From d7126ab739ba1f37d019aa92b736cf6688ee90c8 Mon Sep 17 00:00:00 2001
From: Samuel Asor <sammyskills@gmail.com>
Date: Fri, 5 Aug 2022 13:33:56 +0100
Subject: [PATCH 001/193] Fix email deliverabilty error log, switched
 createIdentity method to protected instead of private

---
 src/Authentication/Actions/Email2FA.php       | 17 ++++++++---------
 src/Authentication/Actions/EmailActivator.php | 17 ++++++++---------
 2 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index 7c781f285..148c4413e 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -71,14 +71,13 @@ public function handle(IncomingRequest $request)
 
         // Send the user an email with the code
         helper('email');
-        $return = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '')
-            ->setTo($user->email)
-            ->setSubject(lang('Auth.email2FASubject'))
-            ->setMessage(view(setting('Auth.views')['action_email_2fa_email'], ['code' => $identity->secret]))
-            ->send();
-
-        if ($return === false) {
-            throw new RuntimeException('Cannot send email for user: ' . $user->email);
+        $email = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '');
+        $email->setTo($user->email);
+        $email->setSubject(lang('Auth.email2FASubject'));
+        $email->setMessage(view(setting('Auth.views')['action_email_2fa_email'], ['code' => $identity->secret]));
+
+        if ($email->send(false) === false) {
+            throw new RuntimeException('Cannot send email for user: ' . $user->email . ' '. $email->printDebugger(['headers']));
         }
 
         return view(setting('Auth.views')['action_email_2fa_verify']);
@@ -115,7 +114,7 @@ public function afterLogin(User $user): void
         $this->createIdentity($user);
     }
 
-    private function createIdentity(User $user): void
+    protected function createIdentity(User $user): void
     {
         /** @var UserIdentityModel $identityModel */
         $identityModel = model(UserIdentityModel::class);
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index 1dcfb6aab..1853d55d8 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -41,14 +41,13 @@ public function show(): string
 
         // Send the email
         helper('email');
-        $return = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '')
-            ->setTo($userEmail)
-            ->setSubject(lang('Auth.emailActivateSubject'))
-            ->setMessage(view(setting('Auth.views')['action_email_activate_email'], ['code' => $code]))
-            ->send();
-
-        if ($return === false) {
-            throw new RuntimeException('Cannot send email for user: ' . $user->email);
+        $email = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '');
+        $email->setTo($userEmail);
+        $email->setSubject(lang('Auth.emailActivateSubject'));
+        $email->setMessage(view(setting('Auth.views')['action_email_activate_email'], ['code' => $code]));
+
+        if ($email->send(false) === false) {
+            throw new RuntimeException('Cannot send email for user: ' . $user->email . ' '. $email->printDebugger(['headers']));
         }
 
         // Display the info page
@@ -101,7 +100,7 @@ public function afterRegister(User $user): void
         $this->createIdentity($user);
     }
 
-    private function createIdentity(User $user): string
+    protected function createIdentity(User $user): string
     {
         /** @var UserIdentityModel $identityModel */
         $identityModel = model(UserIdentityModel::class);

From 61c2f714922d9d492d839880dcd03576837a5f04 Mon Sep 17 00:00:00 2001
From: Samuel Asor <sammyskills@gmail.com>
Date: Fri, 5 Aug 2022 14:07:31 +0100
Subject: [PATCH 002/193] Run cs-fix

---
 src/Authentication/Actions/Email2FA.php       | 2 +-
 src/Authentication/Actions/EmailActivator.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index 148c4413e..5c9e0e668 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -77,7 +77,7 @@ public function handle(IncomingRequest $request)
         $email->setMessage(view(setting('Auth.views')['action_email_2fa_email'], ['code' => $identity->secret]));
 
         if ($email->send(false) === false) {
-            throw new RuntimeException('Cannot send email for user: ' . $user->email . ' '. $email->printDebugger(['headers']));
+            throw new RuntimeException('Cannot send email for user: ' . $user->email . ' ' . $email->printDebugger(['headers']));
         }
 
         return view(setting('Auth.views')['action_email_2fa_verify']);
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index 1853d55d8..be5a46143 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -47,7 +47,7 @@ public function show(): string
         $email->setMessage(view(setting('Auth.views')['action_email_activate_email'], ['code' => $code]));
 
         if ($email->send(false) === false) {
-            throw new RuntimeException('Cannot send email for user: ' . $user->email . ' '. $email->printDebugger(['headers']));
+            throw new RuntimeException('Cannot send email for user: ' . $user->email . ' ' . $email->printDebugger(['headers']));
         }
 
         // Display the info page

From 37ee410ea3069ae7a5de707de9e37f1286c06d6a Mon Sep 17 00:00:00 2001
From: Samuel Asor <sammyskills@gmail.com>
Date: Sat, 6 Aug 2022 13:39:16 +0100
Subject: [PATCH 003/193] Added email error log for MagicLinkController

---
 src/Controllers/MagicLinkController.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index d59309a08..ae413995f 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -90,13 +90,13 @@ public function loginAction()
 
         // Send the user an email with the code
         helper('email');
-        $return = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '')
-            ->setTo($user->email)
-            ->setSubject(lang('Auth.magicLinkSubject'))
-            ->setMessage(view(setting('Auth.views')['magic-link-email'], ['token' => $token]))
-            ->send();
+        $email = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '');
+        $email->setTo($user->email);
+        $email->setSubject(lang('Auth.magicLinkSubject'));
+        $email->setMessage(view(setting('Auth.views')['magic-link-email'], ['token' => $token]));
 
-        if ($return === false) {
+        if ($email->send(false) === false) {
+            log_message('error', $email->printDebugger(['headers']));
             return redirect()->route('magic-link')->with('error', lang('Auth.unableSendEmailToUser', [$user->email]));
         }
 

From 570377be72b36edcce4270fe4c6211d4b275b483 Mon Sep 17 00:00:00 2001
From: Samuel Asor <sammyskills@gmail.com>
Date: Sat, 6 Aug 2022 13:41:44 +0100
Subject: [PATCH 004/193] Show headers error in a new line instead of inline,
 returned the scope of createIdentity() to it's default, so it can be added as
 a separate PR

---
 src/Authentication/Actions/Email2FA.php       | 4 ++--
 src/Authentication/Actions/EmailActivator.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index 5c9e0e668..dedfd0b5c 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -77,7 +77,7 @@ public function handle(IncomingRequest $request)
         $email->setMessage(view(setting('Auth.views')['action_email_2fa_email'], ['code' => $identity->secret]));
 
         if ($email->send(false) === false) {
-            throw new RuntimeException('Cannot send email for user: ' . $user->email . ' ' . $email->printDebugger(['headers']));
+            throw new RuntimeException('Cannot send email for user: ' . $user->email . '\n' . $email->printDebugger(['headers']));
         }
 
         return view(setting('Auth.views')['action_email_2fa_verify']);
@@ -114,7 +114,7 @@ public function afterLogin(User $user): void
         $this->createIdentity($user);
     }
 
-    protected function createIdentity(User $user): void
+    private function createIdentity(User $user): void
     {
         /** @var UserIdentityModel $identityModel */
         $identityModel = model(UserIdentityModel::class);
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index be5a46143..a0c96b8b5 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -47,7 +47,7 @@ public function show(): string
         $email->setMessage(view(setting('Auth.views')['action_email_activate_email'], ['code' => $code]));
 
         if ($email->send(false) === false) {
-            throw new RuntimeException('Cannot send email for user: ' . $user->email . ' ' . $email->printDebugger(['headers']));
+            throw new RuntimeException('Cannot send email for user: ' . $user->email . '\n' . $email->printDebugger(['headers']));
         }
 
         // Display the info page
@@ -100,7 +100,7 @@ public function afterRegister(User $user): void
         $this->createIdentity($user);
     }
 
-    protected function createIdentity(User $user): string
+    private function createIdentity(User $user): string
     {
         /** @var UserIdentityModel $identityModel */
         $identityModel = model(UserIdentityModel::class);

From 2d39f84afd6962d8e422b551ae8ab5011938177b Mon Sep 17 00:00:00 2001
From: Samuel Asor <sammyskills@gmail.com>
Date: Sat, 6 Aug 2022 13:54:12 +0100
Subject: [PATCH 005/193] Run composer cs-fix

---
 src/Controllers/MagicLinkController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index ae413995f..f7837bfcd 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -97,6 +97,7 @@ public function loginAction()
 
         if ($email->send(false) === false) {
             log_message('error', $email->printDebugger(['headers']));
+
             return redirect()->route('magic-link')->with('error', lang('Auth.unableSendEmailToUser', [$user->email]));
         }
 

From 9fbdd0ac30749ca35cb5665ffef47ddb4a76dac1 Mon Sep 17 00:00:00 2001
From: Samuel Asor <sammyskills@gmail.com>
Date: Sun, 7 Aug 2022 18:03:34 +0100
Subject: [PATCH 006/193] Cleared the email since it is shared

---
 src/Helpers/email_helper.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Helpers/email_helper.php b/src/Helpers/email_helper.php
index f2314b129..ba3bfea90 100644
--- a/src/Helpers/email_helper.php
+++ b/src/Helpers/email_helper.php
@@ -43,6 +43,9 @@ function emailer(array $overrides = []): Email
         /** @var Email $email */
         $email = service('email');
 
+        // Clear previous email states since this is shared
+        $email->clear();
+
         return $email->initialize($config);
     }
 }

From e47e0841a0e5f3b46eb13392c7e66544474f41d5 Mon Sep 17 00:00:00 2001
From: Samuel Asor <sammyskills@gmail.com>
Date: Sun, 7 Aug 2022 18:18:30 +0100
Subject: [PATCH 007/193] Removed deprecated second param in forge's
 createTable method

---
 .../2020-12-28-223112_create_auth_tables.php       | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php b/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php
index c3c39acf5..53a17bcb1 100644
--- a/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php
+++ b/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php
@@ -22,7 +22,7 @@ public function up(): void
         ]);
         $this->forge->addPrimaryKey('id');
         $this->forge->addUniqueKey('username');
-        $this->forge->createTable('users', true);
+        $this->forge->createTable('users');
 
         /*
          * Auth Identities Table
@@ -46,7 +46,7 @@ public function up(): void
         $this->forge->addUniqueKey(['type', 'secret']);
         $this->forge->addKey('user_id');
         $this->forge->addForeignKey('user_id', 'users', 'id', '', 'CASCADE');
-        $this->forge->createTable('auth_identities', true);
+        $this->forge->createTable('auth_identities');
 
         /**
          * Auth Login Attempts Table
@@ -67,7 +67,7 @@ public function up(): void
         $this->forge->addKey(['id_type', 'identifier']);
         $this->forge->addKey('user_id');
         // NOTE: Do NOT delete the user_id or identifier when the user is deleted for security audits
-        $this->forge->createTable('auth_logins', true);
+        $this->forge->createTable('auth_logins');
 
         /*
          * Auth Token Login Attempts Table
@@ -87,7 +87,7 @@ public function up(): void
         $this->forge->addKey(['id_type', 'identifier']);
         $this->forge->addKey('user_id');
         // NOTE: Do NOT delete the user_id or identifier when the user is deleted for security audits
-        $this->forge->createTable('auth_token_logins', true);
+        $this->forge->createTable('auth_token_logins');
 
         /*
          * Auth Remember Tokens (remember-me) Table
@@ -105,7 +105,7 @@ public function up(): void
         $this->forge->addPrimaryKey('id');
         $this->forge->addUniqueKey('selector');
         $this->forge->addForeignKey('user_id', 'users', 'id', '', 'CASCADE');
-        $this->forge->createTable('auth_remember_tokens', true);
+        $this->forge->createTable('auth_remember_tokens');
 
         // Groups Users Table
         $this->forge->addField([
@@ -116,7 +116,7 @@ public function up(): void
         ]);
         $this->forge->addPrimaryKey('id');
         $this->forge->addForeignKey('user_id', 'users', 'id', '', 'CASCADE');
-        $this->forge->createTable('auth_groups_users', true);
+        $this->forge->createTable('auth_groups_users');
 
         // Users Permissions Table
         $this->forge->addField([
@@ -127,7 +127,7 @@ public function up(): void
         ]);
         $this->forge->addPrimaryKey('id');
         $this->forge->addForeignKey('user_id', 'users', 'id', '', 'CASCADE');
-        $this->forge->createTable('auth_permissions_users', true);
+        $this->forge->createTable('auth_permissions_users');
     }
 
     //--------------------------------------------------------------------

From ea9e40703d46008050df5e5f394782329410ac97 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 8 Aug 2022 11:07:46 +0900
Subject: [PATCH 008/193] chore: add github/release.yml

---
 .github/release.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 .github/release.yml

diff --git a/.github/release.yml b/.github/release.yml
new file mode 100644
index 000000000..de6e982d9
--- /dev/null
+++ b/.github/release.yml
@@ -0,0 +1,23 @@
+changelog:
+  exclude:
+    authors:
+      - dependabot
+  categories:
+    - title: Breaking Changes
+      labels:
+        - 'breaking change'
+    - title: Fixed Bugs
+      labels:
+        - bug
+    - title: New Features
+      labels:
+        - 'new feature'
+    - title: Enhancements
+      labels:
+        - enhancement
+    - title: Refactoring
+      labels:
+        - refactor
+    - title: Others (Only for checking. Remove this category)
+      labels:
+        - "*"

From 97bd786abce98a46d3fdbb3c9aef712f68ddaa00 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Mon, 8 Aug 2022 06:43:13 +0330
Subject: [PATCH 009/193] fix: translate field name in validate error for
 `RegisterController`

---
 src/Controllers/RegisterController.php | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/Controllers/RegisterController.php b/src/Controllers/RegisterController.php
index e00e803bc..00c873974 100644
--- a/src/Controllers/RegisterController.php
+++ b/src/Controllers/RegisterController.php
@@ -151,10 +151,22 @@ protected function getValidationRules(): array
         );
 
         return setting('Validation.registration') ?? [
-            'username'         => $registrationUsernameRules,
-            'email'            => $registrationEmailRules,
-            'password'         => 'required|strong_password',
-            'password_confirm' => 'required|matches[password]',
+            'username' => [
+                'label' => 'Auth.username',
+                'rules' => $registrationUsernameRules,
+            ],
+            'email' => [
+                'label' => 'Auth.email',
+                'rules' => $registrationEmailRules,
+            ],
+            'password' => [
+                'label' => 'Auth.password',
+                'rules' => 'required|strong_password',
+            ],
+            'password_confirm' => [
+                'label' => 'Auth.passwordConfirm',
+                'rules' => 'required|matches[password]',
+            ],
         ];
     }
 }

From a941c4d51e81e12b64772d648be11e94100c3dab Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Mon, 8 Aug 2022 06:47:19 +0330
Subject: [PATCH 010/193] fix: translate field name in validate error for
 `MagicLinkController`

---
 src/Controllers/MagicLinkController.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index d59309a08..e62f68d3e 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -191,7 +191,10 @@ private function recordLoginAttempt(
     protected function getValidationRules(): array
     {
         return [
-            'email' => config('AuthSession')->emailValidationRules,
+            'email' => [
+                'label' => 'Auth.email',
+                'rules' => config('AuthSession')->emailValidationRules,
+            ],
         ];
     }
 }

From 7092f7d7db7588cd9378e58549ab970c05448958 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Mon, 8 Aug 2022 06:59:32 +0330
Subject: [PATCH 011/193] fix: translate field name in validate error for
 `LoginController`

---
 src/Controllers/LoginController.php | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
index 8042cd750..7e28554d6 100644
--- a/src/Controllers/LoginController.php
+++ b/src/Controllers/LoginController.php
@@ -70,9 +70,18 @@ public function loginAction(): RedirectResponse
     protected function getValidationRules(): array
     {
         return setting('Validation.login') ?? [
-            //'username' => config('AuthSession')->usernameValidationRules,
-            'email'    => config('AuthSession')->emailValidationRules,
-            'password' => 'required',
+            // 'username' => [
+            //     'label' => 'Auth.username',
+            //     'rules' => config('AuthSession')->usernameValidationRules,
+            // ],
+            'email' => [
+                'label' => 'Auth.email',
+                'rules' => config('AuthSession')->emailValidationRules,
+            ],
+            'password' => [
+                'label' => 'Auth.password',
+                'rules' => 'required',
+            ],
         ];
     }
 

From 656e09819c4a952f83beb90dd492deede91eb869 Mon Sep 17 00:00:00 2001
From: Samuel Asor <sammyskills@gmail.com>
Date: Mon, 8 Aug 2022 05:03:58 +0100
Subject: [PATCH 012/193] get new instance of emailer helper

---
 src/Helpers/email_helper.php | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/Helpers/email_helper.php b/src/Helpers/email_helper.php
index ba3bfea90..26d3f1ce5 100644
--- a/src/Helpers/email_helper.php
+++ b/src/Helpers/email_helper.php
@@ -41,10 +41,7 @@ function emailer(array $overrides = []): Email
         }
 
         /** @var Email $email */
-        $email = service('email');
-
-        // Clear previous email states since this is shared
-        $email->clear();
+        $email = service('email', false);
 
         return $email->initialize($config);
     }

From 90955ea0a78ac303cffbf8da35ec023c5ebce84b Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Mon, 8 Aug 2022 07:36:40 +0330
Subject: [PATCH 013/193] docs: update validation rules whit field label

---
 docs/customization.md | 60 ++++++++++++++++++++++++++-----------------
 1 file changed, 36 insertions(+), 24 deletions(-)

diff --git a/docs/customization.md b/docs/customization.md
index 84036cc1c..d6958710c 100644
--- a/docs/customization.md
+++ b/docs/customization.md
@@ -95,35 +95,47 @@ Shield has the following rules for registration:
 
 ```php
 [
-    'username'         => [
-            'required',
-            'max_length[30]',
-            'min_length[3]',
-            'regex_match[/\A[a-zA-Z0-9\.]+\z/]',
-            'is_unique[users.username]',
-        ],
-    'email'            => 'required|max_length[254]|valid_email|is_unique[auth_identities.secret]',
-    'password'         => 'required|strong_password',
-    'password_confirm' => 'required|matches[password]',
+    'username' => [
+        'label' =>  'Auth.username',
+        'rules' => 'required|max_length[30]|min_length[3]|regex_match[/\A[a-zA-Z0-9\.]+\z/]|is_unique[users.username]',
+    ],
+    'email' => [
+        'label' =>  'Auth.email',
+        'rules' => 'required|max_length[254]|valid_email|is_unique[auth_identities.secret]',
+    ],
+    'password' => [
+        'label' =>  'Auth.password',
+        'rules' => 'required|strong_password',
+    ],
+    'password_confirm' => [
+        'label' =>  'Auth.passwordConfirm',
+        'rules' => 'required|matches[password]',
+    ],
 ];
 ```
 
 If you need a different set of rules for registration, you can specify them in your `Validation` configuration (**app/Config/Validation.php**) like:
 
 ```php
-//--------------------------------------------------------------------
-// Rules
-//--------------------------------------------------------------------
-public $registration = [
-    'username'         => [
-            'required',
-            'max_length[30]',
-            'min_length[3]',
-            'regex_match[/\A[a-zA-Z0-9\.]+\z/]',
-            'is_unique[users.username]',
+    //--------------------------------------------------------------------
+    // Rules
+    //--------------------------------------------------------------------
+    public $registration = [
+        'username' => [
+            'label' =>  'Auth.username',
+            'rules' => 'required|max_length[30]|min_length[3]|regex_match[/\A[a-zA-Z0-9\.]+\z/]|is_unique[users.username]',
         ],
-    'email'            => 'required|max_length[254]|valid_email|is_unique[auth_identities.secret]',
-    'password'         => 'required|strong_password',
-    'password_confirm' => 'required|matches[password]',
-];
+        'email' => [
+            'label' =>  'Auth.email',
+            'rules' => 'required|max_length[254]|valid_email|is_unique[auth_identities.secret]',
+        ],
+        'password' => [
+            'label' =>  'Auth.password',
+            'rules' => 'required|strong_password',
+        ],
+        'password_confirm' => [
+            'label' =>  'Auth.passwordConfirm',
+            'rules' => 'required|matches[password]',
+        ],
+    ];
 ```

From fed55fd742c46cf664cf56a6c12cd72d915ef669 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Tue, 9 Aug 2022 07:36:56 +0330
Subject: [PATCH 014/193] fix: show validate errors in `magic-link`

---
 src/Controllers/MagicLinkController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index e62f68d3e..b279f87c3 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -60,7 +60,7 @@ public function loginAction()
         // Validate email format
         $rules = $this->getValidationRules();
         if (! $this->validate($rules)) {
-            return redirect()->route('magic-link')->with('error', lang('Auth.invalidEmail'));
+            return redirect()->route('magic-link')->with('errors', $this->validator->getErrors());
         }
 
