search

benedmunds / CodeIgniter-Ion-Auth

Simple and Lightweight Auth System for CodeIgniter
http://benedmunds.com/ion_auth/
MIT License
2.35k stars 1.14k forks source link

Error when called from phpunit #1569

Open nandinibhaduri opened 1 year ago

nandinibhaduri commented 1 year ago

Which branch are you using? 3

What commit hash are you on? I am not sure

What CodeIgniter version are you using? 3.1.9

What PHP version are you using? PHP 7.2.33

Post your Ion Auth config below

<?php
/**
 * Name:    Ion Auth
 * Author:  Ben Edmunds
 *           ben.edmunds@gmail.com
 *           @benedmunds
 *
 * Added Awesomeness: Phil Sturgeon
 *
 * Created:  10.01.2009
 *
 * Description:  Modified auth system based on redux_auth with extensive customization. This is basically what Redux Auth 2 should be.
 * Original Author name has been kept but that does not mean that the method has not been modified.
 *
 * Requirements: PHP5.6 or above
 *
 * @package    CodeIgniter-Ion-Auth
 * @author     Ben Edmunds
 * @link       http://github.com/benedmunds/CodeIgniter-Ion-Auth
 * @filesource
 */
defined('BASEPATH') OR exit('No direct script access allowed');

/*
 | -------------------------------------------------------------------------
 | Database group name option.
 | -------------------------------------------------------------------------
 | Allows to select a specific group for the database connection
 |
 | Default is empty: uses default group defined in CI's configuration
 | (see application/config/database.php, $active_group variable)
 */
$config['database_group_name'] = '';

/*
| -------------------------------------------------------------------------
| Tables.
| -------------------------------------------------------------------------
| Database table names.
*/
$config['tables']['users']           = 'users';
$config['tables']['groups']          = 'auth_groups';
$config['tables']['users_groups']    = 'users_groups';
$config['tables']['login_attempts']  = 'login_attempts';

/*
 | Users table column and Group table column you want to join WITH.
 |
 | Joins from users.id
 | Joins from groups.id
 */
$config['join']['users']  = 'user_id';
$config['join']['groups'] = 'group_id';

/*
 | -------------------------------------------------------------------------
 | Hash Method (bcrypt or argon2)
 | -------------------------------------------------------------------------
 | Bcrypt is available in PHP 5.3+
 | Argon2 is available in PHP 7.2
 |
 | Argon2 is recommended by expert (it is actually the winner of the Password Hashing Competition
 | for more information see https://password-hashing.net). So if you can (PHP 7.2), go for it.
 |
 | Bcrypt specific:
 |      bcrypt_default_cost settings:  This defines how strong the encryption will be.
 |      However, higher the cost, longer it will take to hash (CPU usage) So adjust
 |      this based on your server hardware.
 |
 |      You can (and should!) benchmark your server. This can be done easily with this little script:
 |      https://gist.github.com/Indigo744/24062e07477e937a279bc97b378c3402
 |
 |      With bcrypt, an example hash of "password" is:
 |      $2y$08$200Z6ZZbp3RAEXoaWcMA6uJOFicwNZaqk4oDhqTUiFXFe63MG.Daa
 |
 |      A specific parameter bcrypt_admin_cost is available for user in admin group.
 |      It is recommended to have a stronger hashing for administrators.
 |
 | Argon2 specific:
 |      argon2_default_params settings:  This is an array containing the options for the Argon2 algorithm.
 |      You can define 3 differents keys:
 |          memory_cost (default 4096 kB)
 |              Maximum memory (in kBytes) that may be used to compute the Argon2 hash
 |              The spec recommends setting the memory cost to a power of 2.
 |          time_cost (default 2)
 |              Number of iterations (used to tune the running time independently of the memory size).
                This defines how strong the encryption will be.
 |          threads (default 2)
 |              Number of threads to use for computing the Argon2 hash
 |              The spec recommends setting the number of threads to a power of 2.
 |
 |      You can (and should!) benchmark your server. This can be done easily with this little script:
 |      https://gist.github.com/Indigo744/e92356282eb808b94d08d9cc6e37884c
 |
 |      With argon2, an example hash of "password" is:
 |      $argon2i$v=19$m=1024,t=2,p=2$VEFSSU4wSzh3cllVdE1JZQ$PDeks/7JoKekQrJa9HlfkXIk8dAeZXOzUxLBwNFbZ44
 |
 |      A specific parameter argon2_admin_params is available for user in admin group.
 |      It is recommended to have a stronger hashing for administrators.
 |
 | For more information, check the password_hash function help: http://php.net/manual/en/function.password-hash.php
 |
 */
$config['hash_method']              = 'bcrypt'; // bcrypt or argon2
$config['bcrypt_default_cost']      = 10;       // Set cost according to your server benchmark - but no lower than 10 (default PHP value)
$config['bcrypt_admin_cost']        = 12;       // Cost for user in admin group
$config['argon2_default_params']    = [
    'memory_cost'   => 1 << 12, // 4MB
    'time_cost'     => 2,
    'threads'       => 2
];
$config['argon2_admin_params']      = [
    'memory_cost'   => 1 << 14, // 16MB
    'time_cost'     => 4,
    'threads'       => 2
];

