codeigniter4 · datamweb · Feb 6, 2023 · Feb 6, 2023 · Feb 6, 2023 · Feb 6, 2023
diff --git a/docs/customization.md b/docs/customization.md
@@ -149,11 +149,11 @@ Shield has the following rules for registration:
 [
     'username' => [
         'label' =>  'Auth.username',
-        'rules' => 'required|max_length[30]|min_length[3]|regex_match[/\A[a-zA-Z0-9\.]+\z/]|is_unique[users.username]',
+        'rules' => 'required|max_length[30]|min_length[3]|regex_match[/\A[a-zA-Z0-9\.]+\z/]|is_unique[' . SHIELD_TABLES['users'] . '.username]',
     ],
     'email' => [
         'label' =>  'Auth.email',
-        'rules' => 'required|max_length[254]|valid_email|is_unique[auth_identities.secret]',
+        'rules' => 'required|max_length[254]|valid_email|is_unique[' . SHIELD_TABLES['identities'] . '.secret]',
     ],
     'password' => [
         'label' =>  'Auth.password',
@@ -175,11 +175,11 @@ If you need a different set of rules for registration, you can specify them in y
     public $registration = [
         'username' => [
             'label' =>  'Auth.username',
-            'rules' => 'required|max_length[30]|min_length[3]|regex_match[/\A[a-zA-Z0-9\.]+\z/]|is_unique[users.username]',
+            'rules' => 'required|max_length[30]|min_length[3]|regex_match[/\A[a-zA-Z0-9\.]+\z/]|is_unique[' . SHIELD_TABLES['users'] . '.username]',
         ],
         'email' => [
             'label' =>  'Auth.email',
-            'rules' => 'required|max_length[254]|valid_email|is_unique[auth_identities.secret]',
+            'rules' => 'required|max_length[254]|valid_email|is_unique[' . SHIELD_TABLES['identities'] . '.secret]',
         ],
         'password' => [
             'label' =>  'Auth.password',

diff --git a/rector.php b/rector.php
@@ -99,6 +99,7 @@
             __DIR__ . '/src/Helpers',
             __DIR__ . '/src/Language',
             __DIR__ . '/tests/_support',
+            __DIR__ . '/src/Config/Constants.php',
         ],
 
         // May load view files directly when detecting classes

diff --git a/src/Config/Auth.php b/src/Config/Auth.php
@@ -37,6 +37,36 @@ class Auth extends BaseConfig
         'magic-link-email'            => '\CodeIgniter\Shield\Views\Email\magic_link_email',
     ];
 
+    /**
+     * --------------------------------------------------------------------
+     * Customize Name of Shield Tables
+     * --------------------------------------------------------------------
+     * Only change if you want to rename the default Shield table names
+     *
+     * It may be necessary to change the names of the tables for
+     * security reasons, to prevent the conflict of table names,
+     * the internal policy of the companies or any other reason.
+     *
+     * - users                  Auth Users Table, the users info is stored.
+     * - auth_identities        Auth Identities Table, Used for storage of passwords, access tokens, social login identities, etc.
+     * - auth_logins            Auth Login Attempts, Table records login attempts.
+     * - auth_token_logins      Auth Token Login Attempts Table, Records Bearer Token type login attempts.
+     * - auth_remember_tokens   Auth Remember Tokens (remember-me) Table.
+     * - auth_groups_users      Groups Users Table.
+     * - auth_permissions_users Users Permissions Table.
+     *
+     * @var array<string, string>
+     */
+    public array $tables = [
+        'users'             => 'users',
+        'identities'        => 'auth_identities',
+        'logins'            => 'auth_logins',
+        'token_logins'      => 'auth_token_logins',
+        'remember_tokens'   => 'auth_remember_tokens',
+        'groups_users'      => 'auth_groups_users',
+        'permissions_users' => 'auth_permissions_users',
+    ];
+
     /**
      * --------------------------------------------------------------------
      * Redirect URLs

diff --git a/src/Config/Constants.php b/src/Config/Constants.php
@@ -0,0 +1,7 @@
+<?php
+
+declare(strict_types=1);
+
+use CodeIgniter\Shield\Config\Auth as ShieldAuth;
+
+define('SHIELD_TABLES', (new ShieldAuth())->tables);
diff --git a/src/Config/Registrar.php b/src/Config/Registrar.php
@@ -14,6 +14,8 @@
 use CodeIgniter\Shield\Filters\SessionAuth;
 use CodeIgniter\Shield\Filters\TokenAuth;
 
+include_once __DIR__ . '/Constants.php';
+
 class Registrar
 {
     /**

diff --git a/src/Controllers/RegisterController.php b/src/Controllers/RegisterController.php
@@ -153,11 +153,11 @@ protected function getValidationRules(): array
     {
         $registrationUsernameRules = array_merge(
             config('AuthSession')->usernameValidationRules,
-            ['is_unique[users.username]']
+            [sprintf('is_unique[%s.username]', SHIELD_TABLES['users'])]
         );
         $registrationEmailRules = array_merge(
             config('AuthSession')->emailValidationRules,
-            ['is_unique[auth_identities.secret]']
+            [sprintf('is_unique[%s.secret]', SHIELD_TABLES['identities'])]
         );
 
         return setting('Validation.registration') ?? [

diff --git a/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php b/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php
@@ -24,7 +24,7 @@ public function up(): void
         ]);
         $this->forge->addPrimaryKey('id');
         $this->forge->addUniqueKey('username');
-        $this->forge->createTable('users');
+        $this->forge->createTable(SHIELD_TABLES['users']);
 