         // Check if the user exists

From 7bc38cf745cd8aa3cc67d62679358fd50dce00d6 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Tue, 9 Aug 2022 07:45:46 +0330
Subject: [PATCH 015/193] fix: update view of `magic_link_form` for show
 validate errors

---
 src/Views/magic_link_form.php | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/Views/magic_link_form.php b/src/Views/magic_link_form.php
index f0f38ffb9..35bfde4f1 100644
--- a/src/Views/magic_link_form.php
+++ b/src/Views/magic_link_form.php
@@ -9,9 +9,20 @@
         <div class="card-body">
             <h5 class="card-title mb-5"><?= lang('Auth.useMagicLink') ?></h5>
 
-            <?php if (session('error') !== null) : ?>
-            <div class="alert alert-danger" role="alert"><?= session('error') ?></div>
-            <?php endif ?>
+                <?php if (session('error') !== null) : ?>
+                    <div class="alert alert-danger" role="alert"><?= session('error') ?></div>
+                <?php elseif (session('errors') !== null) : ?>
+                    <div class="alert alert-danger" role="alert">
+                        <?php if (is_array(session('errors'))) : ?>
+                            <?php foreach (session('errors') as $error) : ?>
+                                <?= $error ?>
+                                <br>
+                            <?php endforeach ?>
+                        <?php else : ?>
+                            <?= session('errors') ?>
+                        <?php endif ?>
+                    </div>
+                <?php endif ?>
 
             <form action="<?= url_to('magic-link') ?>" method="post">
                 <?= csrf_field() ?>

From 8036f92498a3b6178a8041611020ac3ed256a27f Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Tue, 9 Aug 2022 08:55:43 +0330
Subject: [PATCH 016/193] test: check show validate errors in `MagicLink`

---
 tests/Authentication/MagicLinkTest.php |  4 +++-
 tests/Controllers/MagicLinkTest.php    | 11 +++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/tests/Authentication/MagicLinkTest.php b/tests/Authentication/MagicLinkTest.php
index 93602625d..233fee0dc 100644
--- a/tests/Authentication/MagicLinkTest.php
+++ b/tests/Authentication/MagicLinkTest.php
@@ -50,7 +50,9 @@ public function testMagicLinkSubmitNoEmail(): void
         ]);
 
         $result->assertRedirectTo(route_to('magic-link'));
-        $result->assertSessionHas('error', lang('Auth.invalidEmail'));
+        $expected = ['email' => 'The Email Address field is required.'];
+
+        $result->assertSessionHas('errors', $expected);
     }
 
     public function testMagicLinkSubmitBadEmail(): void
diff --git a/tests/Controllers/MagicLinkTest.php b/tests/Controllers/MagicLinkTest.php
index 4ecbb45cf..956f2ccee 100644
--- a/tests/Controllers/MagicLinkTest.php
+++ b/tests/Controllers/MagicLinkTest.php
@@ -46,4 +46,15 @@ public function testAfterLoggedInNotAllowDisplayMagicLink()
         $result = $this->get('/login/magic-link');
         $result->assertRedirectTo(config('Auth')->loginRedirect());
     }
+
+    public function testShowValidateErrorsInMagicLink()
+    {
+        $result = $this->post('/login/magic-link', [
+            'email' => 'foo@example',
+        ]);
+
+        $expected = ['email' => 'The Email Address field must contain a valid email address.'];
+
+        $result->assertSessionHas('errors', $expected);
+    }
 }

From fc59afc2c838f873879cd1ead79a5b8b23b7e530 Mon Sep 17 00:00:00 2001
From: MitkoIT <71694441+MitkoIT@users.noreply.github.com>
Date: Tue, 9 Aug 2022 11:55:19 +0200
Subject: [PATCH 017/193] Load an auth helper in ActionController

---
 src/Controllers/ActionController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controllers/ActionController.php b/src/Controllers/ActionController.php
index 359cfe266..895a515e0 100644
--- a/src/Controllers/ActionController.php
+++ b/src/Controllers/ActionController.php
@@ -16,7 +16,7 @@
 class ActionController extends BaseController
 {
     protected ?ActionInterface $action = null;
-    protected $helpers                 = ['setting'];
+    protected $helpers                 = ['auth', 'setting'];
 
     /**
      * Perform an initial check if we have a valid action or not.

From 2e0285af7621302290d2fd3ecab068b1d5fec507 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Wed, 10 Aug 2022 08:33:01 +0330
Subject: [PATCH 018/193] docs: remove unnecessary details of `CI4.1.x`

---
 docs/install.md | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/docs/install.md b/docs/install.md
index c24eabe4e..7f6975c88 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -95,8 +95,6 @@ If you get `Specified key was too long` error:
 > php spark shield:setup
 ```
 
-2. If you are running CodeIgniter v4.1.x, go to *Manual Setup* 4.
-
 ### Manual Setup
 
 There are a few setup items to do before you can start using Shield in
@@ -139,21 +137,6 @@ This requires that all of your controllers extend the `BaseController`, but that
 service('auth')->routes($routes);
 ```
 
-4. (If you are running CodeIgniter v4.2.0 or higher you can skip this step). Add the new password validation rules
-by editing `app/Config/Validation.php`:
-
-```php
-use CodeIgniter\Shield\Authentication\Passwords\ValidationRules as PasswordRules;
-
-public $ruleSets = [
-        Rules::class,
-        FormatRules::class,
-        FileRules::class,
-        CreditCardRules::class,
-        PasswordRules::class     // <!-- add this line
-    ];
-```
-
 ## Controller Filters
 
 Shield provides 4 [Controller Filters](https://codeigniter.com/user_guide/incoming/filters.html) you can

From 071ff39a8a8471a1376788060f9635f859216f81 Mon Sep 17 00:00:00 2001
From: Samuel Asor <sammyskills@gmail.com>
Date: Wed, 10 Aug 2022 07:15:26 +0100
Subject: [PATCH 019/193] use line breaks instead of literal '\n'

---
 src/Authentication/Actions/Email2FA.php       | 15 +++++++--------
 src/Authentication/Actions/EmailActivator.php | 15 +++++++--------
 src/Controllers/MagicLinkController.php       | 13 +++++++------
 src/Helpers/email_helper.php                  |  2 +-
 4 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index fa6196018..b83b92372 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -71,14 +71,13 @@ public function handle(IncomingRequest $request)
 
         // Send the user an email with the code
         helper('email');
-        $return = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '')
-            ->setTo($user->email)
-            ->setSubject(lang('Auth.email2FASubject'))
-            ->setMessage(view(setting('Auth.views')['action_email_2fa_email'], ['code' => $identity->secret]))
-            ->send();
-
-        if ($return === false) {
-            throw new RuntimeException('Cannot send email for user: ' . $user->email);
+        $email = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '');
+        $email->setTo($user->email);
+        $email->setSubject(lang('Auth.email2FASubject'));
+        $email->setMessage(view(setting('Auth.views')['action_email_2fa_email'], ['code' => $identity->secret]));
+
+        if ($email->send(false) === false) {
+            throw new RuntimeException('Cannot send email for user: ' . $user->email . "\n" . $email->printDebugger(['headers']));
         }
 
         return view(setting('Auth.views')['action_email_2fa_verify']);
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index fee58bcc5..234cb42bb 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -41,14 +41,13 @@ public function show(): string
 
         // Send the email
         helper('email');
-        $return = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '')
-            ->setTo($userEmail)
-            ->setSubject(lang('Auth.emailActivateSubject'))
-            ->setMessage(view(setting('Auth.views')['action_email_activate_email'], ['code' => $code]))
-            ->send();
-
-        if ($return === false) {
-            throw new RuntimeException('Cannot send email for user: ' . $user->email);
+        $email = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '');
+        $email->setTo($userEmail);
+        $email->setSubject(lang('Auth.emailActivateSubject'));
+        $email->setMessage(view(setting('Auth.views')['action_email_activate_email'], ['code' => $code]));
+
+        if ($email->send(false) === false) {
+            throw new RuntimeException('Cannot send email for user: ' . $user->email . "\n" . $email->printDebugger(['headers']));
         }
 
         // Display the info page
diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index e62f68d3e..21ef23302 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -90,13 +90,14 @@ public function loginAction()
 
         // Send the user an email with the code
         helper('email');
-        $return = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '')
-            ->setTo($user->email)
-            ->setSubject(lang('Auth.magicLinkSubject'))
-            ->setMessage(view(setting('Auth.views')['magic-link-email'], ['token' => $token]))
-            ->send();
+        $email = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '');
+        $email->setTo($user->email);
+        $email->setSubject(lang('Auth.magicLinkSubject'));
+        $email->setMessage(view(setting('Auth.views')['magic-link-email'], ['token' => $token]));
+
+        if ($email->send(false) === false) {
+            log_message('error', $email->printDebugger(['headers']));
 
-        if ($return === false) {
             return redirect()->route('magic-link')->with('error', lang('Auth.unableSendEmailToUser', [$user->email]));
         }
 
diff --git a/src/Helpers/email_helper.php b/src/Helpers/email_helper.php
index f2314b129..26d3f1ce5 100644
--- a/src/Helpers/email_helper.php
+++ b/src/Helpers/email_helper.php
@@ -41,7 +41,7 @@ function emailer(array $overrides = []): Email
         }
 
         /** @var Email $email */
-        $email = service('email');
+        $email = service('email', false);
 
         return $email->initialize($config);
     }

From 011884db79f3903d88ed7be18e9bf30ac2d73f2d Mon Sep 17 00:00:00 2001
From: Samuel Asor <sammyskills@gmail.com>
Date: Wed, 10 Aug 2022 08:06:13 +0100
Subject: [PATCH 020/193] =?UTF-8?q?Cleared=20the=20shared=20email=20servic?=
 =?UTF-8?q?e=20within=20the=20calling=20controller/action=20instead=20of?=
 =?UTF-8?q?=20the=20=1Bmailer()=20helper?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/Authentication/Actions/Email2FA.php       | 3 +++
 src/Authentication/Actions/EmailActivator.php | 3 +++
 src/Controllers/MagicLinkController.php       | 3 +++
 src/Helpers/email_helper.php                  | 2 +-
 4 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index b83b92372..2c5c80dbf 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -80,6 +80,9 @@ public function handle(IncomingRequest $request)
             throw new RuntimeException('Cannot send email for user: ' . $user->email . "\n" . $email->printDebugger(['headers']));
         }
 
+        // Clear the email
+        $email->clear();
+
         return view(setting('Auth.views')['action_email_2fa_verify']);
     }
 
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index 234cb42bb..1f66dd79d 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -50,6 +50,9 @@ public function show(): string
             throw new RuntimeException('Cannot send email for user: ' . $user->email . "\n" . $email->printDebugger(['headers']));
         }
 
+        // Clear the email
+        $email->clear();
+
         // Display the info page
         return view(setting('Auth.views')['action_email_activate_show'], ['user' => $user]);
     }
diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index 21ef23302..7ccce0900 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -101,6 +101,9 @@ public function loginAction()
             return redirect()->route('magic-link')->with('error', lang('Auth.unableSendEmailToUser', [$user->email]));
         }
 
+        // Clear the email
+        $email->clear();
+
         return $this->displayMessage();
     }
 
diff --git a/src/Helpers/email_helper.php b/src/Helpers/email_helper.php
index 26d3f1ce5..f2314b129 100644
--- a/src/Helpers/email_helper.php
+++ b/src/Helpers/email_helper.php
@@ -41,7 +41,7 @@ function emailer(array $overrides = []): Email
         }
 
         /** @var Email $email */
-        $email = service('email', false);
+        $email = service('email');
 
         return $email->initialize($config);
     }

From 39bc23afe71714dd0df498be703034ff231c2ce5 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 11 Aug 2022 11:08:34 +0900
Subject: [PATCH 021/193] refactor: remove unused Auth::$views items

---
 src/Config/Auth.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/Config/Auth.php b/src/Config/Auth.php
index bae29f048..d0452fa73 100644
--- a/src/Config/Auth.php
+++ b/src/Config/Auth.php
@@ -20,8 +20,6 @@ class Auth extends BaseConfig
     public array $views = [
         'login'                       => '\CodeIgniter\Shield\Views\login',
         'register'                    => '\CodeIgniter\Shield\Views\register',
-        'forgotPassword'              => '\CodeIgniter\Shield\Views\forgot_password',
-        'resetPassword'               => '\CodeIgniter\Shield\Views\reset_password',
         'layout'                      => '\CodeIgniter\Shield\Views\layout',
         'action_email_2fa'            => '\CodeIgniter\Shield\Views\email_2fa_show',
         'action_email_2fa_verify'     => '\CodeIgniter\Shield\Views\email_2fa_verify',

From baee42cd97bdb927c012192ce2ce023f6158b646 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 11 Aug 2022 11:25:37 +0900
Subject: [PATCH 022/193] refactor: add intermediate variable and specify type

To jump to the method definition quickly.
---
 src/Filters/TokenAuth.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Filters/TokenAuth.php b/src/Filters/TokenAuth.php
index 6e764c44b..b32519761 100644
--- a/src/Filters/TokenAuth.php
+++ b/src/Filters/TokenAuth.php
@@ -7,6 +7,7 @@
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\HTTP\Response;
 use CodeIgniter\HTTP\ResponseInterface;
+use CodeIgniter\Shield\Authentication\Authenticators\AccessTokens;
 
 /**
  * Access Token Authentication Filter.
@@ -33,7 +34,10 @@ public function before(RequestInterface $request, $arguments = null)
     {
         helper(['auth', 'setting']);
 
-        $result = auth('tokens')->authenticate([
+        /** @var AccessTokens $authenticator */
+        $authenticator = auth('tokens')->getAuthenticator();
+
+        $result = $authenticator->attempt([
             'token' => $request->getHeaderLine(setting('Auth.authenticatorHeader')['tokens'] ?? 'Authorization'),
         ]);
 

From b8cca4782ba397d0e0ac60407557c35b747c41dd Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 11 Aug 2022 11:54:50 +0900
Subject: [PATCH 023/193] test: add test for Auth::authenticate()

---
 tests/Authentication/AuthTest.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 tests/Authentication/AuthTest.php

diff --git a/tests/Authentication/AuthTest.php b/tests/Authentication/AuthTest.php
new file mode 100644
index 000000000..05aca89b6
--- /dev/null
+++ b/tests/Authentication/AuthTest.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Tests\Authentication;
+
+use CodeIgniter\Shield\Config\Services;
+use Tests\Support\DatabaseTestCase;
+
+/**
+ * @internal
+ */
+final class AuthTest extends DatabaseTestCase
+{
+    public function testAuthenticateFail(): void
+    {
+        $auth = Services::auth();
+
+        $credentials = ['email' => ''];
+        $result      = $auth->authenticate($credentials);
+
+        $this->assertFalse($result->isOK());
+    }
+}

From a56294c1b926e30f2d65dc9864c0528e602db768 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Thu, 11 Aug 2022 07:24:42 +0330
Subject: [PATCH 024/193] docs: add link for custom validation rules

---
 docs/customization.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/customization.md b/docs/customization.md
index d6958710c..728a58df6 100644
--- a/docs/customization.md
+++ b/docs/customization.md
@@ -4,6 +4,7 @@
   - [Route Configuration](#route-configuration)
   - [Custom Redirect URLs](#custom-redirect-urls)
   - [Extending the Controllers](#extending-the-controllers)
+  - [Custom Validation Rules](#custom-validation-rules)
 
 ## Route Configuration
 
@@ -87,7 +88,7 @@ class LoginController extends ShieldLogin
 }
 ```
 
-## Custom validation rules
+## Custom Validation Rules
 
 ### Registration
 

From 6d313440cefe3a7e8bb33c64931b36280a4f4bd4 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Thu, 11 Aug 2022 09:17:26 +0330
Subject: [PATCH 025/193] docs: add description custom rules for login

---
 docs/customization.md | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/docs/customization.md b/docs/customization.md
index 728a58df6..4e609b430 100644
--- a/docs/customization.md
+++ b/docs/customization.md
@@ -5,6 +5,8 @@
   - [Custom Redirect URLs](#custom-redirect-urls)
   - [Extending the Controllers](#extending-the-controllers)
   - [Custom Validation Rules](#custom-validation-rules)
+    - [Registration](#registration)
+    - [Login](#login)
 
 ## Route Configuration
 
@@ -119,7 +121,7 @@ If you need a different set of rules for registration, you can specify them in y
 
 ```php
     //--------------------------------------------------------------------
-    // Rules
+    // Rules For Registration
     //--------------------------------------------------------------------
     public $registration = [
         'username' => [
@@ -140,3 +142,27 @@ If you need a different set of rules for registration, you can specify them in y
         ],
     ];
 ```
+
+### Login
+
+Similar to what was explained about the setting of validation rules for **Registration** section, you can add the rules of the login form in file (**app/Config/Validation.php**) and change the rules.
+
+```php
+    //--------------------------------------------------------------------
+    // Rules For Login 
+    //--------------------------------------------------------------------
+    public $login = [
+        // 'username' => [
+        //     'label' =>  'Auth.username',
+        //     'rules' => 'required|max_length[30]|min_length[3]|regex_match[/\A[a-zA-Z0-9\.]+\z/]',
+        // ],
+        'email' => [
+            'label' =>  'Auth.email',
+            'rules' => 'required|max_length[254]|valid_email',
+        ],
+        'password' => [
+            'label' =>  'Auth.password',
+            'rules' => 'required',
+        ],
+    ];
+```

From 47ecfaa76de1354785f968bd6d46c7eabeee1d6b Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>
Date: Thu, 11 Aug 2022 15:41:03 +0430
Subject: [PATCH 026/193] Update docs/customization.md

Thanks!
**Done**

Co-authored-by: MGatner <mgatner@icloud.com>
---
 docs/customization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/customization.md b/docs/customization.md
index 4e609b430..6e323c20d 100644
--- a/docs/customization.md
+++ b/docs/customization.md
@@ -145,7 +145,7 @@ If you need a different set of rules for registration, you can specify them in y
 
 ### Login
 
-Similar to what was explained about the setting of validation rules for **Registration** section, you can add the rules of the login form in file (**app/Config/Validation.php**) and change the rules.
+Similar to the process for validation rules in the **Registration** section, you can add rules for the login form to **app/Config/Validation.php** and change the rules.
 