/*
 | -------------------------------------------------------------------------
 | Authentication options.
 | -------------------------------------------------------------------------
 | maximum_login_attempts:  This maximum is not enforced by the library, but is used by
 |                          is_max_login_attempts_exceeded().
 |                          The controller should check this function and act appropriately.
 |                          If this variable set to 0, there is no maximum.
 | min_password_length:     This minimum is not enforced directly by the library.
 |                          The controller should define a validation rule to enforce it.
 |                          See the Auth controller for an example implementation.
 |
 | The library will fail for empty password or password size above 4096 bytes.
 | This is an arbitrary (long) value to protect against DOS attack.
 */
$config['site_title']                 = "Example.com";       // Site Title, example.com
$config['admin_email']                = "admin@example.com"; // Admin Email, admin@example.com
$config['default_group']              = 'members';           // Default group, use name
$config['admin_group']                = 'SuperAdmin';             // Default administrators group, use name
$config['identity']                   = 'username';             /* You can use any unique column in your table as identity column.
                                                                The values in this column, alongside password, will be used for login purposes
                                                                IMPORTANT: If you are changing it from the default (email),
                                                                           update the UNIQUE constraint in your DB */
$config['min_password_length']        = 8;                   // Minimum Required Length of Password (not enforced by lib - see note above)
$config['email_activation']           = FALSE;               // Email Activation for registration
$config['manual_activation']          = FALSE;               // Manual Activation for registration
$config['remember_users']             = TRUE;                // Allow users to be remembered and enable auto-login
$config['user_expire']                = 86500;               // How long to remember the user (seconds). Set to zero for no expiration - see sess_expiration in CodeIgniter Session Config for session expiration
$config['user_extend_on_login']       = FALSE;               // Extend the users cookies every time they auto-login
$config['track_login_attempts']       = TRUE;                // Track the number of failed login attempts for each user or ip.
$config['track_login_ip_address']     = TRUE;                // Track login attempts by IP Address, if FALSE will track based on identity. (Default: TRUE)
$config['maximum_login_attempts']     = 3;                   // The maximum number of failed login attempts.
$config['lockout_time']               = 600;                 /* The number of seconds to lockout an account due to exceeded attempts
                                                                You should not use a value below 60 (1 minute) */
$config['forgot_password_expiration'] = 1800;                /* The number of seconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire.
                                                                30 minutes to 1 hour are good values (enough for a user to receive the email and reset its password)
                                                                You should not set a value too high, as it would be a security issue! */
$config['recheck_timer']              = 0;                   /* The number of seconds after which the session is checked again against database to see if the user still exists and is active.
                                                                Leave 0 if you don't want session recheck. if you really think you need to recheck the session against database, we would
                                                                recommend a higher value, as this would affect performance */

/*
 | -------------------------------------------------------------------------
 | Cookie options.
 | -------------------------------------------------------------------------
 | remember_cookie_name Default: remember_code
 */
$config['remember_cookie_name'] = 'remember_code';

/*
 | -------------------------------------------------------------------------
 | Email options.
 | -------------------------------------------------------------------------
 | email_config:
 |    'file' = Use the default CI config or use from a config file
 |    array  = Manually set your email config settings
 */
$config['use_ci_email'] = FALSE; // Send Email using the builtin CI email class, if false it will return the code and the identity
$config['email_config'] = [
    'mailtype' => 'html',
];

/*
 | -------------------------------------------------------------------------
 | Email templates.
 | -------------------------------------------------------------------------
 | Folder where email templates are stored.
 | Default: auth/
 */
$config['email_templates'] = 'auth/email/';