         /*
          * Auth Identities Table
@@ -47,8 +47,8 @@ public function up(): void
         $this->forge->addPrimaryKey('id');
         $this->forge->addUniqueKey(['type', 'secret']);
         $this->forge->addKey('user_id');
-        $this->forge->addForeignKey('user_id', 'users', 'id', '', 'CASCADE');
-        $this->forge->createTable('auth_identities');
+        $this->forge->addForeignKey('user_id', SHIELD_TABLES['users'], 'id', '', 'CASCADE');
+        $this->forge->createTable(SHIELD_TABLES['identities']);
 
         /**
          * Auth Login Attempts Table
@@ -69,7 +69,7 @@ public function up(): void
         $this->forge->addKey(['id_type', 'identifier']);
         $this->forge->addKey('user_id');
         // NOTE: Do NOT delete the user_id or identifier when the user is deleted for security audits
-        $this->forge->createTable('auth_logins');
+        $this->forge->createTable(SHIELD_TABLES['logins']);
 
         /*
          * Auth Token Login Attempts Table
@@ -89,7 +89,7 @@ public function up(): void
         $this->forge->addKey(['id_type', 'identifier']);
         $this->forge->addKey('user_id');
         // NOTE: Do NOT delete the user_id or identifier when the user is deleted for security audits
-        $this->forge->createTable('auth_token_logins');
+        $this->forge->createTable(SHIELD_TABLES['token_logins']);
 
         /*
          * Auth Remember Tokens (remember-me) Table
@@ -106,8 +106,8 @@ public function up(): void
         ]);
         $this->forge->addPrimaryKey('id');
         $this->forge->addUniqueKey('selector');
-        $this->forge->addForeignKey('user_id', 'users', 'id', '', 'CASCADE');
-        $this->forge->createTable('auth_remember_tokens');
+        $this->forge->addForeignKey('user_id', SHIELD_TABLES['users'], 'id', '', 'CASCADE');
+        $this->forge->createTable(SHIELD_TABLES['remember_tokens']);
 
         // Groups Users Table
         $this->forge->addField([
@@ -117,8 +117,8 @@ public function up(): void
             'created_at' => ['type' => 'datetime', 'null' => false],
         ]);
         $this->forge->addPrimaryKey('id');
-        $this->forge->addForeignKey('user_id', 'users', 'id', '', 'CASCADE');
-        $this->forge->createTable('auth_groups_users');
+        $this->forge->addForeignKey('user_id', SHIELD_TABLES['users'], 'id', '', 'CASCADE');
+        $this->forge->createTable(SHIELD_TABLES['groups_users']);
 
         // Users Permissions Table
         $this->forge->addField([
@@ -128,8 +128,8 @@ public function up(): void
             'created_at' => ['type' => 'datetime', 'null' => false],
         ]);
         $this->forge->addPrimaryKey('id');
-        $this->forge->addForeignKey('user_id', 'users', 'id', '', 'CASCADE');
-        $this->forge->createTable('auth_permissions_users');
+        $this->forge->addForeignKey('user_id', SHIELD_TABLES['users'], 'id', '', 'CASCADE');
+        $this->forge->createTable(SHIELD_TABLES['permissions_users']);
     }
 
     // --------------------------------------------------------------------
@@ -138,13 +138,13 @@ public function down(): void
     {
         $this->db->disableForeignKeyChecks();
 
-        $this->forge->dropTable('auth_logins', true);
-        $this->forge->dropTable('auth_token_logins', true);
-        $this->forge->dropTable('auth_remember_tokens', true);
-        $this->forge->dropTable('auth_identities', true);
-        $this->forge->dropTable('auth_groups_users', true);
-        $this->forge->dropTable('auth_permissions_users', true);
-        $this->forge->dropTable('users', true);
+        $this->forge->dropTable(SHIELD_TABLES['logins'], true);
+        $this->forge->dropTable(SHIELD_TABLES['token_logins'], true);
+        $this->forge->dropTable(SHIELD_TABLES['remember_tokens'], true);
+        $this->forge->dropTable(SHIELD_TABLES['identities'], true);
+        $this->forge->dropTable(SHIELD_TABLES['groups_users'], true);
+        $this->forge->dropTable(SHIELD_TABLES['permissions_users'], true);
+        $this->forge->dropTable(SHIELD_TABLES['users'], true);
 
         $this->db->enableForeignKeyChecks();
     }

diff --git a/src/Models/GroupModel.php b/src/Models/GroupModel.php
@@ -11,7 +11,7 @@ class GroupModel extends Model
 {
     use CheckQueryReturnTrait;
 