 ```php
     //--------------------------------------------------------------------

From 13738e7d0cf361f81d58c287a21797336a4fa2c4 Mon Sep 17 00:00:00 2001
From: MitkoIT <71694441+MitkoIT@users.noreply.github.com>
Date: Fri, 12 Aug 2022 10:05:54 +0200
Subject: [PATCH 027/193] Update bootstrap col on mobile device

---
 src/Views/email_2fa_show.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Views/email_2fa_show.php b/src/Views/email_2fa_show.php
index 43c3ae151..46cf68cf4 100644
--- a/src/Views/email_2fa_show.php
+++ b/src/Views/email_2fa_show.php
@@ -5,7 +5,7 @@
 <?= $this->section('main') ?>
 
 <div class="container d-flex justify-content-center p-5">
-    <div class="card col-5 shadow-sm">
+    <div class="card col-12 col-md-5 shadow-sm">
         <div class="card-body">
             <h5 class="card-title mb-5"><?= lang('Auth.email2FATitle') ?></h5>
 

From 6d2510add7d3224055d4e40ce0fbe8ce6721310f Mon Sep 17 00:00:00 2001
From: MitkoIT <71694441+MitkoIT@users.noreply.github.com>
Date: Fri, 12 Aug 2022 10:41:46 +0200
Subject: [PATCH 028/193] Update email_2fa_verify.php

---
 src/Views/email_2fa_verify.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Views/email_2fa_verify.php b/src/Views/email_2fa_verify.php
index 92f7ed6b9..722977b8c 100644
--- a/src/Views/email_2fa_verify.php
+++ b/src/Views/email_2fa_verify.php
@@ -5,7 +5,7 @@
 <?= $this->section('main') ?>
 
 <div class="container d-flex justify-content-center p-5">
-    <div class="card col-5 shadow-sm">
+    <div class="card col-12 col-md-5 shadow-sm">
         <div class="card-body">
             <h5 class="card-title mb-5"><?= lang('Auth.emailEnterCode') ?></h5>
 

From a88d7364147e66f58f4c61101c446f3c33f01ff4 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 12 Aug 2022 17:53:16 +0900
Subject: [PATCH 029/193] config: autoload helpers via Composer

---
 composer.json | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/composer.json b/composer.json
index f62119e2f..3fe5bdfbd 100644
--- a/composer.json
+++ b/composer.json
@@ -37,6 +37,10 @@
         },
         "exclude-from-classmap": [
             "**/Database/Migrations/**"
+        ],
+        "files": [
+            "src/Helpers/auth_helper.php",
+            "src/Helpers/email_helper.php"
         ]
     },
     "autoload-dev": {

From 098e966014d0bbc36cdc0b750829de3f12e10a38 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 12 Aug 2022 17:58:56 +0900
Subject: [PATCH 030/193] refactor: remove unneeded helper loading

---
 src/Authentication/Actions/Email2FA.php       | 1 -
 src/Authentication/Actions/EmailActivator.php | 1 -
 src/Controllers/LoginController.php           | 2 +-
 src/Controllers/MagicLinkController.php       | 1 -
 src/Entities/AccessToken.php                  | 2 --
 src/Filters/ChainAuth.php                     | 2 +-
 src/Filters/SessionAuth.php                   | 2 +-
 src/Filters/TokenAuth.php                     | 2 +-
 src/Test/AuthenticationTesting.php            | 3 ---
 tests/Authentication/AuthHelperTest.php       | 2 --
 tests/Authentication/MagicLinkTest.php        | 1 -
 tests/Controllers/ActionsTest.php             | 2 --
 tests/Controllers/LoginTest.php               | 2 --
 tests/Controllers/MagicLinkTest.php           | 2 --
 tests/Controllers/RegisterTest.php            | 2 --
 15 files changed, 4 insertions(+), 23 deletions(-)

diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index 2c5c80dbf..417f601f3 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -70,7 +70,6 @@ public function handle(IncomingRequest $request)
         }
 
         // Send the user an email with the code
-        helper('email');
         $email = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '');
         $email->setTo($user->email);
         $email->setSubject(lang('Auth.email2FASubject'));
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index 1f66dd79d..13e7a5667 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -40,7 +40,6 @@ public function show(): string
         $code = $this->createIdentity($user);
 
         // Send the email
-        helper('email');
         $email = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '');
         $email->setTo($userEmail);
         $email->setSubject(lang('Auth.emailActivateSubject'));
diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
index 7e28554d6..caa69e958 100644
--- a/src/Controllers/LoginController.php
+++ b/src/Controllers/LoginController.php
@@ -8,7 +8,7 @@
 
 class LoginController extends BaseController
 {
-    protected $helpers = ['auth', 'setting'];
+    protected $helpers = ['setting'];
 
     /**
      * Displays the form the login to the site.
diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index 7ccce0900..5fa4aaf6e 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -89,7 +89,6 @@ public function loginAction()
         ]);
 
         // Send the user an email with the code
-        helper('email');
         $email = emailer()->setFrom(setting('Email.fromEmail'), setting('Email.fromName') ?? '');
         $email->setTo($user->email);
         $email->setSubject(lang('Auth.magicLinkSubject'));
diff --git a/src/Entities/AccessToken.php b/src/Entities/AccessToken.php
index b0b55ef60..d6fdd9e1a 100644
--- a/src/Entities/AccessToken.php
+++ b/src/Entities/AccessToken.php
@@ -36,8 +36,6 @@ class AccessToken extends Entity
     public function user(): ?User
     {
         if ($this->user === null) {
-            helper('auth');
-
             $users      = auth()->getProvider();
             $this->user = $users->findById($this->user_id);
         }
diff --git a/src/Filters/ChainAuth.php b/src/Filters/ChainAuth.php
index 69a9c43f3..29bfa8056 100644
--- a/src/Filters/ChainAuth.php
+++ b/src/Filters/ChainAuth.php
@@ -33,7 +33,7 @@ class ChainAuth implements FilterInterface
      */
     public function before(RequestInterface $request, $arguments = null)
     {
-        helper(['auth', 'settings']);
+        helper('settings');
 
         $chain = config('Auth')->authenticationChain;
 
diff --git a/src/Filters/SessionAuth.php b/src/Filters/SessionAuth.php
index 055fec28b..036bde5c1 100644
--- a/src/Filters/SessionAuth.php
+++ b/src/Filters/SessionAuth.php
@@ -32,7 +32,7 @@ class SessionAuth implements FilterInterface
      */
     public function before(RequestInterface $request, $arguments = null)
     {
-        helper(['auth', 'setting']);
+        helper('setting');
 
         /** @var Session $authenticator */
         $authenticator = auth('session')->getAuthenticator();
diff --git a/src/Filters/TokenAuth.php b/src/Filters/TokenAuth.php
index b32519761..861646c13 100644
--- a/src/Filters/TokenAuth.php
+++ b/src/Filters/TokenAuth.php
@@ -32,7 +32,7 @@ class TokenAuth implements FilterInterface
      */
     public function before(RequestInterface $request, $arguments = null)
     {
-        helper(['auth', 'setting']);
+        helper('setting');
 
         /** @var AccessTokens $authenticator */
         $authenticator = auth('tokens')->getAuthenticator();
diff --git a/src/Test/AuthenticationTesting.php b/src/Test/AuthenticationTesting.php
index 5e0080b87..842d259eb 100644
--- a/src/Test/AuthenticationTesting.php
+++ b/src/Test/AuthenticationTesting.php
@@ -21,9 +21,6 @@ trait AuthenticationTesting
      */
     public function actingAs(User $user, bool $pending = false): self
     {
-        // Ensure the helper is loaded during tests.
-        helper('auth');
-
         /** @var Session $authenticator */
         $authenticator = auth('session')->getAuthenticator();
 
diff --git a/tests/Authentication/AuthHelperTest.php b/tests/Authentication/AuthHelperTest.php
index 3c0481179..7e45e995b 100644
--- a/tests/Authentication/AuthHelperTest.php
+++ b/tests/Authentication/AuthHelperTest.php
@@ -20,8 +20,6 @@ final class AuthHelperTest extends TestCase
     public static function setUpBeforeClass(): void
     {
         parent::setUpBeforeClass();
-
-        helper(['auth']);
     }
 
     protected function setUp(): void
diff --git a/tests/Authentication/MagicLinkTest.php b/tests/Authentication/MagicLinkTest.php
index 93602625d..2b47cad15 100644
--- a/tests/Authentication/MagicLinkTest.php
+++ b/tests/Authentication/MagicLinkTest.php
@@ -28,7 +28,6 @@ protected function setUp(): void
         parent::setUp();
 
         // Load our Auth routes in the collection
-        helper('auth');
         $routeCollection = service('routes');
         auth()->routes($routeCollection);
 
diff --git a/tests/Controllers/ActionsTest.php b/tests/Controllers/ActionsTest.php
index 002ce6d25..b52abc95c 100644
--- a/tests/Controllers/ActionsTest.php
+++ b/tests/Controllers/ActionsTest.php
@@ -31,8 +31,6 @@ protected function setUp(): void
     {
         parent::setUp();
 
-        helper('auth');
-
         // Ensure our actions are registered with the system
         $config                      = config('Auth');
         $config->actions['login']    = Email2FA::class;
diff --git a/tests/Controllers/LoginTest.php b/tests/Controllers/LoginTest.php
index 88368168c..1d8bf65f8 100644
--- a/tests/Controllers/LoginTest.php
+++ b/tests/Controllers/LoginTest.php
@@ -27,8 +27,6 @@ protected function setUp(): void
     {
         parent::setUp();
 
-        helper('auth');
-
         // Add auth routes
         $routes = service('routes');
         auth()->routes($routes);
diff --git a/tests/Controllers/MagicLinkTest.php b/tests/Controllers/MagicLinkTest.php
index 4ecbb45cf..b0a6a305c 100644
--- a/tests/Controllers/MagicLinkTest.php
+++ b/tests/Controllers/MagicLinkTest.php
@@ -23,8 +23,6 @@ protected function setUp(): void
     {
         parent::setUp();
 
-        helper('auth');
-
         // Add auth routes
         $routes = service('routes');
         auth()->routes($routes);
diff --git a/tests/Controllers/RegisterTest.php b/tests/Controllers/RegisterTest.php
index 378993776..c8cd34045 100644
--- a/tests/Controllers/RegisterTest.php
+++ b/tests/Controllers/RegisterTest.php
@@ -29,8 +29,6 @@ protected function setUp(): void
 
         parent::setUp();
 
-        helper('auth');
-
         // Add auth routes
         $routes = service('routes');
         auth()->routes($routes);

From 23276fe9e655fe757e06fa4630b9f4dd21f5ed78 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 12 Aug 2022 18:11:16 +0900
Subject: [PATCH 031/193] feat: update BaseController setup

---
 src/Commands/Setup.php | 37 +++++++++++++++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 2 deletions(-)

diff --git a/src/Commands/Setup.php b/src/Commands/Setup.php
index b9c01f48b..d46f22681 100644
--- a/src/Commands/Setup.php
+++ b/src/Commands/Setup.php
@@ -195,11 +195,44 @@ protected function add(string $file, string $code, string $pattern, string $repl
         }
     }
 
+    /**
+     * @param string $file     Relative file path like 'Controllers/BaseController.php'.
+     * @param array  $replaces [search => replace]
+     */
+    protected function replace(string $file, array $replaces): void
+    {
+        $path      = $this->distPath . $file;
+        $cleanPath = clean_path($path);
+
+        $content = file_get_contents($path);
+
+        $output = $this->replacer->replace($content, $replaces);
+
+        if ($output === $content) {
+            CLI::error("  Skipped {$cleanPath}. It has already been updated.");
+
+            return;
+        }
+
+        if (write_file($path, $output)) {
+            CLI::write(CLI::color('  Updated: ', 'green') . $cleanPath);
+        } else {
+            CLI::error("  Error updating {$cleanPath}.");
+        }
+    }
+
     private function setupHelper(): void
     {
-        $file = 'Controllers/BaseController.php';
+        $file  = 'Controllers/BaseController.php';
+        $check = '$this->helpers = array_merge($this->helpers, [\'setting\']);';
+
+        // Replace old helper setup
+        $replaces = [
+            '$this->helpers = array_merge($this->helpers, [\'auth\', \'setting\']);' => $check,
+        ];
+        $this->replace($file, $replaces);
 
-        $check   = '$this->helpers = array_merge($this->helpers, [\'auth\', \'setting\']);';
+        // Add helper setup
         $pattern = '/(' . preg_quote('// Do Not Edit This Line', '/') . ')/u';
         $replace = $check . "\n\n        " . '$1';
 

From 778ae184fe5710b571023514c526e743352bab06 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 12 Aug 2022 18:28:58 +0900
Subject: [PATCH 032/193] docs: update docs

---
 docs/authentication.md | 6 ++++--
 docs/install.md        | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/docs/authentication.md b/docs/authentication.md
index 2ddcd1921..14aa9d362 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -54,8 +54,6 @@ helper method provides the `auth()` command which returns a convenient interface
 used functionality within the auth libraries. This must be loaded before it can be used.
 
 ```php
-helper('auth');
-
 // get the current user
 auth()->user();
 
@@ -65,6 +63,10 @@ auth()->id();
 user_id();
 ```
 
+> **Note**
+> The `auth_helper` is autoloaded by Composer. If you want to *override* the functions,
+> you need to define them in `app/Common.php`.
+
 ## Authenticator Responses
 
 Many of the authenticator methods will return a `CodeIgniter\Shield\Result` class. This provides a consistent
diff --git a/docs/install.md b/docs/install.md
index 7f6975c88..50549f56b 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -117,12 +117,12 @@ class Auth extends ShieldAuth
 }
 ```
 
-2. **Helper Setup** The `auth` and `setting` helpers need to be included in almost every page. The simplest way to do this is to add them to the `BaseController::initController` method:
+2. **Helper Setup** The `setting` helpers need to be included in almost every page. The simplest way to do this is to add them to the `BaseController::initController` method:
 
 ```php
 public function initController(RequestInterface $request, ResponseInterface $response, LoggerInterface $logger)
 {
-    $this->helpers = array_merge($this->helpers, ['auth', 'setting']);
+    $this->helpers = array_merge($this->helpers, ['setting']);
 
     // Do Not Edit This Line
     parent::initController($request, $response, $logger);

From 3b3d69159bbd700f427f49461abd1da022d621d3 Mon Sep 17 00:00:00 2001
From: MitkoIT <71694441+MitkoIT@users.noreply.github.com>
Date: Fri, 12 Aug 2022 11:43:57 +0200
Subject: [PATCH 033/193] Update email_activate_show.php

---
 src/Views/email_activate_show.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Views/email_activate_show.php b/src/Views/email_activate_show.php
index edc3cef0b..491fc2fbf 100644
--- a/src/Views/email_activate_show.php
+++ b/src/Views/email_activate_show.php
@@ -5,7 +5,7 @@
 <?= $this->section('main') ?>
 
 <div class="container d-flex justify-content-center p-5">
-    <div class="card col-5 shadow-sm">
+    <div class="card col-12 col-md-5 shadow-sm">
         <div class="card-body">
             <h5 class="card-title mb-5"><?= lang('Auth.emailActivateTitle') ?></h5>
 

From 740cc07f0445df1f5e5759f7fe6325ed4474d7ca Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 13 Aug 2022 11:08:10 +0330
Subject: [PATCH 034/193] refactor: moving email views to `src/Views/Email/`

---
 src/Views/Email/email_2fa_email.php      | 1 +
 src/Views/Email/email_activate_email.php | 3 +++
 src/Views/Email/magic_link_email.php     | 5 +++++
 3 files changed, 9 insertions(+)
 create mode 100644 src/Views/Email/email_2fa_email.php
 create mode 100644 src/Views/Email/email_activate_email.php
 create mode 100644 src/Views/Email/magic_link_email.php

diff --git a/src/Views/Email/email_2fa_email.php b/src/Views/Email/email_2fa_email.php
new file mode 100644
index 000000000..bbc010c57
--- /dev/null
+++ b/src/Views/Email/email_2fa_email.php
@@ -0,0 +1 @@
+<p><?= lang('Auth.email2FAMailBody') ?> <b><?= $code ?></b></p>
diff --git a/src/Views/Email/email_activate_email.php b/src/Views/Email/email_activate_email.php
new file mode 100644
index 000000000..9686df46c
--- /dev/null
+++ b/src/Views/Email/email_activate_email.php
@@ -0,0 +1,3 @@
+<p><?= lang('Auth.emailActivateMailBody') ?></p>
+
+<p><?= $code ?></p>
diff --git a/src/Views/Email/magic_link_email.php b/src/Views/Email/magic_link_email.php
new file mode 100644
index 000000000..d6f6a9432
--- /dev/null
+++ b/src/Views/Email/magic_link_email.php
@@ -0,0 +1,5 @@
+<p>
+    <a href="<?= url_to('verify-magic-link') ?>?token=<?= $token ?>">
+        <?= lang('Auth.login') ?>
+    </a>
+</p>

From d58eeed005fd6982a8bd1d5db6ca1ee2e1a6077f Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 13 Aug 2022 11:13:58 +0330
Subject: [PATCH 035/193] refactor: update new dir for email views

---
 src/Config/Auth.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Config/Auth.php b/src/Config/Auth.php
index d0452fa73..85a6d92c5 100644
--- a/src/Config/Auth.php
+++ b/src/Config/Auth.php
@@ -23,12 +23,12 @@ class Auth extends BaseConfig
         'layout'                      => '\CodeIgniter\Shield\Views\layout',
         'action_email_2fa'            => '\CodeIgniter\Shield\Views\email_2fa_show',
         'action_email_2fa_verify'     => '\CodeIgniter\Shield\Views\email_2fa_verify',
-        'action_email_2fa_email'      => '\CodeIgniter\Shield\Views\email_2fa_email',
-        'action_email_activate_email' => '\CodeIgniter\Shield\Views\email_activate_email',
+        'action_email_2fa_email'      => '\CodeIgniter\Shield\Views\Email\email_2fa_email',
+        'action_email_activate_email' => '\CodeIgniter\Shield\Views\Email\email_activate_email',
         'action_email_activate_show'  => '\CodeIgniter\Shield\Views\email_activate_show',
         'magic-link-login'            => '\CodeIgniter\Shield\Views\magic_link_form',
         'magic-link-message'          => '\CodeIgniter\Shield\Views\magic_link_message',
-        'magic-link-email'            => '\CodeIgniter\Shield\Views\magic_link_email',
+        'magic-link-email'            => '\CodeIgniter\Shield\Views\Email\magic_link_email',
     ];
 
     /**

From 264b95897b92615b688d6b34d5534286c37e3c84 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 13 Aug 2022 11:17:37 +0330
Subject: [PATCH 036/193] delete: old email view files

---
 src/Views/email_2fa_email.php      | 1 -
 src/Views/email_activate_email.php | 3 ---
 src/Views/magic_link_email.php     | 5 -----
 3 files changed, 9 deletions(-)
 delete mode 100644 src/Views/email_2fa_email.php
 delete mode 100644 src/Views/email_activate_email.php
 delete mode 100644 src/Views/magic_link_email.php

diff --git a/src/Views/email_2fa_email.php b/src/Views/email_2fa_email.php
deleted file mode 100644
index bbc010c57..000000000
--- a/src/Views/email_2fa_email.php
+++ /dev/null
@@ -1 +0,0 @@
-<p><?= lang('Auth.email2FAMailBody') ?> <b><?= $code ?></b></p>
diff --git a/src/Views/email_activate_email.php b/src/Views/email_activate_email.php
deleted file mode 100644
index 9686df46c..000000000
--- a/src/Views/email_activate_email.php
+++ /dev/null
@@ -1,3 +0,0 @@
-<p><?= lang('Auth.emailActivateMailBody') ?></p>
-
-<p><?= $code ?></p>
diff --git a/src/Views/magic_link_email.php b/src/Views/magic_link_email.php
deleted file mode 100644
index d6f6a9432..000000000
--- a/src/Views/magic_link_email.php
+++ /dev/null
@@ -1,5 +0,0 @@
-<p>
-    <a href="<?= url_to('verify-magic-link') ?>?token=<?= $token ?>">
-        <?= lang('Auth.login') ?>
-    </a>
-</p>

From 70408b0c1ad9a4e3673419aed57aa8be54262884 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 13 Aug 2022 11:47:21 +0330
Subject: [PATCH 037/193] docs: update new path for email views

