From 81091df66b717a9d2c7496a8d2f4b5219790cad3 Mon Sep 17 00:00:00 2001 From: Marco Date: Fri, 20 Oct 2017 23:07:36 +0200 Subject: [PATCH] Drop constructor arguments 'useHttps' and 'allowCookiesScriptAccess' --- Migration.md | 4 ++-- README.md | 8 ++------ src/Auth.php | 10 +--------- 3 files changed, 5 insertions(+), 17 deletions(-) diff --git a/Migration.md b/Migration.md index 7c40afb..ef9b170 100644 --- a/Migration.md +++ b/Migration.md @@ -26,9 +26,9 @@ $ composer require delight-im/auth * The method `logOutButKeepSession` from class `Auth` is now simply called `logOut`. Therefore, the former method `logout` is now called `logOutAndDestroySession`. With both methods, mind the capitalization of the letter “O”. - * If you previously had the second argument of the `Auth` constructor, which is named `$useHttps`, set to `true`, make sure to set the value of the `session.cookie_secure` directive to `1` now. You may do so either directly in your [PHP configuration](http://php.net/manual/en/configuration.file.php) (`php.ini`), via the `\ini_set` method or via the `\session_set_cookie_params` method. Otherwise, make sure it is set to `0`. + * The second argument of the `Auth` constructor, which was named `$useHttps`, has been removed. If you previously had it set to `true`, make sure to set the value of the `session.cookie_secure` directive to `1` now. You may do so either directly in your [PHP configuration](http://php.net/manual/en/configuration.file.php) (`php.ini`), via the `\ini_set` method or via the `\session_set_cookie_params` method. Otherwise, make sure that directive is set to `0`. - * If you previously had the third argument of the `Auth` constructor, which is named `$allowCookiesScriptAccess`, set to `true`, make sure to set the value of the `session.cookie_httponly` directive to `0` now. You may do so either directly in your [PHP configuration](http://php.net/manual/en/configuration.file.php) (`php.ini`), via the `\ini_set` method or via the `\session_set_cookie_params` method. Otherwise, make sure it is set to `1`. + * The third argument of the `Auth` constructor, which was named `$allowCookiesScriptAccess`, has been removed. If you previously had it set to `true`, make sure to set the value of the `session.cookie_httponly` directive to `0` now. You may do so either directly in your [PHP configuration](http://php.net/manual/en/configuration.file.php) (`php.ini`), via the `\ini_set` method or via the `\session_set_cookie_params` method. Otherwise, make sure that directive is set to `1`. * Only if *both* of the following two conditions are met: diff --git a/README.md b/README.md index 8691f26..364b91a 100644 --- a/README.md +++ b/README.md @@ -104,13 +104,9 @@ $auth = new \Delight\Auth\Auth($db); If you have an open `PDO` connection already, just re-use it. -If you do enforce HTTPS on your site, pass `true` as the second parameter to the constructor. This is optional and the default is `false`. +If your web server is behind a proxy server and `$_SERVER['REMOTE_ADDR']` only contains the proxy’s IP address, you must pass the user’s real IP address to the constructor in the second argument, which is named `$ipAddress`. The default is `null`. -Only in the very rare case that you need access to your cookies from JavaScript, pass `true` as the third argument to the constructor. This is optional and the default is `false`. There is almost always a *better* solution than enabling this, however. - -If your web server is behind a proxy server and `$_SERVER['REMOTE_ADDR']` only contains the proxy’s IP address, you must pass the user’s real IP address to the constructor in the fourth argument. The default is `null`. - -Should your database tables for this library need a common prefix, e.g. `my_users` instead of `users` (and likewise for the other tables), pass the prefix (e.g. `my_`) as the fifth parameter to the constructor. This is optional and the prefix is empty by default. +Should your database tables for this library need a common prefix, e.g. `my_users` instead of `users` (and likewise for the other tables), pass the prefix (e.g. `my_`) as the third parameter to the constructor, which is named `$dbTablePrefix`. This is optional and the prefix is empty by default. ### Registration (sign up) diff --git a/src/Auth.php b/src/Auth.php index 2397afc..dfa1442 100644 --- a/src/Auth.php +++ b/src/Auth.php @@ -31,10 +31,6 @@ final class Auth extends UserManager { const COOKIE_PREFIXES = [ Cookie::PREFIX_SECURE, Cookie::PREFIX_HOST ]; const COOKIE_CONTENT_SEPARATOR = '~'; - /** @var boolean whether HTTPS (TLS/SSL) will be used (recommended) */ - private $useHttps; - /** @var boolean whether cookies should be accessible via client-side scripts (*not* recommended) */ - private $allowCookiesScriptAccess; /** @var string the user's current IP address */ private $ipAddress; /** @var string the name of the cookie used for the 'remember me' feature */ @@ -42,16 +38,12 @@ final class Auth extends UserManager { /** * @param PdoDatabase|PdoDsn|\PDO $databaseConnection the database connection to operate on - * @param bool $useHttps whether HTTPS (TLS/SSL) will be used (recommended) - * @param bool $allowCookiesScriptAccess whether cookies should be accessible via client-side scripts (*not* recommended) * @param string $ipAddress the IP address that should be used instead of the default setting (if any), e.g. when behind a proxy * @param string|null $dbTablePrefix (optional) the prefix for the names of all database tables used by this component */ - public function __construct($databaseConnection, $useHttps = false, $allowCookiesScriptAccess = false, $ipAddress = null, $dbTablePrefix = null) { + public function __construct($databaseConnection, $ipAddress = null, $dbTablePrefix = null) { parent::__construct($databaseConnection, $dbTablePrefix); - $this->useHttps = $useHttps; - $this->allowCookiesScriptAccess = $allowCookiesScriptAccess; $this->ipAddress = !empty($ipAddress) ? $ipAddress : (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : null); $this->rememberCookieName = self::createRememberCookieName();