/*
 | -------------------------------------------------------------------------
 | Activate Account Email Template
 | -------------------------------------------------------------------------
 | Default: activate.tpl.php
 */
$config['email_activate'] = 'activate.tpl.php';

/*
 | -------------------------------------------------------------------------
 | Forgot Password Email Template
 | -------------------------------------------------------------------------
 | Default: forgot_password.tpl.php
 */
$config['email_forgot_password'] = 'forgot_password.tpl.php';

/*
 | -------------------------------------------------------------------------
 | Message Delimiters.
 | -------------------------------------------------------------------------
 */
$config['delimiters_source']       = 'config';  // "config" = use the settings defined here, "form_validation" = use the settings defined in CI's form validation library
$config['message_start_delimiter'] = '<p>';     // Message start delimiter
$config['message_end_delimiter']   = '</p>';    // Message end delimiter
$config['error_start_delimiter']   = '<p>';     // Error message start delimiter
$config['error_end_delimiter']     = '</p>';    // Error message end delimiter

Describe the bug

class Stream extends Base_Controller
{
    .................................
    public function delete($groupid)
    {
        ...................................................................................... 
        $this->ion_auth->delete_group($groupid);
     }
}

This works from the UI but throws the following error when called from phpunit test.

Message: Undefined property: Stream::$ion_auth_model on line 129 in file C:\......\application\third_party\ion_auth\libraries\Ion_auth.php

benedmunds commented 1 year ago

How is Ion Auth loaded in your Base_Controller during testing? What if so load ion auth in the stream class?

nandinibhaduri commented 1 year ago

The ion_auth is loaded from autoload.php

/*
| -------------------------------------------------------------------
|  Auto-load Packges
| -------------------------------------------------------------------
| Prototype:
|
|  $autoload['packages'] = array(APPPATH.'third_party', '/usr/local/shared');
|
*/

$autoload['packages'] = array(APPPATH. 'third_party/ion_auth');

/*
| -------------------------------------------------------------------
|  Auto-load Libraries
| -------------------------------------------------------------------
| These are the classes located in the system/libraries folder
| or in your application/libraries folder.
|
| Prototype:
|
|   $autoload['libraries'] = array('database', 'session', 'xmlrpc');
*/

$autoload['libraries'] = array('database', 'session', 'form_validation', 'ion_auth');
benedmunds commented 1 year ago

What else have you tried to troubleshoot this? What if you manually load the package in this controller?

nandinibhaduri commented 1 year ago

Yes, I tried to manually load the library in the Stream class constructor...

log_message('error','Before Loading ion_auth');
$this->load->library('ion_auth');
log_message('error','After Loading ion_auth');

log_message('error',isset($this->ion_auth) ? "Ion Auth Set":"Ion Auth not Set");
log_message('error',isset($this->ion_auth_model) ? "Ion Auth Model Set":"Ion Auth Model not Set");

In the log file I see - 

ERROR - 2022-08-05 04:53:59 --> Before Loading ion_auth
ERROR - 2022-08-05 04:53:59 --> After Loading ion_auth
ERROR - 2022-08-05 04:53:59 --> Ion Auth Set
ERROR - 2022-08-05 04:53:59 --> Ion Auth Model not Set

But when I am trying the delete from the UI I get:

ERROR - 2022-08-05 04:56:39 --> Before Loading ion_auth
ERROR - 2022-08-05 04:56:39 --> After Loading ion_auth
ERROR - 2022-08-05 04:56:39 --> Ion Auth Set
ERROR - 2022-08-05 04:56:39 --> Ion Auth Model Set
benedmunds commented 1 year ago

Hmm maybe try loading the model directly in the controller?

nandinibhaduri commented 1 year ago

Tried that too. The error goes away but the groups didn't get deleted in the following code -

$this->ion_auth->delete_group($groupid);
benedmunds commented 1 year ago

Try adding some logging at each step there that way. Eg, does the model actually get called even if there's no error, does the DB query run, etc

akashposin commented 1 year ago

@benedmunds I notice the last commit on the library around 6 or 7 months ago we are using it regularly I am worried are you people maintaining it in the future.

benedmunds commented 1 year ago

Hey @akashposin , I’m still actively maintaining this but it’s fairly stable after all of these years and I don’t have any new features planned.