---
 docs/auth_actions.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/auth_actions.md b/docs/auth_actions.md
index d1ab92938..8ef25bc4e 100644
--- a/docs/auth_actions.md
+++ b/docs/auth_actions.md
@@ -49,8 +49,8 @@ Views for all of these pages are defined in the `Auth` config file, with the `$v
     public $views = [
         'action_email_2fa'            => '\CodeIgniter\Shield\Views\email_2fa_show',
         'action_email_2fa_verify'     => '\CodeIgniter\Shield\Views\email_2fa_verify',
-        'action_email_2fa_email'      => '\CodeIgniter\Shield\Views\email_2fa_email',
-        'action_email_activate_email' => '\CodeIgniter\Shield\Views\email_activate_email',
+        'action_email_2fa_email'      => '\CodeIgniter\Shield\Views\Email\email_2fa_email',
+        'action_email_activate_email' => '\CodeIgniter\Shield\Views\Email\email_activate_email',
         'action_email_activate_show'  => '\CodeIgniter\Shield\Views\email_activate_show',
     ];
 ```

From 3bb89b7e8178037023ccc89750f516de8b518ec7 Mon Sep 17 00:00:00 2001
From: Roberto del Pino <ridelpino@gmail.com>
Date: Sun, 14 Aug 2022 00:53:06 +0200
Subject: [PATCH 038/193] Spanish (Spain) translation

Spanish (Spain) translation
---
 src/Language/es/Auth.php                      | 89 +++++++++++++++++++
 .../Language/AbstractTranslationTestCase.php  |  8 +-
 tests/Language/SpanishTranslationTest.php     | 19 ++++
 3 files changed, 112 insertions(+), 4 deletions(-)
 create mode 100644 src/Language/es/Auth.php
 create mode 100644 tests/Language/SpanishTranslationTest.php

diff --git a/src/Language/es/Auth.php b/src/Language/es/Auth.php
new file mode 100644
index 000000000..7f948fbfc
--- /dev/null
+++ b/src/Language/es/Auth.php
@@ -0,0 +1,89 @@
+<?php
+
+namespace CodeIgniter\Shield\Language\es;
+
+return [
+    // Excepciones
+    'unknownAuthenticator'  => '{0} no es un handler válido.',
+    'unknownUserProvider'   => 'No podemos determinar que Proveedor de Usuarios usar.',
+    'invalidUser'           => 'No podemos localizar este usuario.',
+    'badAttempt'            => 'No puedes entrar. Por favor, comprueba tus creenciales.',
+    'noPassword'            => 'No se puede validar un usuario sin una contraseña.',
+    'invalidPassword'       => 'No uedes entrar. Por favor, comprueba tu contraseña.',
+    'noToken'               => 'Cada petición debe tenerun token en la Authorización.',
+    'badToken'              => 'Token de acceso no válido.',
+    'oldToken'              => 'El token de acceso ha caducado.',
+    'noUserEntity'          => 'Se debe dar una Entidad de Usuario para validar la contraseña.',
+    'invalidEmail'          => 'No podemos verificar que el email coincida con un email registrado.',
+    'unableSendEmailToUser' => 'Lo sentimaos, ha habido un problema al enviar el email. No podemos enviar un email a "{0}".',
+    'throttled'             => 'demasiadas peticiones hechas desde esta IP. Puedes intentarlo de nuevo en {0} segundos.',
+
+    'email'           => 'Dirección Email',
+    'username'        => 'Usuario',
+    'password'        => 'Contraseña',
+    'passwordConfirm' => 'Contraseña (de nuevo)',
+    'haveAccount'     => '¿Ya tienes una cuenta?',
+
+    // Botones
+    'confirm' => 'Confirmar',
+    'send'    => 'Enviar',
+
+    // Registro
+    'register'         => 'Registro',
+    'registerDisabled' => 'Actualmente no se permiten registros.',
+    'registerSuccess'  => '¡Bienvenido a bordo!',
+
+    // Login
+    'login'              => 'Entrar',
+    'needAccount'        => '¿Necesitas una cuenta?',
+    'rememberMe'         => '¿Recordarme?',
+    'forgotPassword'     => '¿Has olvidado tu contraseña?',
+    'useMagicLink'       => 'Recordar contraseña',
+    'magicLinkSubject'   => 'Tu Enlace para Entrar',
+    'magicTokenNotFound' => 'No podemos verificar el enlace.',
+    'magicLinkExpired'   => 'Lo sentimos, el enlace ha caducado.',
+    'checkYourEmail'     => 'Comprueba tu email',
+    'magicLinkDetails'   => 'Te hemos enviado un email que contiene un enlace para Entrar. Solo es válido durante {0} minutos.',
+    'successLogout'      => 'Has salido de forma correcta.',
+
+    // Contraseñas
+    'errorPasswordLength'       => 'La contraseña debe tener al menos {0, number} caracteres.',
+    'suggestPasswordLength'     => 'Las claves de acceso, de hasta 255 caracteres, crean contraseñas más seguras y fáciles de recordar.',
+    'errorPasswordCommon'       => 'La contraseña no debe ser una contraseña común.',
+    'suggestPasswordCommon'     => 'La contraseña se comparó con más de 65.000 contraseñas de uso común o contraseñas que se filtraron a través de hacks.',
+    'errorPasswordPersonal'     => 'Las contraseñas no pueden contener información personal modificada.',
+    'suggestPasswordPersonal'   => 'No deben usarse variaciones de tu dirección de correo electrónico o nombre de usuario para contraseñas.',
+    'errorPasswordTooSimilar'   => 'La contraseña es demasiado parecida al usuario.',
+    'suggestPasswordTooSimilar' => 'No uses partes de tu usuario en tu contraseña.',
+    'errorPasswordPwned'        => 'La contraseña {0} ha quedado expuesta debido a una violación de datos y se ha visto comprometida {1, número} veces en {2} contraseñas.',
+    'suggestPasswordPwned'      => '{0} no se debe usar nunca como contraseña. Si la estás usando en algún sitio, cámbiala inmediatamente.',
+    'errorPasswordEmpty'        => 'Se necesita una contraseña.',
+    'passwordChangeSuccess'     => 'Contraseña modificada correctamente',
+    'userDoesNotExist'          => 'No se ha cambiado la contraseña. No existe el usuario',
+    'resetTokenExpired'         => 'Lo sentimos. Tu token de reseteo ha caducado.',
+
+    // 2FA
+    'email2FATitle'       => 'Authenticación de Doble Factor',
+    'confirmEmailAddress' => 'Confirma tu dirección de email.',
+    'emailEnterCode'      => 'Confirma tu Email',
+    'emailConfirmCode'    => 'teclea el código de 6 dígitos qu ete hemos enviado a tu dirección email.',
+    'email2FASubject'     => 'Tu código de autenticación',
+    'email2FAMailBody'    => 'Tu código de autenticación es:',
+    'invalid2FAToken'     => 'El token era incorrecto.',
+    'need2FA'             => 'Debes completar la verificación de doble factor.',
+    'needVerification'    => 'Comprueba tu buzón para completar la activación de la cuenta.',
+
+    // Activar
+    'emailActivateTitle'    => 'Email de Activación',
+    'emailActivateBody'     => 'Te enviamos un email con un código, para confirmar tu dirección email. Copia ese código y pégalo abajo.',
+    'emailActivateSubject'  => 'Tu código de activación',
+    'emailActivateMailBody' => 'Por favor, usa el código de abajo para activar tu cuenta y empezar a usar el sitio.',
+    'invalidActivateToken'  => 'El código no es correcto.',
+
+    // Grupos
+    'unknownGroup' => '{0} no es un grupo válido.',
+    'missingTitle' => 'Los grupos deben tener un título.',
+
+    // Permisos
+    'unknownPermission' => '{0} no es un permiso válido.',
+];
diff --git a/tests/Language/AbstractTranslationTestCase.php b/tests/Language/AbstractTranslationTestCase.php
index b2cfbcce6..31658c21f 100644
--- a/tests/Language/AbstractTranslationTestCase.php
+++ b/tests/Language/AbstractTranslationTestCase.php
@@ -48,10 +48,10 @@ abstract class AbstractTranslationTestCase extends TestCase
         //        ArabicTranslationTest::class             => 'ar',
         //        BosnianTranslationTest::class            => 'bs',
         //        CzechTranslationTest::class              => 'cs',
-        GermanTranslationTest::class => 'de',
-        //        SpanishTranslationTest::class            => 'es',
-        FarsiTranslationTest::class  => 'fa',
-        FrenchTranslationTest::class => 'fr',
+        GermanTranslationTest::class  => 'de',
+        SpanishTranslationTest::class => 'es',
+        FarsiTranslationTest::class   => 'fa',
+        FrenchTranslationTest::class  => 'fr',
         //        HungarianTranslationTest::class          => 'hu',
         IndonesianTranslationTest::class => 'id',
         //        ItalianTranslationTest::class            => 'it',
diff --git a/tests/Language/SpanishTranslationTest.php b/tests/Language/SpanishTranslationTest.php
new file mode 100644
index 000000000..ceee36830
--- /dev/null
+++ b/tests/Language/SpanishTranslationTest.php
@@ -0,0 +1,19 @@
+<?php
+
+/**
+ * This file is part of CodeIgniter 4 framework.
+ *
+ * (c) CodeIgniter Foundation <admin@codeigniter.com>
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Tests\Language;
+
+/**
+ * @internal
+ */
+final class SpanishTranslationTest extends AbstractTranslationTestCase
+{
+}

From 5cb4047d5ced2c0bc7208c85c22701aff9d4abf0 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sun, 14 Aug 2022 17:57:23 +0900
Subject: [PATCH 039/193] docs: fix grammatical errors

---
 docs/install.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/install.md b/docs/install.md
index 50549f56b..6c9f4f0bf 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -117,7 +117,7 @@ class Auth extends ShieldAuth
 }
 ```
 
-2. **Helper Setup** The `setting` helpers need to be included in almost every page. The simplest way to do this is to add them to the `BaseController::initController` method:
+2. **Helper Setup** The `setting` helper needs to be included in almost every page. The simplest way to do this is to add them to the `BaseController::initController` method:
 
 ```php
 public function initController(RequestInterface $request, ResponseInterface $response, LoggerInterface $logger)

From c83b8f969ede32633c49031299315048e47f5799 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sun, 14 Aug 2022 18:35:30 +0900
Subject: [PATCH 040/193] docs: fix singular/plural

---
 docs/install.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/install.md b/docs/install.md
index 6c9f4f0bf..bc8158d11 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -117,7 +117,7 @@ class Auth extends ShieldAuth
 }
 ```
 
