniter\Shield\Config\AuthToken;
 use CodeIgniter\Shield\Entities\User;
 use CodeIgniter\Shield\Exceptions\InvalidArgumentException;
 use CodeIgniter\Shield\Models\TokenLoginModel;
@@ -32,14 +33,16 @@ class HmacSha256 implements AuthenticatorInterface
 
     protected ?User $user = null;
     protected TokenLoginModel $loginModel;
+    protected AuthToken $authTokenConfig;
 
     /**
      * @param UserModel $provider The persistence engine
      */
     public function __construct(
         protected UserModel $provider,
     ) {
-        $this->loginModel = model(TokenLoginModel::class);
+        $this->authTokenConfig = config('AuthToken');
+        $this->loginModel      = model(TokenLoginModel::class);
     }
 
     /**
@@ -50,8 +53,6 @@ public function __construct(
      */
     public function attempt(array $credentials): Result
     {
-        $config = config('AuthToken');
-
         /** @var IncomingRequest $request */
         $request = service('request');
 
@@ -61,7 +62,7 @@ public function attempt(array $credentials): Result
         $result = $this->check($credentials);
 
         if (! $result->isOK()) {
-            if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
+            if ($this->authTokenConfig->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
                 // Record all failed login attempts.
                 $this->loginModel->recordLoginAttempt(
                     self::ID_TYPE_HMAC_TOKEN,
@@ -79,7 +80,7 @@ public function attempt(array $credentials): Result
         $token = $user->getHmacToken($this->getHmacKeyFromToken());
 
         if ($user->isBanned()) {
-            if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
+            if ($this->authTokenConfig->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
                 // Record a banned login attempt.
                 $this->loginModel->recordLoginAttempt(
                     self::ID_TYPE_HMAC_TOKEN,
@@ -103,7 +104,7 @@ public function attempt(array $credentials): Result
 
         $this->login($user);
 
-        if ($config->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) {
+        if ($this->authTokenConfig->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) {
             // Record a successful login attempt.
             $this->loginModel->recordLoginAttempt(
                 self::ID_TYPE_HMAC_TOKEN,
@@ -132,7 +133,7 @@ public function check(array $credentials): Result
                 'success' => false,
                 'reason'  => lang(
                     'Auth.noToken',
-                    [config('AuthToken')->authenticatorHeader['hmac']],
+                    [$this->authTokenConfig->authenticatorHeader['hmac']],
                 ),
             ]);
         }
@@ -174,7 +175,7 @@ public function check(array $credentials): Result
         if (
             isset($token->last_used_at)
             && $token->last_used_at->isBefore(
-                Time::now()->subSeconds(config('AuthToken')->unusedTokenLifetime),
+                Time::now()->subSeconds($this->authTokenConfig->unusedTokenLifetime),
             )
         ) {
             return new Result([
@@ -215,7 +216,7 @@ public function loggedIn(): bool
 
         return $this->attempt([
             'token' => $request->getHeaderLine(
-                config('AuthToken')->authenticatorHeader['hmac'],
+                $this->authTokenConfig->authenticatorHeader['hmac'],
             ),
         ])->isOK();
     }
@@ -276,7 +277,7 @@ public function getFullHmacToken(): ?string
         /** @var IncomingRequest $request */
         $request = service('request');
 
-        $header = $request->getHeaderLine(config('AuthToken')->authenticatorHeader['hmac']);
+        $header = $request->getHeaderLine($this->authTokenConfig->authenticatorHeader['hmac']);
 
         if ($header === '') {
             return null;

diff --git a/src/Authentication/Authenticators/JWT.php b/src/Authentication/Authenticators/JWT.php
@@ -40,6 +40,7 @@ class JWT implements AuthenticatorInterface
      */
     public const ID_TYPE_JWT = 'jwt';
 
+    protected AuthJWT $authJWTConfig;
     protected ?User $user = null;
     protected JWTManager $jwtManager;
     protected TokenLoginModel $tokenLoginModel;
@@ -56,6 +57,7 @@ class JWT implements AuthenticatorInterface
     public function __construct(
         protected UserModel $provider,
     ) {
+        $this->authJWTConfig   = config('AuthJWT');
         $this->jwtManager      = service('jwtmanager');
         $this->tokenLoginModel = model(TokenLoginModel::class);
     }
@@ -68,9 +70,6 @@ public function __construct(
      */
     public function attempt(array $credentials): Result
     {
-        /** @var AuthJWT $config */
-        $config = config('AuthJWT');
-
         /** @var IncomingRequest $request */
         $request = service('request');
 
@@ -80,7 +79,7 @@ public function attempt(array $credentials): Result
         $result = $this->check($credentials);
 
         if (! $result->isOK()) {
-            if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
+            if ($this->authJWTConfig->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
                 // Record a failed login attempt.
                 $this->tokenLoginModel->recordLoginAttempt(
                     self::ID_TYPE_JWT,
@@ -97,7 +96,7 @@ public function attempt(array $credentials): Result
         $user = $result->extraInfo();
 
         if ($user->isBanned()) {
-            if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
+            if ($this->authJWTConfig->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
                 // Record a banned login attempt.
                 $this->tokenLoginModel->recordLoginAttempt(
                     self::ID_TYPE_JWT,
@@ -119,7 +118,7 @@ public function attempt(array $credentials): Result
 
         $this->login($user);
 
-        if ($config->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) {
+        if ($this->authJWTConfig->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) {
             // Record a successful login attempt.
             $this->tokenLoginModel->recordLoginAttempt(
                 self::ID_TYPE_JWT,
@@ -150,7 +149,7 @@ public function check(array $credentials): Result
                 'success' => false,
                 'reason'  => lang(
                     'Auth.noToken',
-                    [config('AuthJWT')->authenticatorHeader],
+                    [$this->authJWTConfig->authenticatorHeader],
                 ),
             ]);
         }
@@ -218,11 +217,8 @@ public function getTokenFromRequest(RequestInterface $request): string
     {
         assert($request instanceof IncomingRequest);
 
-        /** @var AuthJWT $config */
-        $config = config('AuthJWT');
-
         $tokenHeader = $request->getHeaderLine(
-            $config->authenticatorHeader ?? 'Authorization',
+            $this->authJWTConfig->authenticatorHeader ?? 'Authorization',
         );
 
         if (str_starts_with($tokenHeader, 'Bearer')) {