-    protected $table          = 'auth_groups_users';
+    protected $table          = SHIELD_TABLES['groups_users'];
     protected $primaryKey     = 'id';
     protected $returnType     = 'array';
     protected $useSoftDeletes = false;

diff --git a/src/Models/LoginModel.php b/src/Models/LoginModel.php
@@ -15,7 +15,7 @@ class LoginModel extends Model
 {
     use CheckQueryReturnTrait;
 
-    protected $table          = 'auth_logins';
+    protected $table          = SHIELD_TABLES['logins'];
     protected $primaryKey     = 'id';
     protected $returnType     = Login::class;
     protected $useSoftDeletes = false;

diff --git a/src/Models/PermissionModel.php b/src/Models/PermissionModel.php
@@ -11,7 +11,7 @@ class PermissionModel extends Model
 {
     use CheckQueryReturnTrait;
 
-    protected $table          = 'auth_permissions_users';
+    protected $table          = SHIELD_TABLES['permissions_users'];
     protected $primaryKey     = 'id';
     protected $returnType     = 'array';
     protected $useSoftDeletes = false;

diff --git a/src/Models/RememberModel.php b/src/Models/RememberModel.php
@@ -15,7 +15,7 @@ class RememberModel extends Model
 {
     use CheckQueryReturnTrait;
 
-    protected $table          = 'auth_remember_tokens';
+    protected $table          = SHIELD_TABLES['remember_tokens'];
     protected $primaryKey     = 'id';
     protected $returnType     = 'object';
     protected $useSoftDeletes = false;

diff --git a/src/Models/TokenLoginModel.php b/src/Models/TokenLoginModel.php
@@ -10,7 +10,7 @@
 
 class TokenLoginModel extends LoginModel
 {
-    protected $table = 'auth_token_logins';
+    protected $table = SHIELD_TABLES['token_logins'];
 
     /**
      * Generate a fake login for testing

diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php
@@ -20,7 +20,7 @@ class UserIdentityModel extends Model
 {
     use CheckQueryReturnTrait;
 
-    protected $table          = 'auth_identities';
+    protected $table          = SHIELD_TABLES['identities'];
     protected $primaryKey     = 'id';
     protected $returnType     = UserIdentity::class;
     protected $useSoftDeletes = false;

diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
@@ -21,7 +21,7 @@ class UserModel extends Model
 {
     use CheckQueryReturnTrait;
 
-    protected $table          = 'users';
+    protected $table          = SHIELD_TABLES['users'];
     protected $primaryKey     = 'id';
     protected $returnType     = User::class;
     protected $useSoftDeletes = true;
@@ -184,19 +184,19 @@ public function findByCredentials(array $credentials): ?User
         // any of the credentials used should be case-insensitive
         foreach ($credentials as $key => $value) {
             $this->where(
-                'LOWER(' . $this->db->protectIdentifiers("users.{$key}") . ')',
+                'LOWER(' . $this->db->protectIdentifiers(SHIELD_TABLES['users'] . ".{$key}") . ')',
                 strtolower($value)
             );
         }
 
         if ($email !== null) {
             $data = $this->select(
-                'users.*, auth_identities.secret as email, auth_identities.secret2 as password_hash'
+                sprintf('%1$s.*, %2$s.secret as email, %2$s.secret2 as password_hash', SHIELD_TABLES['users'], SHIELD_TABLES['identities'])
             )
-                ->join('auth_identities', 'auth_identities.user_id = users.id')
-                ->where('auth_identities.type', Session::ID_TYPE_EMAIL_PASSWORD)
+                ->join(SHIELD_TABLES['identities'], sprintf('%1$s.user_id = %2$s.id', SHIELD_TABLES['identities'], SHIELD_TABLES['users']))
+                ->where(SHIELD_TABLES['identities'] . '.type', Session::ID_TYPE_EMAIL_PASSWORD)
                 ->where(
-                    'LOWER(' . $this->db->protectIdentifiers('auth_identities.secret') . ')',
+                    'LOWER(' . $this->db->protectIdentifiers(SHIELD_TABLES['identities'] . '.secret') . ')',
                     strtolower($email)
                 )
                 ->asArray()

diff --git a/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php b/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
@@ -143,7 +143,7 @@ public function testCheckSuccess(): void
         $user  = fake(UserModel::class);
         $token = $user->generateAccessToken('foo');
 
-        $this->seeInDatabase('auth_identities', [
+        $this->seeInDatabase(SHIELD_TABLES['identities'], [
             'user_id'      => $user->id,
             'type'         => 'access_token',
             'last_used_at' => null,
@@ -201,7 +201,7 @@ public function testAttemptSuccess(): void
         $this->assertSame($token->token, $foundUser->currentAccessToken()->token);
 
         // A login attempt should have been recorded
-        $this->seeInDatabase('auth_token_logins', [
+        $this->seeInDatabase(SHIELD_TABLES['token_logins'], [
             'id_type'    => AccessTokens::ID_TYPE_ACCESS_TOKEN,
             'identifier' => $token->raw_token,
             'success'    => 1,