-2. **Helper Setup** The `setting` helper needs to be included in almost every page. The simplest way to do this is to add them to the `BaseController::initController` method:
+2. **Helper Setup** The `setting` helper needs to be included in almost every page. The simplest way to do this is to add it to the `BaseController::initController` method:
 
 ```php
 public function initController(RequestInterface $request, ResponseInterface $response, LoggerInterface $logger)

From 79b6ba3ebfdea7fa467d9380aa2aba9cb72bb4cc Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sun, 14 Aug 2022 18:37:59 +0900
Subject: [PATCH 041/193] fix: skip message twice

---
 src/Commands/Setup.php | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/Commands/Setup.php b/src/Commands/Setup.php
index d46f22681..e4f7cb657 100644
--- a/src/Commands/Setup.php
+++ b/src/Commands/Setup.php
@@ -196,10 +196,12 @@ protected function add(string $file, string $code, string $pattern, string $repl
     }
 
     /**
+     * Replace for setupHelper()
+     *
      * @param string $file     Relative file path like 'Controllers/BaseController.php'.
      * @param array  $replaces [search => replace]
      */
-    protected function replace(string $file, array $replaces): void
+    private function replace(string $file, array $replaces): bool
     {
         $path      = $this->distPath . $file;
         $cleanPath = clean_path($path);
@@ -209,16 +211,18 @@ protected function replace(string $file, array $replaces): void
         $output = $this->replacer->replace($content, $replaces);
 
         if ($output === $content) {
-            CLI::error("  Skipped {$cleanPath}. It has already been updated.");
-
-            return;
+            return false;
         }
 
         if (write_file($path, $output)) {
             CLI::write(CLI::color('  Updated: ', 'green') . $cleanPath);
-        } else {
-            CLI::error("  Error updating {$cleanPath}.");
+
+            return true;
         }
+
+        CLI::error("  Error updating {$cleanPath}.");
+
+        return false;
     }
 
     private function setupHelper(): void
@@ -230,7 +234,10 @@ private function setupHelper(): void
         $replaces = [
             '$this->helpers = array_merge($this->helpers, [\'auth\', \'setting\']);' => $check,
         ];
-        $this->replace($file, $replaces);
+        $return = $this->replace($file, $replaces);
+        if ($return) {
+            return;
+        }
 
         // Add helper setup
         $pattern = '/(' . preg_quote('// Do Not Edit This Line', '/') . ')/u';

From 4d6cdcc97dfae2dab2933a64c8b4520aae478a02 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sun, 14 Aug 2022 20:31:58 +0900
Subject: [PATCH 042/193] refactor: remove intermediate variable

Co-authored-by: MGatner <mgatner@icloud.com>
---
 src/Commands/Setup.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/Commands/Setup.php b/src/Commands/Setup.php
index e4f7cb657..b4a3d9da0 100644
--- a/src/Commands/Setup.php
+++ b/src/Commands/Setup.php
@@ -234,8 +234,7 @@ private function setupHelper(): void
         $replaces = [
             '$this->helpers = array_merge($this->helpers, [\'auth\', \'setting\']);' => $check,
         ];
-        $return = $this->replace($file, $replaces);
-        if ($return) {
+        if ($this->replace($file, $replaces)) {
             return;
         }
 

From 09b7ec56859460e7461a2960c6751f49b4dfa9dc Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 15 Aug 2022 07:52:11 +0900
Subject: [PATCH 043/193] fix: AccessTokens throws DataException

Checking token in the same second twice throwed "DataException : There is no data to update."
---
 src/Authentication/Authenticators/AccessTokens.php           | 5 ++++-
 .../Authenticators/AccessTokenAuthenticatorTest.php          | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Authentication/Authenticators/AccessTokens.php b/src/Authentication/Authenticators/AccessTokens.php
index 25cd78dbc..6f733891e 100644
--- a/src/Authentication/Authenticators/AccessTokens.php
+++ b/src/Authentication/Authenticators/AccessTokens.php
@@ -125,7 +125,10 @@ public function check(array $credentials): Result
         }
 
         $token->last_used_at = Time::now()->format('Y-m-d H:i:s');
-        $identityModel->save($token);
+
+        if ($token->hasChanged()) {
+            $identityModel->save($token);
+        }
 
         // Ensure the token is set as the current token
         $user = $token->user();
diff --git a/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php b/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
index 3a5230f31..d78a68e7d 100644
--- a/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
+++ b/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
@@ -155,6 +155,9 @@ public function testCheckSuccess(): void
 
         $updatedToken = $result->extraInfo()->currentAccessToken();
         $this->assertNotEmpty($updatedToken->last_used_at);
+
+        // Checking token in the same second does not throw "DataException : There is no data to update."
+        $this->auth->check(['token' => $token->raw_token]);
     }
 
     public function testAttemptCannotFindUser(): void

From 296c18dd1cfd9e7d6bb3b3a5360fcf731d94b6ea Mon Sep 17 00:00:00 2001
From: "John Paul E. Balandan, CPA"
 <51850998+paulbalandan@users.noreply.github.com>
Date: Mon, 15 Aug 2022 12:51:18 +0800
Subject: [PATCH 044/193] Remove superfluous `--using-cache` option

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 3fe5bdfbd..e87f5f646 100644
--- a/composer.json
+++ b/composer.json
@@ -75,7 +75,7 @@
             "phpstan analyze",
             "psalm"
         ],
-        "cs-fix": "php-cs-fixer fix --ansi --verbose --diff --using-cache=yes",
+        "cs-fix": "php-cs-fixer fix --ansi --verbose --diff",
         "style": "@cs-fix",
         "test": "phpunit"
     }

From 625da71fcf641afba3cb2ebd62d0837b10c5f131 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 15 Aug 2022 14:47:12 +0900
Subject: [PATCH 045/193] chore: add declare_strict_types rule to cs-fixer

---
 .php-cs-fixer.dist.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.php-cs-fixer.dist.php b/.php-cs-fixer.dist.php
index 1185b9c4c..8eee8d3aa 100644
--- a/.php-cs-fixer.dist.php
+++ b/.php-cs-fixer.dist.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 use CodeIgniter\CodingStandard\CodeIgniter4;
 use Nexus\CsConfig\Factory;
 use PhpCsFixer\Finder;
@@ -13,7 +15,9 @@
     ->exclude('build')
     ->append([__FILE__]);
 
-$overrides = [];
+$overrides = [
+    'declare_strict_types' => true,
+];
 
 $options = [
     'finder'    => $finder,

From 0999e6f06c86bcc96493ac30a67bc9e59d7d214b Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 15 Aug 2022 14:48:21 +0900
Subject: [PATCH 046/193] refactor: add `declare(strict_types=1)`

---
 src/Auth.php                                                    | 2 ++
 src/Authentication/Actions/ActionInterface.php                  | 2 ++
 src/Authentication/Actions/Email2FA.php                         | 2 ++
 src/Authentication/Actions/EmailActivator.php                   | 2 ++
 src/Authentication/Authentication.php                           | 2 ++
 src/Authentication/AuthenticationException.php                  | 2 ++
 src/Authentication/AuthenticatorInterface.php                   | 2 ++
 src/Authentication/Authenticators/AccessTokens.php              | 2 ++
 src/Authentication/Authenticators/Session.php                   | 2 ++
 src/Authentication/Passwords.php                                | 2 ++
 src/Authentication/Passwords/BaseValidator.php                  | 2 ++
 src/Authentication/Passwords/CompositionValidator.php           | 2 ++
 src/Authentication/Passwords/DictionaryValidator.php            | 2 ++
 src/Authentication/Passwords/NothingPersonalValidator.php       | 2 ++
 src/Authentication/Passwords/PwnedValidator.php                 | 2 ++
 src/Authentication/Passwords/ValidationRules.php                | 2 ++
 src/Authentication/Passwords/ValidatorInterface.php             | 2 ++
 src/Authentication/Traits/HasAccessTokens.php                   | 2 ++
 src/Authorization/AuthorizationException.php                    | 2 ++
 src/Authorization/Groups.php                                    | 2 ++
 src/Authorization/Traits/Authorizable.php                       | 2 ++
 src/Collectors/Auth.php                                         | 2 ++
 src/Commands/Setup.php                                          | 2 ++
 src/Commands/Setup/ContentReplacer.php                          | 2 ++
 src/Config/Auth.php                                             | 2 ++
 src/Config/AuthGroups.php                                       | 2 ++
 src/Config/AuthRoutes.php                                       | 2 ++
 src/Config/AuthSession.php                                      | 2 ++
 src/Config/Registrar.php                                        | 2 ++
 src/Config/Services.php                                         | 2 ++
 src/Controllers/ActionController.php                            | 2 ++
 src/Controllers/LoginController.php                             | 2 ++
 src/Controllers/MagicLinkController.php                         | 2 ++
 src/Controllers/RegisterController.php                          | 2 ++
 .../Migrations/2020-12-28-223112_create_auth_tables.php         | 2 ++
 src/Entities/AccessToken.php                                    | 2 ++
 src/Entities/Cast/IntBoolCast.php                               | 2 ++
 src/Entities/Entity.php                                         | 2 ++
 src/Entities/Group.php                                          | 2 ++
 src/Entities/Login.php                                          | 2 ++
 src/Entities/User.php                                           | 2 ++
 src/Entities/UserIdentity.php                                   | 2 ++
 src/Exceptions/BaseException.php                                | 2 ++
 src/Exceptions/InvalidArgumentException.php                     | 2 ++
 src/Exceptions/LogicException.php                               | 2 ++
 src/Exceptions/RuntimeException.php                             | 2 ++
 src/Exceptions/SecurityException.php                            | 2 ++
 src/Exceptions/ValidationException.php                          | 2 ++
 src/Filters/AuthRates.php                                       | 2 ++
 src/Filters/ChainAuth.php                                       | 2 ++
 src/Filters/SessionAuth.php                                     | 2 ++
 src/Filters/TokenAuth.php                                       | 2 ++
 src/Helpers/auth_helper.php                                     | 2 ++
 src/Helpers/email_helper.php                                    | 2 ++
 src/Language/de/Auth.php                                        | 2 ++
 src/Language/en/Auth.php                                        | 2 ++
 src/Language/es/Auth.php                                        | 2 ++
 src/Language/fa/Auth.php                                        | 2 ++
 src/Language/fr/Auth.php                                        | 2 ++
 src/Language/id/Auth.php                                        | 2 ++
 src/Language/ja/Auth.php                                        | 2 ++
 src/Language/sk/Auth.php                                        | 2 ++
 src/Models/CheckQueryReturnTrait.php                            | 2 ++
 src/Models/DatabaseException.php                                | 2 ++
 src/Models/GroupModel.php                                       | 2 ++
 src/Models/LoginModel.php                                       | 2 ++
 src/Models/PermissionModel.php                                  | 2 ++
 src/Models/RememberModel.php                                    | 2 ++
 src/Models/TokenLoginModel.php                                  | 2 ++
 src/Models/UserIdentityModel.php                                | 2 ++
 src/Models/UserModel.php                                        | 2 ++
 src/Result.php                                                  | 2 ++
 src/Test/AuthenticationTesting.php                              | 2 ++
 tests/Authentication/AccessTokenTest.php                        | 2 ++
 tests/Authentication/AuthHelperTest.php                         | 2 ++
 tests/Authentication/AuthTest.php                               | 2 ++
 tests/Authentication/AuthenticationTest.php                     | 2 ++
 .../Authenticators/AccessTokenAuthenticatorTest.php             | 2 ++
 .../Authentication/Authenticators/SessionAuthenticatorTest.php  | 2 ++
 tests/Authentication/Filters/AbstractFilterTest.php             | 2 ++
 tests/Authentication/Filters/ChainFilterTest.php                | 2 ++
 tests/Authentication/Filters/SessionFilterTest.php              | 2 ++
 tests/Authentication/Filters/TokenFilterTest.php                | 2 ++
 tests/Authentication/HasAccessTokensTest.php                    | 2 ++
 tests/Authentication/MagicLinkTest.php                          | 2 ++
 tests/Authorization/AuthorizableTest.php                        | 2 ++
 tests/Authorization/GroupTest.php                               | 2 ++
 tests/Authorization/GroupsTest.php                              | 2 ++
 tests/Collectors/AuthTest.php                                   | 2 ++
 tests/Commands/Setup/ContentReplacerTest.php                    | 2 ++
 tests/Commands/SetupTest.php                                    | 2 ++
 tests/Controllers/ActionsTest.php                               | 2 ++
 tests/Controllers/LoginTest.php                                 | 2 ++
 tests/Controllers/MagicLinkTest.php                             | 2 ++
 tests/Controllers/RegisterTest.php                              | 2 ++
 tests/Language/AbstractTranslationTestCase.php                  | 2 ++
 tests/Language/FarsiTranslationTest.php                         | 2 ++
 tests/Language/FrenchTranslationTest.php                        | 2 ++
 tests/Language/GermanTranslationTest.php                        | 2 ++
 tests/Language/IndonesianTranslationTest.php                    | 2 ++
 tests/Language/JapaneseTranslationTest.php                      | 2 ++
 tests/Language/SlovakTranslationTest.php                        | 2 ++
 tests/Language/SpanishTranslationTest.php                       | 2 ++
 tests/Unit/AuthRoutesTest.php                                   | 2 ++
 tests/Unit/CompositionValidatorTest.php                         | 2 ++
 tests/Unit/DictionaryValidatorTest.php                          | 2 ++
 tests/Unit/LoginModelTest.php                                   | 2 ++
 tests/Unit/NothingPersonalValidatorTest.php                     | 2 ++
 tests/Unit/PasswordsTest.php                                    | 2 ++
 tests/Unit/PwnedValidatorTest.php                               | 2 ++
 tests/Unit/UserIdentityModelTest.php                            | 2 ++
 tests/Unit/UserModelTest.php                                    | 2 ++
 tests/Unit/UserTest.php                                         | 2 ++
 tests/_support/DatabaseTestCase.php                             | 2 ++
 tests/_support/FakeUser.php                                     | 2 ++
 tests/_support/TestCase.php                                     | 2 ++
 116 files changed, 232 insertions(+)

diff --git a/src/Auth.php b/src/Auth.php
index 2d9b92705..2a0525eb9 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield;
 
 use CodeIgniter\Router\RouteCollection;
diff --git a/src/Authentication/Actions/ActionInterface.php b/src/Authentication/Actions/ActionInterface.php
index 0e316bfa8..8d75c332c 100644
--- a/src/Authentication/Actions/ActionInterface.php
+++ b/src/Authentication/Actions/ActionInterface.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Actions;
 
 use CodeIgniter\HTTP\IncomingRequest;
diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index 417f601f3..82e5c7d34 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Actions;
 
 use CodeIgniter\HTTP\IncomingRequest;
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index 13e7a5667..75de1606f 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Actions;
 
 use CodeIgniter\Exceptions\PageNotFoundException;
diff --git a/src/Authentication/Authentication.php b/src/Authentication/Authentication.php
index 3aeb7f255..b6fb7eb5c 100644
--- a/src/Authentication/Authentication.php
+++ b/src/Authentication/Authentication.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication;
 
 use CodeIgniter\Shield\Config\Auth as AuthConfig;
diff --git a/src/Authentication/AuthenticationException.php b/src/Authentication/AuthenticationException.php
index 75806ebf2..68d34ecf5 100644
--- a/src/Authentication/AuthenticationException.php
+++ b/src/Authentication/AuthenticationException.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication;
 
 use CodeIgniter\HTTP\Exceptions\HTTPException;
diff --git a/src/Authentication/AuthenticatorInterface.php b/src/Authentication/AuthenticatorInterface.php
index 10550b051..acd6c8b61 100644
--- a/src/Authentication/AuthenticatorInterface.php
+++ b/src/Authentication/AuthenticatorInterface.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication;
 
 use CodeIgniter\Shield\Entities\User;
diff --git a/src/Authentication/Authenticators/AccessTokens.php b/src/Authentication/Authenticators/AccessTokens.php
index 25cd78dbc..bd53a2857 100644
--- a/src/Authentication/Authenticators/AccessTokens.php
+++ b/src/Authentication/Authenticators/AccessTokens.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Authenticators;
 
 use CodeIgniter\HTTP\IncomingRequest;
diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index ace800d9f..1355d83ec 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Authenticators;
 
 use CodeIgniter\Config\Factories;
diff --git a/src/Authentication/Passwords.php b/src/Authentication/Passwords.php
index 61d7f7636..3755b5709 100644
--- a/src/Authentication/Passwords.php
+++ b/src/Authentication/Passwords.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication;
 
 use CodeIgniter\Shield\Authentication\Passwords\ValidatorInterface;
diff --git a/src/Authentication/Passwords/BaseValidator.php b/src/Authentication/Passwords/BaseValidator.php
index 7dc49f8ab..6f7bfe4cf 100644
--- a/src/Authentication/Passwords/BaseValidator.php
+++ b/src/Authentication/Passwords/BaseValidator.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Passwords;
 
 use CodeIgniter\Shield\Config\Auth as AuthConfig;
diff --git a/src/Authentication/Passwords/CompositionValidator.php b/src/Authentication/Passwords/CompositionValidator.php
index 211b0282e..5e85abbdb 100644
--- a/src/Authentication/Passwords/CompositionValidator.php
+++ b/src/Authentication/Passwords/CompositionValidator.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Passwords;
 
 use CodeIgniter\Shield\Authentication\AuthenticationException;
diff --git a/src/Authentication/Passwords/DictionaryValidator.php b/src/Authentication/Passwords/DictionaryValidator.php
index 52f23ed07..b7cb6add4 100644
--- a/src/Authentication/Passwords/DictionaryValidator.php
+++ b/src/Authentication/Passwords/DictionaryValidator.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Passwords;
 
 use CodeIgniter\Shield\Entities\User;
diff --git a/src/Authentication/Passwords/NothingPersonalValidator.php b/src/Authentication/Passwords/NothingPersonalValidator.php
index 63bec7915..c46b5a731 100644
--- a/src/Authentication/Passwords/NothingPersonalValidator.php
+++ b/src/Authentication/Passwords/NothingPersonalValidator.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Passwords;
 
 use CodeIgniter\Shield\Entities\User;
diff --git a/src/Authentication/Passwords/PwnedValidator.php b/src/Authentication/Passwords/PwnedValidator.php
index d643b4b20..ef862b2b8 100644
--- a/src/Authentication/Passwords/PwnedValidator.php
+++ b/src/Authentication/Passwords/PwnedValidator.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Passwords;
 
 use CodeIgniter\Config\Services;
diff --git a/src/Authentication/Passwords/ValidationRules.php b/src/Authentication/Passwords/ValidationRules.php
index b16db7de9..be02de628 100644
--- a/src/Authentication/Passwords/ValidationRules.php
+++ b/src/Authentication/Passwords/ValidationRules.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Passwords;
 
 use CodeIgniter\HTTP\IncomingRequest;
diff --git a/src/Authentication/Passwords/ValidatorInterface.php b/src/Authentication/Passwords/ValidatorInterface.php
