Update to Codeigniter 4.4.0

[m85eu]

Is this package works with newest version of framework?

[manageruz]

Yes. This package works with the latest version of CodeIgniter 4.4.1

[chrisastley]

Yes. This package works with the latest version of CodeIgniter 4.4.1

There is actually an issue with compatibility against the latest version. In version 4.4.0 they made breaking changes if you use rememberUser option.

See changelog here https://codeigniter4.github.io/userguide/changelogs/v4.4.0.html#changes

Cookie settings have moved to dedicated file and the parameter names have changed. I have had to manually update both function rememberUser and refreshRemember in vendor/myth/auth/src/Authentication/AuthenticationBase.php

`` /**

• Generates a timing-attack safe remember me token
• and stores the necessary info in the db and a cookie.
• @see https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence

• @throws Exception */ public function rememberUser(int $userID) { $selector = bin2hex(random_bytes(12)); $validator = bin2hex(random_bytes(20)); $expires = date('Y-m-d H:i:s', time() + $this->config->rememberLength);

  $token = $selector . ':' . $validator;
  
  // Store it in the database
  $this->loginModel->rememberUser($userID, $selector, hash('sha256', $validator), $expires);
  
  // Save it to the user's browser in a cookie.
  $appConfig = config('Cookie');
  $response  = service('response');
  
  // Create the cookie
  $response->setCookie(
      'remember',                                 // Cookie Name
      $token,                                     // Value
      $this->config->rememberLength,              // # Seconds until it expires
      $appConfig->domain,
      $appConfig->path,
      $appConfig->prefix,
      $appConfig->secure,                   // Only send over HTTPS?
      true                                        // Hide from Javascript?
  );

  }

  /**

• Sets a new validator for this user/selector. This allows
• a one-time use of remember-me tokens, but still allows

• a user to be remembered on multiple browsers/devices. */ public function refreshRemember(int $userID, string $selector) { $existing = $this->loginModel->getRememberToken($selector);

  // No matching record? Shouldn't happen, but remember the user now.
  if (empty($existing)) {
      return $this->rememberUser($userID);
  }
  
  // Update the validator in the database and the session
  $validator = bin2hex(random_bytes(20));
  
  $this->loginModel->updateRememberValidator($selector, $validator);
  
  // Save it to the user's browser in a cookie.
  helper('cookie');
  
  $appConfig = config('Cookie');
  
  // Create the cookie
  set_cookie(
      'remember',                             // Cookie Name
      $selector . ':' . $validator,               // Value
      (string) $this->config->rememberLength, // # Seconds until it expires
      $appConfig->domain,
      $appConfig->path,
      $appConfig->prefix,
      $appConfig->secure,               // Only send over HTTPS?
      true                                    // Hide from Javascript?
  );

  } ``

[manageruz]

Yep.

There is actually an issue with compatibility against the latest version.

Yep. It's my fault. We need to update some code.