index fc04b9421..af187ffa7 100644
--- a/src/Authentication/Passwords/ValidatorInterface.php
+++ b/src/Authentication/Passwords/ValidatorInterface.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Passwords;
 
 use CodeIgniter\Shield\Entities\User;
diff --git a/src/Authentication/Traits/HasAccessTokens.php b/src/Authentication/Traits/HasAccessTokens.php
index 7f5e91c4e..389fe9576 100644
--- a/src/Authentication/Traits/HasAccessTokens.php
+++ b/src/Authentication/Traits/HasAccessTokens.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authentication\Traits;
 
 use CodeIgniter\Shield\Entities\AccessToken;
diff --git a/src/Authorization/AuthorizationException.php b/src/Authorization/AuthorizationException.php
index 337976a17..c01d2912c 100644
--- a/src/Authorization/AuthorizationException.php
+++ b/src/Authorization/AuthorizationException.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authorization;
 
 use CodeIgniter\Shield\Exceptions\RuntimeException;
diff --git a/src/Authorization/Groups.php b/src/Authorization/Groups.php
index 9bbe99fdf..918168ec3 100644
--- a/src/Authorization/Groups.php
+++ b/src/Authorization/Groups.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authorization;
 
 use CodeIgniter\Shield\Entities\Group;
diff --git a/src/Authorization/Traits/Authorizable.php b/src/Authorization/Traits/Authorizable.php
index 4a1db3dce..ca4dca912 100644
--- a/src/Authorization/Traits/Authorizable.php
+++ b/src/Authorization/Traits/Authorizable.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Authorization\Traits;
 
 use CodeIgniter\I18n\Time;
diff --git a/src/Collectors/Auth.php b/src/Collectors/Auth.php
index b475e75bb..ad19e5637 100644
--- a/src/Collectors/Auth.php
+++ b/src/Collectors/Auth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Collectors;
 
 use CodeIgniter\Debug\Toolbar\Collectors\BaseCollector;
diff --git a/src/Commands/Setup.php b/src/Commands/Setup.php
index d46f22681..7885b7f16 100644
--- a/src/Commands/Setup.php
+++ b/src/Commands/Setup.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Commands;
 
 use CodeIgniter\CLI\BaseCommand;
diff --git a/src/Commands/Setup/ContentReplacer.php b/src/Commands/Setup/ContentReplacer.php
index cfe9dc416..e603e7a11 100644
--- a/src/Commands/Setup/ContentReplacer.php
+++ b/src/Commands/Setup/ContentReplacer.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Commands\Setup;
 
 class ContentReplacer
diff --git a/src/Config/Auth.php b/src/Config/Auth.php
index 85a6d92c5..68f2fea20 100644
--- a/src/Config/Auth.php
+++ b/src/Config/Auth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Config;
 
 use CodeIgniter\Config\BaseConfig;
diff --git a/src/Config/AuthGroups.php b/src/Config/AuthGroups.php
index efc9c898e..95309f1b0 100644
--- a/src/Config/AuthGroups.php
+++ b/src/Config/AuthGroups.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Config;
 
 use CodeIgniter\Config\BaseConfig;
diff --git a/src/Config/AuthRoutes.php b/src/Config/AuthRoutes.php
index 83af097d5..c21431e98 100644
--- a/src/Config/AuthRoutes.php
+++ b/src/Config/AuthRoutes.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Config;
 
 use CodeIgniter\Config\BaseConfig;
diff --git a/src/Config/AuthSession.php b/src/Config/AuthSession.php
index a83065afa..f9c4c28b3 100644
--- a/src/Config/AuthSession.php
+++ b/src/Config/AuthSession.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Config;
 
 use CodeIgniter\Config\BaseConfig;
diff --git a/src/Config/Registrar.php b/src/Config/Registrar.php
index 521376b3b..f212e7962 100644
--- a/src/Config/Registrar.php
+++ b/src/Config/Registrar.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Config;
 
 use CodeIgniter\Shield\Authentication\Passwords\ValidationRules as PasswordRules;
diff --git a/src/Config/Services.php b/src/Config/Services.php
index 76b4e4888..2fb696176 100644
--- a/src/Config/Services.php
+++ b/src/Config/Services.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Config;
 
 use CodeIgniter\Shield\Auth;
diff --git a/src/Controllers/ActionController.php b/src/Controllers/ActionController.php
index 895a515e0..be43a87d8 100644
--- a/src/Controllers/ActionController.php
+++ b/src/Controllers/ActionController.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Controllers;
 
 use App\Controllers\BaseController;
diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
index caa69e958..ee0d22674 100644
--- a/src/Controllers/LoginController.php
+++ b/src/Controllers/LoginController.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Controllers;
 
 use App\Controllers\BaseController;
diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index 55740e9ff..ed9a74b9f 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Controllers;
 
 use App\Controllers\BaseController;
diff --git a/src/Controllers/RegisterController.php b/src/Controllers/RegisterController.php
index 00c873974..925016b4e 100644
--- a/src/Controllers/RegisterController.php
+++ b/src/Controllers/RegisterController.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Controllers;
 
 use App\Controllers\BaseController;
diff --git a/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php b/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php
index 53a17bcb1..53667dad2 100644
--- a/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php
+++ b/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Database\Migrations;
 
 use CodeIgniter\Database\Migration;
diff --git a/src/Entities/AccessToken.php b/src/Entities/AccessToken.php
index d6fdd9e1a..1bc0cfab7 100644
--- a/src/Entities/AccessToken.php
+++ b/src/Entities/AccessToken.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Entities;
 
 use CodeIgniter\Entity\Entity;
diff --git a/src/Entities/Cast/IntBoolCast.php b/src/Entities/Cast/IntBoolCast.php
index 92402b002..401a52aa7 100644
--- a/src/Entities/Cast/IntBoolCast.php
+++ b/src/Entities/Cast/IntBoolCast.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Entities\Cast;
 
 use CodeIgniter\Entity\Cast\BaseCast;
diff --git a/src/Entities/Entity.php b/src/Entities/Entity.php
index 51b613aea..5708c8a41 100644
--- a/src/Entities/Entity.php
+++ b/src/Entities/Entity.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Entities;
 
 use CodeIgniter\Entity\Entity as FrameworkEntity;
diff --git a/src/Entities/Group.php b/src/Entities/Group.php
index 56d4b6bd3..5796ad212 100644
--- a/src/Entities/Group.php
+++ b/src/Entities/Group.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Entities;
 
 use CodeIgniter\Entity\Entity;
diff --git a/src/Entities/Login.php b/src/Entities/Login.php
index 640437a7b..d6859f132 100644
--- a/src/Entities/Login.php
+++ b/src/Entities/Login.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Entities;
 
 class Login extends Entity
diff --git a/src/Entities/User.php b/src/Entities/User.php
index ab4b7e568..44df161e6 100644
--- a/src/Entities/User.php
+++ b/src/Entities/User.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Entities;
 
 use CodeIgniter\Database\Exceptions\DataException;
diff --git a/src/Entities/UserIdentity.php b/src/Entities/UserIdentity.php
index 30fbd47bf..6ddff1c18 100644
--- a/src/Entities/UserIdentity.php
+++ b/src/Entities/UserIdentity.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Entities;
 
 use CodeIgniter\Shield\Authentication\Passwords;
diff --git a/src/Exceptions/BaseException.php b/src/Exceptions/BaseException.php
index ddaa8c1a7..693d58c8f 100644
--- a/src/Exceptions/BaseException.php
+++ b/src/Exceptions/BaseException.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Exceptions;
 
 use Throwable;
diff --git a/src/Exceptions/InvalidArgumentException.php b/src/Exceptions/InvalidArgumentException.php
index 7f7e22cc6..f01a5382a 100644
--- a/src/Exceptions/InvalidArgumentException.php
+++ b/src/Exceptions/InvalidArgumentException.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Exceptions;
 
 class InvalidArgumentException extends LogicException implements BaseException
diff --git a/src/Exceptions/LogicException.php b/src/Exceptions/LogicException.php
index 208c9fd26..5825f9159 100644
--- a/src/Exceptions/LogicException.php
+++ b/src/Exceptions/LogicException.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Exceptions;
 
 class LogicException extends \LogicException implements BaseException
diff --git a/src/Exceptions/RuntimeException.php b/src/Exceptions/RuntimeException.php
index b60ecbfe5..e5a507ecd 100644
--- a/src/Exceptions/RuntimeException.php
+++ b/src/Exceptions/RuntimeException.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Exceptions;
 
 class RuntimeException extends \RuntimeException implements BaseException
diff --git a/src/Exceptions/SecurityException.php b/src/Exceptions/SecurityException.php
index 6caa536a9..b0646c057 100644
--- a/src/Exceptions/SecurityException.php
+++ b/src/Exceptions/SecurityException.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Exceptions;
 
 use RuntimeException;
diff --git a/src/Exceptions/ValidationException.php b/src/Exceptions/ValidationException.php
index 2ca44e727..9b6d51d52 100644
--- a/src/Exceptions/ValidationException.php
+++ b/src/Exceptions/ValidationException.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Exceptions;
 
 use RuntimeException;
diff --git a/src/Filters/AuthRates.php b/src/Filters/AuthRates.php
index abb84bed6..5843bc4ba 100644
--- a/src/Filters/AuthRates.php
+++ b/src/Filters/AuthRates.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Filters;
 
 use CodeIgniter\Filters\FilterInterface;
diff --git a/src/Filters/ChainAuth.php b/src/Filters/ChainAuth.php
index 29bfa8056..6922a36f2 100644
--- a/src/Filters/ChainAuth.php
+++ b/src/Filters/ChainAuth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Filters;
 
 use CodeIgniter\Filters\FilterInterface;
diff --git a/src/Filters/SessionAuth.php b/src/Filters/SessionAuth.php
index 036bde5c1..04907a196 100644
--- a/src/Filters/SessionAuth.php
+++ b/src/Filters/SessionAuth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Filters;
 
 use CodeIgniter\Filters\FilterInterface;
diff --git a/src/Filters/TokenAuth.php b/src/Filters/TokenAuth.php
index 861646c13..d910c177f 100644
--- a/src/Filters/TokenAuth.php
+++ b/src/Filters/TokenAuth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Filters;
 
 use CodeIgniter\Filters\FilterInterface;
diff --git a/src/Helpers/auth_helper.php b/src/Helpers/auth_helper.php
index 615cc80b4..e126d2c81 100644
--- a/src/Helpers/auth_helper.php
+++ b/src/Helpers/auth_helper.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 use CodeIgniter\Shield\Auth;
 
 if (! function_exists('auth')) {
diff --git a/src/Helpers/email_helper.php b/src/Helpers/email_helper.php
index f2314b129..0e4961790 100644
--- a/src/Helpers/email_helper.php
+++ b/src/Helpers/email_helper.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 use CodeIgniter\Email\Email;
 
 if (! defined('emailer')) {
diff --git a/src/Language/de/Auth.php b/src/Language/de/Auth.php
index 57dfa9aec..7d612286b 100644
--- a/src/Language/de/Auth.php
+++ b/src/Language/de/Auth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Language\de;
 
 return [
diff --git a/src/Language/en/Auth.php b/src/Language/en/Auth.php
index e1487deb2..4d49ea742 100644
--- a/src/Language/en/Auth.php
+++ b/src/Language/en/Auth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Language\en;
 
 return [
diff --git a/src/Language/es/Auth.php b/src/Language/es/Auth.php
index 7f948fbfc..81e879e60 100644
--- a/src/Language/es/Auth.php
+++ b/src/Language/es/Auth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Language\es;
 
 return [
diff --git a/src/Language/fa/Auth.php b/src/Language/fa/Auth.php
index ac42e05cd..a77b530d1 100644
--- a/src/Language/fa/Auth.php
+++ b/src/Language/fa/Auth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * This file is part of CodeIgniter 4 framework.
  *
diff --git a/src/Language/fr/Auth.php b/src/Language/fr/Auth.php
index f2b9b12ed..d2213023a 100644
--- a/src/Language/fr/Auth.php
+++ b/src/Language/fr/Auth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Language\fr;
 
 return [
diff --git a/src/Language/id/Auth.php b/src/Language/id/Auth.php
index 9aa6f255b..8d652f774 100644
--- a/src/Language/id/Auth.php
+++ b/src/Language/id/Auth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Language\id;
 
 return [
diff --git a/src/Language/ja/Auth.php b/src/Language/ja/Auth.php
index cf69de829..d2cb33c39 100644
--- a/src/Language/ja/Auth.php
+++ b/src/Language/ja/Auth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Language\ja;
 
 return [
diff --git a/src/Language/sk/Auth.php b/src/Language/sk/Auth.php
index 42a27bbc7..1df2f598f 100644
--- a/src/Language/sk/Auth.php
+++ b/src/Language/sk/Auth.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Language\sk;
 
 return [
diff --git a/src/Models/CheckQueryReturnTrait.php b/src/Models/CheckQueryReturnTrait.php
index fc2b8586c..3ec9a067e 100644
--- a/src/Models/CheckQueryReturnTrait.php
+++ b/src/Models/CheckQueryReturnTrait.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Models;
 
 use CodeIgniter\Shield\Exceptions\ValidationException;
diff --git a/src/Models/DatabaseException.php b/src/Models/DatabaseException.php
index be75de0f7..dd782ce1a 100644
--- a/src/Models/DatabaseException.php
+++ b/src/Models/DatabaseException.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Models;
 
 use CodeIgniter\Shield\Exceptions\RuntimeException;
diff --git a/src/Models/GroupModel.php b/src/Models/GroupModel.php
index 3bd6b9019..63b426f3c 100644
--- a/src/Models/GroupModel.php
+++ b/src/Models/GroupModel.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Models;
 
 use CodeIgniter\Model;
diff --git a/src/Models/LoginModel.php b/src/Models/LoginModel.php
index 2d136763c..08bf3011d 100644
--- a/src/Models/LoginModel.php
+++ b/src/Models/LoginModel.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Models;
 
 use CodeIgniter\I18n\Time;
diff --git a/src/Models/PermissionModel.php b/src/Models/PermissionModel.php
index 004cbcc52..1c648623b 100644
--- a/src/Models/PermissionModel.php
+++ b/src/Models/PermissionModel.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Models;
 
 use CodeIgniter\Model;
diff --git a/src/Models/RememberModel.php b/src/Models/RememberModel.php
index 85c3e1037..ea855cbaa 100644
--- a/src/Models/RememberModel.php
+++ b/src/Models/RememberModel.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Models;
 
 use CodeIgniter\I18n\Time;
diff --git a/src/Models/TokenLoginModel.php b/src/Models/TokenLoginModel.php
index 1ab371b3d..7d885ef0f 100644
--- a/src/Models/TokenLoginModel.php
+++ b/src/Models/TokenLoginModel.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Models;
 
 use CodeIgniter\I18n\Time;
diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php
index 18d828b39..38ffe85c9 100644
--- a/src/Models/UserIdentityModel.php
+++ b/src/Models/UserIdentityModel.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Models;
 
 use CodeIgniter\I18n\Time;
diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
index d1ae44432..3c8d24fe7 100644
--- a/src/Models/UserModel.php
+++ b/src/Models/UserModel.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Models;
 
 use CodeIgniter\Database\Exceptions\DataException;
diff --git a/src/Result.php b/src/Result.php
index 0c1a20205..fa0ce1b37 100644
--- a/src/Result.php
+++ b/src/Result.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield;
 
 use CodeIgniter\Shield\Entities\User;
diff --git a/src/Test/AuthenticationTesting.php b/src/Test/AuthenticationTesting.php
index 842d259eb..b0e4822cd 100644
--- a/src/Test/AuthenticationTesting.php
+++ b/src/Test/AuthenticationTesting.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace CodeIgniter\Shield\Test;
 
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
diff --git a/tests/Authentication/AccessTokenTest.php b/tests/Authentication/AccessTokenTest.php
index ff14cf53d..b5fd8b9d8 100644
--- a/tests/Authentication/AccessTokenTest.php
+++ b/tests/Authentication/AccessTokenTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authentication;
 
 use CodeIgniter\Shield\Entities\AccessToken;
diff --git a/tests/Authentication/AuthHelperTest.php b/tests/Authentication/AuthHelperTest.php
index 7e45e995b..da8dff537 100644
--- a/tests/Authentication/AuthHelperTest.php
+++ b/tests/Authentication/AuthHelperTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authentication;
 
 use CodeIgniter\Shield\Authentication\AuthenticationException;
diff --git a/tests/Authentication/AuthTest.php b/tests/Authentication/AuthTest.php
index 05aca89b6..100760c7a 100644
--- a/tests/Authentication/AuthTest.php
+++ b/tests/Authentication/AuthTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authentication;
 
 use CodeIgniter\Shield\Config\Services;
diff --git a/tests/Authentication/AuthenticationTest.php b/tests/Authentication/AuthenticationTest.php
index c4563b87f..cfa55d880 100644
--- a/tests/Authentication/AuthenticationTest.php
+++ b/tests/Authentication/AuthenticationTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authentication;
 
 use CodeIgniter\Shield\Authentication\Authentication;
diff --git a/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php b/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
index 3a5230f31..699617405 100644
--- a/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
+++ b/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authentication\Authenticators;
 
 use CodeIgniter\I18n\Time;
diff --git a/tests/Authentication/Authenticators/SessionAuthenticatorTest.php b/tests/Authentication/Authenticators/SessionAuthenticatorTest.php
index 14f83314f..bba1eed8a 100644
--- a/tests/Authentication/Authenticators/SessionAuthenticatorTest.php
+++ b/tests/Authentication/Authenticators/SessionAuthenticatorTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authentication\Authenticators;
 
 use CodeIgniter\Shield\Authentication\Authentication;
diff --git a/tests/Authentication/Filters/AbstractFilterTest.php b/tests/Authentication/Filters/AbstractFilterTest.php
index e747e7359..f5cd12840 100644
--- a/tests/Authentication/Filters/AbstractFilterTest.php
+++ b/tests/Authentication/Filters/AbstractFilterTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authentication\Filters;
 
 use CodeIgniter\Config\Factories;
diff --git a/tests/Authentication/Filters/ChainFilterTest.php b/tests/Authentication/Filters/ChainFilterTest.php
index 5f5b8c1ab..0231f6f24 100644
--- a/tests/Authentication/Filters/ChainFilterTest.php
+++ b/tests/Authentication/Filters/ChainFilterTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authentication\Filters;
 
 use CodeIgniter\Shield\Entities\AccessToken;
diff --git a/tests/Authentication/Filters/SessionFilterTest.php b/tests/Authentication/Filters/SessionFilterTest.php
index ddc37a44d..de711b2b9 100644
--- a/tests/Authentication/Filters/SessionFilterTest.php
+++ b/tests/Authentication/Filters/SessionFilterTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authentication\Filters;
 
 use CodeIgniter\Shield\Filters\SessionAuth;
diff --git a/tests/Authentication/Filters/TokenFilterTest.php b/tests/Authentication/Filters/TokenFilterTest.php
index 71a1d0f15..ec164236c 100644
--- a/tests/Authentication/Filters/TokenFilterTest.php
+++ b/tests/Authentication/Filters/TokenFilterTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authentication\Filters;
 
 use CodeIgniter\Shield\Entities\AccessToken;
diff --git a/tests/Authentication/HasAccessTokensTest.php b/tests/Authentication/HasAccessTokensTest.php
index c59d0aee3..6d5880607 100644
--- a/tests/Authentication/HasAccessTokensTest.php
+++ b/tests/Authentication/HasAccessTokensTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authentication;
 
 use CodeIgniter\Shield\Entities\AccessToken;
diff --git a/tests/Authentication/MagicLinkTest.php b/tests/Authentication/MagicLinkTest.php
index 481cbca39..1920b4d5b 100644
--- a/tests/Authentication/MagicLinkTest.php
+++ b/tests/Authentication/MagicLinkTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authentication;
 
 use CodeIgniter\I18n\Time;
diff --git a/tests/Authorization/AuthorizableTest.php b/tests/Authorization/AuthorizableTest.php
index cd9e79900..0068da21a 100644
--- a/tests/Authorization/AuthorizableTest.php
+++ b/tests/Authorization/AuthorizableTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authorization;
 
 use CodeIgniter\I18n\Time;
diff --git a/tests/Authorization/GroupTest.php b/tests/Authorization/GroupTest.php
index 0585dfb41..25be8bcdd 100644
--- a/tests/Authorization/GroupTest.php
+++ b/tests/Authorization/GroupTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authorization;
 
 use CodeIgniter\Shield\Authorization\Groups;
diff --git a/tests/Authorization/GroupsTest.php b/tests/Authorization/GroupsTest.php
index 62791eddc..219880742 100644
--- a/tests/Authorization/GroupsTest.php
+++ b/tests/Authorization/GroupsTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Authorization;
 
 use CodeIgniter\Shield\Authorization\Groups;
diff --git a/tests/Collectors/AuthTest.php b/tests/Collectors/AuthTest.php
index ff104117f..1c3c50495 100644
--- a/tests/Collectors/AuthTest.php
+++ b/tests/Collectors/AuthTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Collectors;
 
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
diff --git a/tests/Commands/Setup/ContentReplacerTest.php b/tests/Commands/Setup/ContentReplacerTest.php
index a861bc849..9b4c8d8e1 100644
--- a/tests/Commands/Setup/ContentReplacerTest.php
+++ b/tests/Commands/Setup/ContentReplacerTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Commands\Setup;
 
 use CodeIgniter\Shield\Commands\Setup\ContentReplacer;
diff --git a/tests/Commands/SetupTest.php b/tests/Commands/SetupTest.php
index 54d3903a2..496424bee 100644
--- a/tests/Commands/SetupTest.php
+++ b/tests/Commands/SetupTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Commands;
 
 use CodeIgniter\Shield\Commands\Setup;
diff --git a/tests/Controllers/ActionsTest.php b/tests/Controllers/ActionsTest.php
index b52abc95c..c6eb7b14e 100644
--- a/tests/Controllers/ActionsTest.php
+++ b/tests/Controllers/ActionsTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Controllers;
 
 use CodeIgniter\Config\Factories;
diff --git a/tests/Controllers/LoginTest.php b/tests/Controllers/LoginTest.php
index 1d8bf65f8..542683511 100644
--- a/tests/Controllers/LoginTest.php
+++ b/tests/Controllers/LoginTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Controllers;
 
 use CodeIgniter\Config\Factories;
diff --git a/tests/Controllers/MagicLinkTest.php b/tests/Controllers/MagicLinkTest.php
index 051fb1e9a..1aa14ce81 100644
--- a/tests/Controllers/MagicLinkTest.php
+++ b/tests/Controllers/MagicLinkTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Controllers;
 
 use CodeIgniter\Test\DatabaseTestTrait;
diff --git a/tests/Controllers/RegisterTest.php b/tests/Controllers/RegisterTest.php
index c8cd34045..b4e5f1b02 100644
--- a/tests/Controllers/RegisterTest.php
+++ b/tests/Controllers/RegisterTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Controllers;
 
 use CodeIgniter\Config\Factories;
diff --git a/tests/Language/AbstractTranslationTestCase.php b/tests/Language/AbstractTranslationTestCase.php
index 31658c21f..0f5f4298d 100644
--- a/tests/Language/AbstractTranslationTestCase.php
+++ b/tests/Language/AbstractTranslationTestCase.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * This file is part of CodeIgniter 4 framework.
  *
diff --git a/tests/Language/FarsiTranslationTest.php b/tests/Language/FarsiTranslationTest.php
index 6fe8689f6..ace86cbed 100644
--- a/tests/Language/FarsiTranslationTest.php
+++ b/tests/Language/FarsiTranslationTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * This file is part of CodeIgniter 4 framework.
  *
diff --git a/tests/Language/FrenchTranslationTest.php b/tests/Language/FrenchTranslationTest.php
index d7f0db6ad..df6b64bbf 100644
--- a/tests/Language/FrenchTranslationTest.php
+++ b/tests/Language/FrenchTranslationTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * This file is part of CodeIgniter 4 framework.
  *
diff --git a/tests/Language/GermanTranslationTest.php b/tests/Language/GermanTranslationTest.php
index 8a1ec34c0..8bccc62d6 100644
--- a/tests/Language/GermanTranslationTest.php
+++ b/tests/Language/GermanTranslationTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * This file is part of CodeIgniter 4 framework.
  *
diff --git a/tests/Language/IndonesianTranslationTest.php b/tests/Language/IndonesianTranslationTest.php
index 0b82dc5f7..5e23c1792 100644
--- a/tests/Language/IndonesianTranslationTest.php
+++ b/tests/Language/IndonesianTranslationTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * This file is part of CodeIgniter 4 framework.
  *
diff --git a/tests/Language/JapaneseTranslationTest.php b/tests/Language/JapaneseTranslationTest.php
index 66ebf4d5e..71c1e834e 100644
--- a/tests/Language/JapaneseTranslationTest.php
+++ b/tests/Language/JapaneseTranslationTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * This file is part of CodeIgniter 4 framework.
  *
diff --git a/tests/Language/SlovakTranslationTest.php b/tests/Language/SlovakTranslationTest.php
index 671d6825e..b21914bb5 100644
--- a/tests/Language/SlovakTranslationTest.php
+++ b/tests/Language/SlovakTranslationTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * This file is part of CodeIgniter 4 framework.
  *
diff --git a/tests/Language/SpanishTranslationTest.php b/tests/Language/SpanishTranslationTest.php
index ceee36830..6b6365834 100644
--- a/tests/Language/SpanishTranslationTest.php
+++ b/tests/Language/SpanishTranslationTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * This file is part of CodeIgniter 4 framework.
  *
diff --git a/tests/Unit/AuthRoutesTest.php b/tests/Unit/AuthRoutesTest.php
index 24ba72f2c..e67bec994 100644
--- a/tests/Unit/AuthRoutesTest.php
+++ b/tests/Unit/AuthRoutesTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Unit;
 
 use Tests\Support\TestCase;
diff --git a/tests/Unit/CompositionValidatorTest.php b/tests/Unit/CompositionValidatorTest.php
index d3747d955..a44e6306a 100644
--- a/tests/Unit/CompositionValidatorTest.php
+++ b/tests/Unit/CompositionValidatorTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Unit;
 
 use CodeIgniter\Shield\Authentication\AuthenticationException;
diff --git a/tests/Unit/DictionaryValidatorTest.php b/tests/Unit/DictionaryValidatorTest.php
index 6965f22c0..10b736adb 100644
--- a/tests/Unit/DictionaryValidatorTest.php
+++ b/tests/Unit/DictionaryValidatorTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Unit;
 
 use CodeIgniter\Shield\Authentication\Passwords\DictionaryValidator;
diff --git a/tests/Unit/LoginModelTest.php b/tests/Unit/LoginModelTest.php
index 5c66937aa..464a2b0f5 100644
--- a/tests/Unit/LoginModelTest.php
+++ b/tests/Unit/LoginModelTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Unit;
 
 use CodeIgniter\Shield\Exceptions\ValidationException;
diff --git a/tests/Unit/NothingPersonalValidatorTest.php b/tests/Unit/NothingPersonalValidatorTest.php
index e58930ddc..891da15ec 100644
--- a/tests/Unit/NothingPersonalValidatorTest.php
+++ b/tests/Unit/NothingPersonalValidatorTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Unit;
 
 use CodeIgniter\Shield\Authentication\Passwords\NothingPersonalValidator;
diff --git a/tests/Unit/PasswordsTest.php b/tests/Unit/PasswordsTest.php
index 3a708206f..62ebe2066 100644
--- a/tests/Unit/PasswordsTest.php
+++ b/tests/Unit/PasswordsTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Unit;
 
 use CodeIgniter\Shield\Authentication\Passwords;
diff --git a/tests/Unit/PwnedValidatorTest.php b/tests/Unit/PwnedValidatorTest.php
index b303b3389..9898feeb5 100644
--- a/tests/Unit/PwnedValidatorTest.php
+++ b/tests/Unit/PwnedValidatorTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Unit;
 
 use CodeIgniter\HTTP\Exceptions\HTTPException;
diff --git a/tests/Unit/UserIdentityModelTest.php b/tests/Unit/UserIdentityModelTest.php
index 9b3c619e6..822888c64 100644
--- a/tests/Unit/UserIdentityModelTest.php
+++ b/tests/Unit/UserIdentityModelTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Unit;
 
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
diff --git a/tests/Unit/UserModelTest.php b/tests/Unit/UserModelTest.php
index eb5b60075..6bfe4a708 100644
--- a/tests/Unit/UserModelTest.php
+++ b/tests/Unit/UserModelTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Unit;
 
 use CodeIgniter\Shield\Entities\User;
diff --git a/tests/Unit/UserTest.php b/tests/Unit/UserTest.php
index ec22a0374..5154d63be 100644
--- a/tests/Unit/UserTest.php
+++ b/tests/Unit/UserTest.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Unit;
 
 use CodeIgniter\I18n\Time;
diff --git a/tests/_support/DatabaseTestCase.php b/tests/_support/DatabaseTestCase.php
index eb9d5f20d..2d06f99bb 100644
--- a/tests/_support/DatabaseTestCase.php
+++ b/tests/_support/DatabaseTestCase.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Support;
 
 use CodeIgniter\Test\DatabaseTestTrait;
diff --git a/tests/_support/FakeUser.php b/tests/_support/FakeUser.php
index 93df8ff8c..6cc1fe09e 100644
--- a/tests/_support/FakeUser.php
+++ b/tests/_support/FakeUser.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Support;
 
 use CodeIgniter\Shield\Entities\User;
diff --git a/tests/_support/TestCase.php b/tests/_support/TestCase.php
index 0237d1c21..22ba985d6 100644
--- a/tests/_support/TestCase.php
+++ b/tests/_support/TestCase.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 namespace Tests\Support;
 
 use CodeIgniter\Config\Factories;

From c6475c4c5b4c9a4029fb988bcff404f0c3d2042e Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 15 Aug 2022 08:41:34 +0900
Subject: [PATCH 047/193] refactor: add missing return types

---
 src/Authentication/Authenticators/Session.php                 | 4 ++--
 src/Commands/Setup.php                                        | 2 +-
 .../Authenticators/AccessTokenAuthenticatorTest.php           | 2 +-
 tests/Controllers/MagicLinkTest.php                           | 4 ++--
 tests/Unit/NothingPersonalValidatorTest.php                   | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index 1355d83ec..d2d2f5ee9 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -408,7 +408,7 @@ private function checkUserState(): void
     /**
      * Gets identities for action from database, and set session.
      */
-    private function setAuthAction()
+    private function setAuthAction(): void
     {
         // Get identities for action
         $identities = $this->getIdentitiesForAction();
@@ -711,7 +711,7 @@ private function issueRememberMeToken(): void
         }
     }
 
-    private function removeRememberCookie()
+    private function removeRememberCookie(): void
     {
         /** @var Response $response */
         $response = service('response');
diff --git a/src/Commands/Setup.php b/src/Commands/Setup.php
index 7a38ff1e1..6ade052e8 100644
--- a/src/Commands/Setup.php
+++ b/src/Commands/Setup.php
@@ -247,7 +247,7 @@ private function setupHelper(): void
         $this->add($file, $check, $pattern, $replace);
     }
 
-    private function setupRoutes()
+    private function setupRoutes(): void
     {
         $file = 'Config/Routes.php';
 
diff --git a/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php b/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
index 2b449ff7d..11b5a36ca 100644
--- a/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
+++ b/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
@@ -121,7 +121,7 @@ public function testCheckBadToken(): void
         $this->assertSame(lang('Auth.badToken'), $result->reason());
     }
 
-    public function testCheckOldToken()
+    public function testCheckOldToken(): void
     {
         /** @var User $user */
         $user = fake(UserModel::class);
diff --git a/tests/Controllers/MagicLinkTest.php b/tests/Controllers/MagicLinkTest.php
index 1aa14ce81..7c60816cb 100644
--- a/tests/Controllers/MagicLinkTest.php
+++ b/tests/Controllers/MagicLinkTest.php
@@ -31,7 +31,7 @@ protected function setUp(): void
         Services::injectMock('routes', $routes);
     }
 
-    public function testAfterLoggedInNotAllowDisplayMagicLink()
+    public function testAfterLoggedInNotAllowDisplayMagicLink(): void
     {
         $this->user->createEmailIdentity([
             'email'    => 'foo@example.com',
@@ -47,7 +47,7 @@ public function testAfterLoggedInNotAllowDisplayMagicLink()
         $result->assertRedirectTo(config('Auth')->loginRedirect());
     }
 
-    public function testShowValidateErrorsInMagicLink()
+    public function testShowValidateErrorsInMagicLink(): void
     {
         $result = $this->post('/login/magic-link', [
             'email' => 'foo@example',
diff --git a/tests/Unit/NothingPersonalValidatorTest.php b/tests/Unit/NothingPersonalValidatorTest.php
index 891da15ec..cbc6f80ce 100644
--- a/tests/Unit/NothingPersonalValidatorTest.php
+++ b/tests/Unit/NothingPersonalValidatorTest.php
@@ -152,7 +152,7 @@ public function testIsNotPersonalFalsePositivesCaughtByIsNotSimilar($password):
         $this->assertNotSame($isNotPersonal, $isNotSimilar);
     }
 
-    public function passwordProvider()
+    public function passwordProvider(): array
     {
         return [
             ['JoeTheCaptain'],

From 0971d40bec702cacc57abe36409955060023e994 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 15 Aug 2022 08:41:54 +0900
Subject: [PATCH 048/193] docs: add doc comments

---
 src/Models/UserIdentityModel.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php
index 38ffe85c9..4e82a904e 100644
--- a/src/Models/UserIdentityModel.php
+++ b/src/Models/UserIdentityModel.php
@@ -203,6 +203,8 @@ public function getIdentityBySecret(string $type, ?string $secret): ?UserIdentit
     }
 
     /**
+     * Returns all identities.
+     *
      * @return UserIdentity[]
      */
     public function getIdentities(User $user): array
@@ -220,6 +222,9 @@ public function getIdentitiesByUserIds(array $userIds): array
         return $this->whereIn('user_id', $userIds)->orderBy($this->primaryKey)->findAll();
     }
 
+    /**
+     * Returns the first identity of the type.
+     */
     public function getIdentityByType(User $user, string $type): ?UserIdentity
     {
         return $this->where('user_id', $user->id)
@@ -229,6 +234,8 @@ public function getIdentityByType(User $user, string $type): ?UserIdentity
     }
 
     /**
+     * Returns all identities for the specific types.
+     *
      * @param string[] $types
      *
      * @return UserIdentity[]

From f082905157f5909f094bd7b6fe53dbbee41dc658 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 15 Aug 2022 08:42:15 +0900
Subject: [PATCH 049/193] docs: fix typo in doc comment

---
 src/Models/UserModel.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
index 3c8d24fe7..55f83e0f1 100644
--- a/src/Models/UserModel.php
+++ b/src/Models/UserModel.php
@@ -222,7 +222,7 @@ public function activate(User $user): void
      *
      * @throws ValidationException
      *
-     * @retrun true|int|string Insert ID if $returnID is true
+     * @return int|string|true Insert ID if $returnID is true
      */
     public function insert($data = null, bool $returnID = true)
     {

From a9e74669872d4b8d00c0123fb004f1bb005e0044 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 15 Aug 2022 14:34:19 +0900
Subject: [PATCH 050/193] chore: add void_return for cs-fixer

---
 .php-cs-fixer.dist.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.php-cs-fixer.dist.php b/.php-cs-fixer.dist.php
index 8eee8d3aa..2446c56f6 100644
--- a/.php-cs-fixer.dist.php
+++ b/.php-cs-fixer.dist.php
@@ -17,6 +17,7 @@
 
 $overrides = [
     'declare_strict_types' => true,
+    'void_return'          => true,
 ];
 
 $options = [

From 2cdf921e7349101d05ddd16efe9cfae1d6118f90 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 15 Aug 2022 14:35:22 +0900
Subject: [PATCH 051/193] refactor: add return type void

---
 src/Filters/AuthRates.php   | 4 +---
 src/Filters/ChainAuth.php   | 4 +---
 src/Filters/SessionAuth.php | 4 +---
 src/Filters/TokenAuth.php   | 4 +---
 4 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/src/Filters/AuthRates.php b/src/Filters/AuthRates.php
index 5843bc4ba..85f93f11f 100644
--- a/src/Filters/AuthRates.php
+++ b/src/Filters/AuthRates.php
@@ -48,10 +48,8 @@ public function before(RequestInterface $request, $arguments = null)
      *
      * @param Response|ResponseInterface $response
      * @param array|null                 $arguments
-     *
-     * @return void
      */
-    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
+    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
     {
         // Nothing required
     }
diff --git a/src/Filters/ChainAuth.php b/src/Filters/ChainAuth.php
index 6922a36f2..d30e0e205 100644
--- a/src/Filters/ChainAuth.php
+++ b/src/Filters/ChainAuth.php
@@ -56,10 +56,8 @@ public function before(RequestInterface $request, $arguments = null)
      *
      * @param Response|ResponseInterface $response
      * @param array|null                 $arguments
-     *
-     * @return void
      */
-    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
+    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
     {
         // Nothing required
     }
diff --git a/src/Filters/SessionAuth.php b/src/Filters/SessionAuth.php
index 04907a196..ceed5f611 100644
--- a/src/Filters/SessionAuth.php
+++ b/src/Filters/SessionAuth.php
@@ -60,10 +60,8 @@ public function before(RequestInterface $request, $arguments = null)
      *
      * @param Response|ResponseInterface $response
      * @param array|null                 $arguments
-     *
-     * @return void
      */
-    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
+    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
     {
     }
 }
diff --git a/src/Filters/TokenAuth.php b/src/Filters/TokenAuth.php
index d910c177f..54ed21bcb 100644
--- a/src/Filters/TokenAuth.php
+++ b/src/Filters/TokenAuth.php
@@ -57,10 +57,8 @@ public function before(RequestInterface $request, $arguments = null)
      *
      * @param Response|ResponseInterface $response
      * @param array|null                 $arguments
-     *
-     * @return void
      */
-    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
+    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
     {
     }
 }

From 1de59056f4254021e8560249f05177e29e19f4af Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 15 Aug 2022 14:35:45 +0900
Subject: [PATCH 052/193] docs: add @return

---
 src/Authentication/Actions/EmailActivator.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index 75de1606f..39d6529ae 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -7,6 +7,7 @@
 use CodeIgniter\Exceptions\PageNotFoundException;
 use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\RedirectResponse;
+use CodeIgniter\HTTP\Response;
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
 use CodeIgniter\Shield\Entities\User;
 use CodeIgniter\Shield\Exceptions\LogicException;
@@ -60,6 +61,8 @@ public function show(): string
 
     /**
      * This method is unused.
+     *
+     * @return Response|string
      */
     public function handle(IncomingRequest $request)
     {

From e1a68257299319324f952386530a850e16de4d46 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Tue, 16 Aug 2022 11:54:10 +0330
Subject: [PATCH 053/193] docs: update manual setup

---
 docs/install.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/docs/install.md b/docs/install.md
index bc8158d11..0854483a9 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -15,9 +15,6 @@ These instructions assume that you have already [installed the CodeIgniter 4 app
 > **Note**
 > CodeIgniter Shield requires Codeigniter v4.2.3 or later.
 
-> **Note**
-> You must set ``Config\Security::$csrfProtection`` to `'session'` (or set `security.csrfProtection = session` in your `.env` file) for security reasons, if you use Session Authenticator.
-
 Installation is done through [Composer](https://getcomposer.org). The example assumes you have it installed globally.
 If you have it installed as a phar, or othewise you will need to adjust the way you call composer itself.
 
@@ -89,7 +86,7 @@ If you get `Specified key was too long` error:
 
 ### Command Setup
 
-1. Run the following command. This command handles steps 1-3 of *Manual Setup* and runs the migrations.
+1. Run the following command. This command handles steps 1-4 of *Manual Setup* and runs the migrations.
 
 ```
 > php spark shield:setup
@@ -137,6 +134,8 @@ This requires that all of your controllers extend the `BaseController`, but that
 service('auth')->routes($routes);
 ```
 
+4. **Security Setup** Set `Config\Security::$csrfProtection` to `'session'` (or set `security.csrfProtection = session` in your `.env` file) for security reasons, if you use Session Authenticator.
+
 ## Controller Filters
 
 Shield provides 4 [Controller Filters](https://codeigniter.com/user_guide/incoming/filters.html) you can

From b88bae4f21fd0ef99f817d5455f92a2ac304bcd1 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Tue, 16 Aug 2022 12:12:46 +0330
Subject: [PATCH 054/193] feat: add `setSecurityItem()` for implement security
 instructions

---
 src/Commands/Setup.php | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/src/Commands/Setup.php b/src/Commands/Setup.php
index 6ade052e8..5c3959674 100644
--- a/src/Commands/Setup.php
+++ b/src/Commands/Setup.php
@@ -88,6 +88,8 @@ private function publishConfig(): void
         $this->setupRoutes();
 
         $this->runMigrations();
+
+        $this->setSecurityItem();
     }
 
     /**
@@ -98,6 +100,10 @@ protected function copyAndReplace(string $file, array $replaces): void
     {
         $path = "{$this->sourcePath}/{$file}";
 
+        if ($file === 'Config/Security.php'){
+            $path = "{$this->distPath}/{$file}";
+        }
+
         $content = file_get_contents($path);
 
         $content = $this->replacer->replace($content, $replaces);
@@ -146,7 +152,7 @@ protected function writeFile(string $file, string $content): void
             mkdir($directory, 0777, true);
         }
 
-        if (file_exists($path)) {
+        if (file_exists($path) && $file !== 'Config/Security.php') {
             $overwrite = (bool) CLI::getOption('f');
 
             if (
@@ -159,6 +165,15 @@ protected function writeFile(string $file, string $content): void
             }
         }
 
+        if ($file === 'Config/Security.php'){
+            if (write_file($path, $content)) {
+                CLI::write(CLI::color('  Update: ', 'green') . "We have updated file '{$cleanPath}' for security reasons.");
+            } else {
+                CLI::error("  Error Update {$cleanPath}.");
+            }
+            exit();
+        }
+
         if (write_file($path, $content)) {
             CLI::write(CLI::color('  Created: ', 'green') . $cleanPath);
         } else {
@@ -270,6 +285,19 @@ private function runMigrations(): void
         $command->run(['all' => null]);
     }
 
+    /**
+     * @see https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq
+     */    
+    private function setSecurityItem(): void
+    {
+        $file     = 'Config/Security.php';
+        $replaces = [
+            'public $csrfProtection = \'cookie\';'  => 'public $csrfProtection = \'session\';',
+        ];
+
+        $this->copyAndReplace($file, $replaces);
+    }
+    
     /**
      * This method is for testing.
      */

From 79c9027d1b4d60caef2e6837f47e7588be514398 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Tue, 16 Aug 2022 12:16:03 +0330
Subject: [PATCH 055/193] run: cs-fix

---
 src/Commands/Setup.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/Commands/Setup.php b/src/Commands/Setup.php
index 5c3959674..9b070f15f 100644
--- a/src/Commands/Setup.php
+++ b/src/Commands/Setup.php
@@ -100,7 +100,7 @@ protected function copyAndReplace(string $file, array $replaces): void
     {
         $path = "{$this->sourcePath}/{$file}";
 
-        if ($file === 'Config/Security.php'){
+        if ($file === 'Config/Security.php') {
             $path = "{$this->distPath}/{$file}";
         }
 
@@ -165,12 +165,13 @@ protected function writeFile(string $file, string $content): void
             }
         }
 
-        if ($file === 'Config/Security.php'){
+        if ($file === 'Config/Security.php') {
             if (write_file($path, $content)) {
                 CLI::write(CLI::color('  Update: ', 'green') . "We have updated file '{$cleanPath}' for security reasons.");
             } else {
                 CLI::error("  Error Update {$cleanPath}.");
             }
+
             exit();
         }
 
@@ -287,17 +288,17 @@ private function runMigrations(): void
 
     /**
      * @see https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq
-     */    
+     */
     private function setSecurityItem(): void
     {
         $file     = 'Config/Security.php';
         $replaces = [
-            'public $csrfProtection = \'cookie\';'  => 'public $csrfProtection = \'session\';',
+            'public $csrfProtection = \'cookie\';' => 'public $csrfProtection = \'session\';',
         ];
 
         $this->copyAndReplace($file, $replaces);
     }
-    
+
     /**
      * This method is for testing.
      */

From d19876417f2a2ced85223d6b582a2ebc740610ed Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Wed, 17 Aug 2022 10:36:38 +0330
Subject: [PATCH 056/193] refactor: implementation of security setup without
 using `copyAndReplace()`.

---
 src/Commands/Setup.php | 45 +++++++++++++++++++++++++-----------------
 1 file changed, 27 insertions(+), 18 deletions(-)

diff --git a/src/Commands/Setup.php b/src/Commands/Setup.php
index 9b070f15f..84ccc0efd 100644
--- a/src/Commands/Setup.php
+++ b/src/Commands/Setup.php
@@ -89,7 +89,7 @@ private function publishConfig(): void
 
         $this->runMigrations();
 
-        $this->setSecurityItem();
+        $this->setSecurityCSRF();
     }
 
     /**
@@ -100,10 +100,6 @@ protected function copyAndReplace(string $file, array $replaces): void
     {
         $path = "{$this->sourcePath}/{$file}";
 
-        if ($file === 'Config/Security.php') {
-            $path = "{$this->distPath}/{$file}";
-        }
-
         $content = file_get_contents($path);
 
         $content = $this->replacer->replace($content, $replaces);
@@ -152,7 +148,7 @@ protected function writeFile(string $file, string $content): void
             mkdir($directory, 0777, true);
         }
 
-        if (file_exists($path) && $file !== 'Config/Security.php') {
+        if (file_exists($path)) {
             $overwrite = (bool) CLI::getOption('f');
 
             if (
@@ -165,16 +161,6 @@ protected function writeFile(string $file, string $content): void
             }
         }
 
-        if ($file === 'Config/Security.php') {
-            if (write_file($path, $content)) {
-                CLI::write(CLI::color('  Update: ', 'green') . "We have updated file '{$cleanPath}' for security reasons.");
-            } else {
-                CLI::error("  Error Update {$cleanPath}.");
-            }
-
-            exit();
-        }
-
         if (write_file($path, $content)) {
             CLI::write(CLI::color('  Created: ', 'green') . $cleanPath);
         } else {
@@ -289,14 +275,37 @@ private function runMigrations(): void
     /**
      * @see https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq
      */
-    private function setSecurityItem(): void
+    private function setSecurityCSRF(): void
     {
         $file     = 'Config/Security.php';
         $replaces = [
             'public $csrfProtection = \'cookie\';' => 'public $csrfProtection = \'session\';',
         ];
 
-        $this->copyAndReplace($file, $replaces);
+        $path      = $this->distPath . $file;
+        $cleanPath = clean_path($path);
+
+        if (! is_file($path)) {
+            CLI::error("  Not found file '{$cleanPath}'.");
+
+            return;
+        }
+
+        $content = file_get_contents($path);
+        $output  = $this->replacer->replace($content, $replaces);
+
+        // check $csrfProtection = 'session'
+        if ($output === $content) {
+            CLI::write(CLI::color('  Security Setup: ', 'green') . 'Everything is fine.');
+
+            return;
+        }
+
+        if (write_file($path, $output)) {
+            CLI::write(CLI::color('  Update: ', 'green') . "We have updated file '{$cleanPath}' for security reasons.");
+        } else {
+            CLI::error("  Error updating file '{$cleanPath}'.");
+        }
     }
 
     /**

From c9d17834498ae7ca02a30ddc810d550104aa6879 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Wed, 17 Aug 2022 11:07:55 +0330
Subject: [PATCH 057/193] tests: add test for `setSecurityCSRF()`

---
 tests/Commands/SetupTest.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/Commands/SetupTest.php b/tests/Commands/SetupTest.php
index 496424bee..dd1ec804a 100644
--- a/tests/Commands/SetupTest.php
+++ b/tests/Commands/SetupTest.php
@@ -60,6 +60,9 @@ public function testRun(): void
         $routes = file_get_contents($appFolder . 'Config/Routes.php');
         $this->assertStringContainsString('service(\'auth\')->routes($routes);', $routes);
 
+        $security = file_get_contents($appFolder . 'Config/Security.php');
+        $this->assertStringContainsString('public $csrfProtection = \'session\';', $security);
+
         $result = str_replace(["\033[0;32m", "\033[0m"], '', CITestStreamFilter::$buffer);
 
         $this->assertStringContainsString(
@@ -73,5 +76,10 @@ public function testRun(): void
             'Running all new migrations...',
             $result
         );
+
+        $this->assertStringContainsString(
+            'Update: We have updated file \'vfs://root/Config/Security.php\' for security reasons.',
+            $result
+        );
     }
 }

From 1a2bd934ac602da1306691b504937a292f4103ef Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Wed, 17 Aug 2022 14:20:50 +0330
Subject: [PATCH 058/193] refactor: edit for integration.

---
 src/Commands/Setup.php       | 30 +++++++++++++++---------------
 tests/Commands/SetupTest.php |  8 ++------
 2 files changed, 17 insertions(+), 21 deletions(-)

diff --git a/src/Commands/Setup.php b/src/Commands/Setup.php
index 84ccc0efd..1b8bea0b8 100644
--- a/src/Commands/Setup.php
+++ b/src/Commands/Setup.php
@@ -87,9 +87,9 @@ private function publishConfig(): void
         $this->setupHelper();
         $this->setupRoutes();
 
-        $this->runMigrations();
-
         $this->setSecurityCSRF();
+
+        $this->runMigrations();
     }
 
     /**
@@ -260,18 +260,6 @@ private function setupRoutes(): void
         $this->add($file, $check, $pattern, $replace);
     }
 
-    private function runMigrations(): void
-    {
-        if (
-            $this->cliPrompt('  Run `spark migrate --all` now?', ['y', 'n']) === 'n'
-        ) {
-            return;
-        }
-
-        $command = new Migrate(Services::logger(), Services::commands());
-        $command->run(['all' => null]);
-    }
-
     /**
      * @see https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq
      */
@@ -302,12 +290,24 @@ private function setSecurityCSRF(): void
         }
 
         if (write_file($path, $output)) {
-            CLI::write(CLI::color('  Update: ', 'green') . "We have updated file '{$cleanPath}' for security reasons.");
+            CLI::write(CLI::color('  Updated: ', 'green') . "We have updated file '{$cleanPath}' for security reasons.");
         } else {
             CLI::error("  Error updating file '{$cleanPath}'.");
         }
     }
 
+    private function runMigrations(): void
+    {
+        if (
+            $this->cliPrompt('  Run `spark migrate --all` now?', ['y', 'n']) === 'n'
+        ) {
+            return;
+        }
+
+        $command = new Migrate(Services::logger(), Services::commands());
+        $command->run(['all' => null]);
+    }
+
     /**
      * This method is for testing.
      */
diff --git a/tests/Commands/SetupTest.php b/tests/Commands/SetupTest.php
index dd1ec804a..a0b2659f9 100644
--- a/tests/Commands/SetupTest.php
+++ b/tests/Commands/SetupTest.php
@@ -69,17 +69,13 @@ public function testRun(): void
             '  Created: vfs://root/Config/Auth.php
   Created: vfs://root/Config/AuthGroups.php
   Updated: vfs://root/Controllers/BaseController.php
-  Updated: vfs://root/Config/Routes.php',
+  Updated: vfs://root/Config/Routes.php
+  Updated: We have updated file \'vfs://root/Config/Security.php\' for security reasons.',
             $result
         );
         $this->assertStringContainsString(
             'Running all new migrations...',
             $result
         );
-
-        $this->assertStringContainsString(
-            'Update: We have updated file \'vfs://root/Config/Security.php\' for security reasons.',
-            $result
-        );
     }
 }

From b473da1c68990fce3251dcb3e3b0dc562c0f7313 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 19 Aug 2022 13:20:39 +0900
Subject: [PATCH 059/193] style: composer cs-fix

---
 tests/Controllers/LoginTest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/Controllers/LoginTest.php b/tests/Controllers/LoginTest.php
index 542683511..e56392ed1 100644
--- a/tests/Controllers/LoginTest.php
+++ b/tests/Controllers/LoginTest.php
@@ -118,7 +118,7 @@ public function testLoginActionUsernameSuccess(): void
         Time::setTestNow('March 10, 2017', 'America/Chicago');
 
         // Change the validation rules
-        $config           = new class () extends Validation {
+        $config = new class () extends Validation {
             public $login = [
                 'password' => 'required',
             ];

From 0fc6ceb6b7a9e18ee3d789fc50458bbf401cbac3 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 10 Aug 2022 15:38:28 +0900
Subject: [PATCH 060/193] docs: add comments

---
 src/Authentication/Authenticators/Session.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index d2d2f5ee9..90bf35c68 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -35,14 +35,17 @@ class Session implements AuthenticatorInterface
      */
     public const ID_TYPE_USERNAME = 'username';
 
+    // Identity types
     public const ID_TYPE_EMAIL_PASSWORD = 'email_password';
     public const ID_TYPE_MAGIC_LINK     = 'magic-link';
     public const ID_TYPE_EMAIL_2FA      = 'email_2fa';
     public const ID_TYPE_EMAIL_ACTIVATE = 'email_activate';
-    private const STATE_UNKNOWN         = 0;
-    private const STATE_ANONYMOUS       = 1;
-    private const STATE_PENDING         = 2;
-    private const STATE_LOGGED_IN       = 3;
+
+    // User states
+    private const STATE_UNKNOWN   = 0; // Not checked yet.
+    private const STATE_ANONYMOUS = 1;
+    private const STATE_PENDING   = 2; // 2FA or Activation required.
+    private const STATE_LOGGED_IN = 3;
 
     /**
      * The persistence engine

From bd23a55e84fb08cb1d4d2a3189f66a45db105451 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 10 Aug 2022 15:39:40 +0900
Subject: [PATCH 061/193] refactor: split setAuthAction() processing into
 separate methods for each action

---
 src/Authentication/Authenticators/Session.php | 45 ++++++++++++++++---
 1 file changed, 40 insertions(+), 5 deletions(-)

diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index 90bf35c68..eaa0c81a4 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -413,11 +413,21 @@ private function checkUserState(): void
      */
     private function setAuthAction(): void
     {
-        // Get identities for action
-        $identities = $this->getIdentitiesForAction();
+        // First, check ID_TYPE_EMAIL_ACTIVATE identity
+        $this->setAuthActionEmailActivate();
 
-        // Having an action?
-        foreach ($identities as $identity) {
+        // Next, check ID_TYPE_EMAIL_2FA identity
+        $this->setAuthActionEmail2FA();
+    }
+
+    private function setAuthActionEmailActivate(): bool
+    {
+        $identity = $this->userIdentityModel->getIdentityByType(
+            $this->user,
+            self::ID_TYPE_EMAIL_ACTIVATE
+        );
+
+        if ($identity) {
             $actionClass = setting('Auth.actions')[$identity->name];
 
             if ($actionClass) {
@@ -426,9 +436,34 @@ private function setAuthAction(): void
                 $this->setSessionKey('auth_action', $actionClass);
                 $this->setSessionKey('auth_action_message', $identity->extra);
 
-                return;
+                return true;
             }
         }
+
+        return false;
+    }
+
+    private function setAuthActionEmail2FA(): bool
+    {
+        $identity = $this->userIdentityModel->getIdentityByType(
+            $this->user,
+            self::ID_TYPE_EMAIL_2FA
+        );
+
+        if ($identity) {
+            $actionClass = setting('Auth.actions')[$identity->name];
+
+            if ($actionClass) {
+                $this->userState = self::STATE_PENDING;
+
+                $this->setSessionKey('auth_action', $actionClass);
+                $this->setSessionKey('auth_action_message', $identity->extra);
+
+                return true;
+            }
+        }
+
+        return false;
     }
 
     /**

From 48a3f1542e09368e0702aec7242e49c0e3f08267 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 10 Aug 2022 15:41:19 +0900
Subject: [PATCH 062/193] fix: add missing check for email_activate identity

---
 src/Authentication/Authenticators/Session.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index eaa0c81a4..7ffab2c94 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -152,6 +152,9 @@ public function attempt(array $credentials): Result
         // Update the user's last used date on their password identity.
         $user->touchIdentity($user->getEmailIdentity());
 
+        // Check ID_TYPE_EMAIL_ACTIVATE identity
+        $hasEmailActivate = $this->setAuthActionEmailActivate();
+
         // If an action has been defined for login, start it up.
         $hasAction = $this->startUpAction('login', $user);
 
@@ -161,7 +164,7 @@ public function attempt(array $credentials): Result
 
         $this->issueRememberMeToken();
 
-        if (! $hasAction) {
+        if (! $hasAction && ! $hasEmailActivate) {
             $this->completeLogin($user);
         }
 

From 165ea27807f5e9d48ba1d3a83477d34733d36b3b Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 10 Aug 2022 16:30:08 +0900
Subject: [PATCH 063/193] refactor: add intermediate variable

To jump to the method defintions on IDE.
---
 src/Controllers/LoginController.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
index ee0d22674..d7741392a 100644
--- a/src/Controllers/LoginController.php
+++ b/src/Controllers/LoginController.php
@@ -44,14 +44,18 @@ public function loginAction(): RedirectResponse
         $credentials['password'] = $this->request->getPost('password');
         $remember                = (bool) $this->request->getPost('remember');
 
+        /** @var Session $authenticator */
+        $authenticator = auth('session')->getAuthenticator();
+
         // Attempt to login
-        $result = auth('session')->remember($remember)->attempt($credentials);
+        $result = $authenticator->remember($remember)->attempt($credentials);
         if (! $result->isOK()) {
             return redirect()->route('login')->withInput()->with('error', $result->reason());
         }
 
         // custom bit of information
         $user = $result->extraInfo();
+
         /** @var Session $authenticator */
         $authenticator = auth('session')->getAuthenticator();
 

From 1e2a928cb425680652861e4bb576add467590e84 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 10 Aug 2022 16:35:15 +0900
Subject: [PATCH 064/193] docs: add doc comments

---
 src/Authentication/Authenticators/Session.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index 7ffab2c94..382cb1112 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -423,6 +423,9 @@ private function setAuthAction(): void
         $this->setAuthActionEmail2FA();
     }
 
+    /**
+     * @return bool true if the action is set in the session.
+     */
     private function setAuthActionEmailActivate(): bool
     {
         $identity = $this->userIdentityModel->getIdentityByType(
@@ -446,6 +449,9 @@ private function setAuthActionEmailActivate(): bool
         return false;
     }
 
+    /**
+     * @return bool true if the action is set in the session.
+     */
     private function setAuthActionEmail2FA(): bool
     {
         $identity = $this->userIdentityModel->getIdentityByType(

From 73823f2d83eca976d65124638f7aec5077cc7632 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 10 Aug 2022 16:36:42 +0900
Subject: [PATCH 065/193] refactor: remove code that was executed twice

Session::startUpAction('login', $user) is executed in Session::attempt().
---
 src/Authentication/Authenticators/Session.php | 29 +++++++++++++++++--
 src/Controllers/LoginController.php           |  3 +-
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index 382cb1112..25401c8e3 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -411,16 +411,39 @@ private function checkUserState(): void
         $this->userState = self::STATE_ANONYMOUS;
     }
 
+    /**
+     * Has Auth Action?
+     */
+    public function hasAction(): bool
+    {
+        // Check the Session
+        if ($this->getSessionKey('auth_action')) {
+            return true;
+        }
+
+        // Check the database
+        return $this->setAuthAction();
+    }
+
     /**
      * Gets identities for action from database, and set session.
+     *
+     * @return bool true if the action is set in the session.
      */
-    private function setAuthAction(): void
+    private function setAuthAction(): bool
     {
+        if ($this->user === null) {
+            return false;
+        }
+
         // First, check ID_TYPE_EMAIL_ACTIVATE identity
-        $this->setAuthActionEmailActivate();
+        $hasAction = $this->setAuthActionEmailActivate();
+        if ($hasAction) {
+            return true;
+        }
 
         // Next, check ID_TYPE_EMAIL_2FA identity
-        $this->setAuthActionEmail2FA();
+        return $this->setAuthActionEmail2FA();
     }
 
     /**
diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
index d7741392a..b74430ae2 100644
--- a/src/Controllers/LoginController.php
+++ b/src/Controllers/LoginController.php
@@ -60,8 +60,7 @@ public function loginAction(): RedirectResponse
         $authenticator = auth('session')->getAuthenticator();
 
         // If an action has been defined for login, start it up.
-        $hasAction = $authenticator->startUpAction('login', $user);
-        if ($hasAction) {
+        if ($authenticator->hasAction()) {
             return redirect()->route('auth-action-show')->withCookies();
         }
 

From 870a01fa87ef978960d3590b2c10a087afc3bc3e Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 10 Aug 2022 16:54:37 +0900
Subject: [PATCH 066/193] fix: add auth action check in LoginController

---
 src/Controllers/LoginController.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
index b74430ae2..f37244de5 100644
--- a/src/Controllers/LoginController.php
+++ b/src/Controllers/LoginController.php
@@ -23,6 +23,14 @@ public function loginView()
             return redirect()->to(config('Auth')->loginRedirect());
         }
 
+        /** @var Session $authenticator */
+        $authenticator = auth('session')->getAuthenticator();
+
+        // If an action has been defined for login, start it up.
+        if ($authenticator->hasAction()) {
+            return redirect()->route('auth-action-show');
+        }
+
         return view(setting('Auth.views')['login']);
     }
 

From 80d82f1126c6253a472b21f691d9ba1eb908758b Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 19 Aug 2022 16:16:34 +0900
Subject: [PATCH 067/193] docs: update comment

---
 src/Controllers/LoginController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
index f37244de5..69fbe70bf 100644
--- a/src/Controllers/LoginController.php
+++ b/src/Controllers/LoginController.php
@@ -26,7 +26,7 @@ public function loginView()
         /** @var Session $authenticator */
         $authenticator = auth('session')->getAuthenticator();
 
-        // If an action has been defined for login, start it up.
+        // If an action has been defined, start it up.
         if ($authenticator->hasAction()) {
             return redirect()->route('auth-action-show');
         }

From 9495a928b42b27987df2d3e6e82731cc48fa0637 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 19 Aug 2022 16:17:01 +0900
Subject: [PATCH 068/193] fix: add auth action check in RegisterController

---
 src/Controllers/RegisterController.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/Controllers/RegisterController.php b/src/Controllers/RegisterController.php
index 925016b4e..a205f8697 100644
--- a/src/Controllers/RegisterController.php
+++ b/src/Controllers/RegisterController.php
@@ -39,6 +39,14 @@ public function registerView()
                 ->with('error', lang('Auth.registerDisabled'));
         }
 
+        /** @var Session $authenticator */
+        $authenticator = auth('session')->getAuthenticator();
+
+        // If an action has been defined, start it up.
+        if ($authenticator->hasAction()) {
+            return redirect()->route('auth-action-show');
+        }
+
         return view(setting('Auth.views')['register']);
     }
 

From c2dfeb0de9ceffeff73caea3f7009835dbdbb61b Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 19 Aug 2022 16:19:08 +0900
Subject: [PATCH 069/193] test: add tests

---
 tests/Controllers/RegisterTest.php | 77 ++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)

diff --git a/tests/Controllers/RegisterTest.php b/tests/Controllers/RegisterTest.php
index b4e5f1b02..3ef6cce9b 100644
--- a/tests/Controllers/RegisterTest.php
+++ b/tests/Controllers/RegisterTest.php
@@ -147,6 +147,83 @@ public function testRegisterRedirectsToActionIfDefined(): void
         ]);
     }
 
+    public function testRegisteredButNotActivatedAndLogin(): void
+    {
+        // Ensure our action is defined
+        $config                      = config('Auth');
+        $config->actions['register'] = EmailActivator::class;
+        Factories::injectMock('config', 'Auth', $config);
+
+        $result = $this->post('/register', [
+            'email'            => 'foo@example.com',
+            'username'         => 'foo',
+            'password'         => 'abkdhflkjsdflkjasd;lkjf',
+            'password_confirm' => 'abkdhflkjsdflkjasd;lkjf',
+        ]);
+
+        // Should have been redirected to the action's page.
+        $result->assertRedirectTo('/auth/a/show');
+
+        // Not activated yet, but login again.
+        $result = $this->withSession()->get('/login');
+
+        // Should have been redirected to the action's page.
+        $result->assertRedirectTo('/auth/a/show');
+    }
+
+    public function testRegisteredButNotActivatedAndRegisterAgain(): void
+    {
+        // Ensure our action is defined
+        $config                      = config('Auth');
+        $config->actions['register'] = EmailActivator::class;
+        Factories::injectMock('config', 'Auth', $config);
+
+        $password = 'abkdhflkjsdflkjasd;lkjf';
+
+        $result = $this->post('/register', [
+            'email'            => 'foo@example.com',
+            'username'         => 'foo',
+            'password'         => $password,
+            'password_confirm' => $password,
+        ]);
+
+        // Should have been redirected to the action's page.
+        $result->assertRedirectTo('/auth/a/show');
+
+        // Not activated yet, but register again.
+        $result = $this->withSession()->get('/register');
+
+        // Should have been redirected to the action's page.
+        $result->assertRedirectTo('/auth/a/show');
+    }
+
+    public function testRegisteredAndSessionExpiredAndLogin(): void
+    {
+        // Ensure our action is defined
+        $config                      = config('Auth');
+        $config->actions['register'] = EmailActivator::class;
+        Factories::injectMock('config', 'Auth', $config);
+
+        $result = $this->post('/register', [
+            'email'            => 'foo@example.com',
+            'username'         => 'foo',
+            'password'         => 'abkdhflkjsdflkjasd;lkjf',
+            'password_confirm' => 'abkdhflkjsdflkjasd;lkjf',
+        ]);
+
+        // Should have been redirected to the action's page.
+        $result->assertRedirectTo('/auth/a/show');
+
+        // Not activated yet, and do not set Session (= the session is expired) and login again.
+        $result = $this->post('/login', [
+            'email'    => 'foo@example.com',
+            'password' => 'abkdhflkjsdflkjasd;lkjf',
+        ]);
+
+        // Should have been redirected to the action's page.
+        $result->assertRedirectTo('/auth/a/show');
+    }
+
     public function testRegisterRedirectsIfLoggedIn(): void
     {
         // log them in

From 7f8ad9905201ff22fd1e7541b0b632c1be04af3c Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 19 Aug 2022 16:41:18 +0900
Subject: [PATCH 070/193] refactor: remove unused code

---
 src/Controllers/LoginController.php | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
index 69fbe70bf..81e2c6019 100644
--- a/src/Controllers/LoginController.php
+++ b/src/Controllers/LoginController.php
@@ -61,9 +61,6 @@ public function loginAction(): RedirectResponse
             return redirect()->route('login')->withInput()->with('error', $result->reason());
         }
 
-        // custom bit of information
-        $user = $result->extraInfo();
-
         /** @var Session $authenticator */
         $authenticator = auth('session')->getAuthenticator();
 

From 480fe885fd20522fd8c1158720e07ab640088193 Mon Sep 17 00:00:00 2001
From: Paulo Esteves <pjesteves@outlook.pt>
Date: Fri, 19 Aug 2022 08:56:31 +0100
Subject: [PATCH 071/193] Refactor recordActiveDate() to avoid updating the
 'updated_at' column

---
 src/Authentication/Authenticators/AccessTokens.php |  2 +-
 src/Authentication/Authenticators/Session.php      |  2 +-
 src/Models/UserModel.php                           | 10 ++++++++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/Authentication/Authenticators/AccessTokens.php b/src/Authentication/Authenticators/AccessTokens.php
index 332051b01..762e21fe6 100644
--- a/src/Authentication/Authenticators/AccessTokens.php
+++ b/src/Authentication/Authenticators/AccessTokens.php
@@ -237,6 +237,6 @@ public function recordActiveDate(): void
 
         $this->user->last_active = Time::now();
 
-        $this->provider->save($this->user);
+        $this->provider->updateActiveDate($this->user);
     }
 }
diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index d2d2f5ee9..dfaf89d08 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -830,7 +830,7 @@ public function recordActiveDate(): void
 
         $this->user->last_active = Time::now();
 
-        $this->provider->save($this->user);
+        $this->provider->updateActiveDate($this->user);
     }
 
     /**
diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
index 55f83e0f1..5f3f0389c 100644
--- a/src/Models/UserModel.php
+++ b/src/Models/UserModel.php
@@ -320,4 +320,14 @@ protected function saveEmailIdentity(array $data): array
 
         return $data;
     }
+
+    /**
+     * Updates the user's last active date.
+     */
+    public function updateActiveDate(User $user): void
+    {
+        $this->builder->set('last_active', $user->last_active)
+            ->where('id', $user->id)
+            ->update();
+    }
 }

From 0451ab526c3cb7ae4854df79259d14b77bef956b Mon Sep 17 00:00:00 2001
From: Paulo Esteves <pjesteves@outlook.pt>
Date: Fri, 19 Aug 2022 08:59:05 +0100
Subject: [PATCH 072/193] Add tests

---
 tests/Authentication/Filters/SessionFilterTest.php | 12 ++++++++++++
 tests/Authentication/Filters/TokenFilterTest.php   | 13 +++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/tests/Authentication/Filters/SessionFilterTest.php b/tests/Authentication/Filters/SessionFilterTest.php
index de711b2b9..a42609864 100644
--- a/tests/Authentication/Filters/SessionFilterTest.php
+++ b/tests/Authentication/Filters/SessionFilterTest.php
@@ -45,4 +45,16 @@ public function testFilterSuccess(): void
         // Last Active should have been updated
         $this->assertNotEmpty(auth('session')->user()->last_active);
     }
+
+    public function testRecordActiveDate(): void
+    {
+        $user                   = fake(UserModel::class);
+        $_SESSION['user']['id'] = $user->id;
+
+        $this->withSession(['user' => ['id' => $user->id]])
+            ->get('protected-route');
+
+        // Last Active should be greater than 'updated_at' column
+        $this->assertGreaterThan(auth('session')->user()->updated_at, auth('session')->user()->last_active);
+    }
 }
diff --git a/tests/Authentication/Filters/TokenFilterTest.php b/tests/Authentication/Filters/TokenFilterTest.php
index ec164236c..0f001869d 100644
--- a/tests/Authentication/Filters/TokenFilterTest.php
+++ b/tests/Authentication/Filters/TokenFilterTest.php
@@ -50,4 +50,17 @@ public function testFilterSuccess(): void
         $this->assertInstanceOf(AccessToken::class, auth('tokens')->user()->currentAccessToken());
         $this->assertSame($token->id, auth('tokens')->user()->currentAccessToken()->id);
     }
+
+    public function testRecordActiveDate(): void
+    {
+        /** @var User $user */
+        $user  = fake(UserModel::class);
+        $token = $user->generateAccessToken('foo');
+
+        $this->withHeaders(['Authorization' => 'Bearer ' . $token->raw_token])
+            ->get('protected-route');
+
+        // Last Active should be greater than 'updated_at' column
+        $this->assertGreaterThan(auth('tokens')->user()->updated_at, auth('tokens')->user()->last_active);
+    }
 }

From 90110cf9e3e74340ec7cefd9eca9320c79900f54 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Tue, 16 Aug 2022 07:23:22 +0900
Subject: [PATCH 073/193] fix: redirect()->withInput() or withErrors() causes
 ValidationException

https://github.com/codeigniter4/shield/discussions/381
---
 src/Models/CheckQueryReturnTrait.php | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/Models/CheckQueryReturnTrait.php b/src/Models/CheckQueryReturnTrait.php
index 3ec9a067e..d9973033f 100644
--- a/src/Models/CheckQueryReturnTrait.php
+++ b/src/Models/CheckQueryReturnTrait.php
@@ -32,7 +32,7 @@ private function checkQueryReturn($return): void
 
     private function checkValidationError(): void
     {
-        $validationErrors = $this->validation->getErrors();
+        $validationErrors = $this->getValidationErrors();
 
         if ($validationErrors !== []) {
             $message = 'Validation error:';
@@ -45,6 +45,25 @@ private function checkValidationError(): void
         }
     }
 
+    /**
+     * Gets real validation errors that are not saved in the Session.
+     *
+     * @return string[]
+     */
+    private function getValidationErrors(): array
+    {
+        return $this->getValidationPropertyErrors();
+    }
+
+    private function getValidationPropertyErrors(): array
+    {
+        $refClass    = new ReflectionObject($this->validation);
+        $refProperty = $refClass->getProperty('errors');
+        $refProperty->setAccessible(true);
+
+        return $refProperty->getValue($this->validation);
+    }
+
     private function disableDBDebug(): void
     {
         if (! $this->db->DBDebug) {

From 4d4ac9179895a7ce4ca1a3ffa52c18ae6483e39a Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 17 Aug 2022 08:22:18 +0900
Subject: [PATCH 074/193] docs: add @TODO

---
 src/Models/CheckQueryReturnTrait.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Models/CheckQueryReturnTrait.php b/src/Models/CheckQueryReturnTrait.php
index d9973033f..0fcfe56d9 100644
--- a/src/Models/CheckQueryReturnTrait.php
+++ b/src/Models/CheckQueryReturnTrait.php
@@ -52,6 +52,8 @@ private function checkValidationError(): void
      */
     private function getValidationErrors(): array
     {
+        // @TODO When CI v4.3 is released, you can use `$this->validation->getErrors(false)`.
+        // See https://github.com/codeigniter4/CodeIgniter4/pull/6381
         return $this->getValidationPropertyErrors();
     }
 

From f0b5512a461c696c125454542c0ff0f8d36ec751 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sun, 21 Aug 2022 16:46:09 +0900
Subject: [PATCH 075/193] docs: update comment

---
 src/Models/CheckQueryReturnTrait.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Models/CheckQueryReturnTrait.php b/src/Models/CheckQueryReturnTrait.php
index 0fcfe56d9..777edac1d 100644
--- a/src/Models/CheckQueryReturnTrait.php
+++ b/src/Models/CheckQueryReturnTrait.php
@@ -52,8 +52,8 @@ private function checkValidationError(): void
      */
     private function getValidationErrors(): array
     {
-        // @TODO When CI v4.3 is released, you can use `$this->validation->getErrors(false)`.
-        // See https://github.com/codeigniter4/CodeIgniter4/pull/6381
+        // @TODO When CI v4.3 is released, you don't need this hack.
+        //       See https://github.com/codeigniter4/CodeIgniter4/pull/6384
         return $this->getValidationPropertyErrors();
     }
 

From 332ceb74c41a5f638c887903a422f7f5700deae9 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sun, 21 Aug 2022 17:40:07 +0900
Subject: [PATCH 076/193] refactor: use variable

Cannot find this code from the recordActiveDate() method definition on IDE.
---
 src/Filters/TokenAuth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Filters/TokenAuth.php b/src/Filters/TokenAuth.php
index 54ed21bcb..0a446e803 100644
--- a/src/Filters/TokenAuth.php
+++ b/src/Filters/TokenAuth.php
@@ -48,7 +48,7 @@ public function before(RequestInterface $request, $arguments = null)
         }
 
         if (setting('Auth.recordActiveDate')) {
-            auth('tokens')->recordActiveDate();
+            $authenticator->recordActiveDate();
         }
     }
 

From 783c538d9a224ca1939153a573589b374ca6f0b6 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sat, 20 Aug 2022 13:19:50 +0900
Subject: [PATCH 077/193] refactor: Session::setAuthAction()

setAuthAction() finds an identity for actions from database,
and sets the identity that is found first in the session.
---
 .../Actions/ActionInterface.php               |  7 ++
 src/Authentication/Actions/Email2FA.php       | 12 ++++
 src/Authentication/Actions/EmailActivator.php | 12 ++++
 src/Authentication/Authenticators/Session.php | 64 ++++---------------
 src/Config/Auth.php                           |  8 ++-
 5 files changed, 50 insertions(+), 53 deletions(-)

diff --git a/src/Authentication/Actions/ActionInterface.php b/src/Authentication/Actions/ActionInterface.php
index 8d75c332c..a7a8b5e3b 100644
--- a/src/Authentication/Actions/ActionInterface.php
+++ b/src/Authentication/Actions/ActionInterface.php
@@ -6,6 +6,8 @@
 
 use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\Response;
+use CodeIgniter\Shield\Entities\User;
+use CodeIgniter\Shield\Entities\UserIdentity;
 
 /**
  * Interface ActionInterface
@@ -47,4 +49,9 @@ public function verify(IncomingRequest $request);
      * E.g., 'email_2fa', 'email_activate'.
      */
     public function getType(): string;
+
+    /**
+     * Returns an identity for the action of the user.
+     */
+    public function getIdentity(User $user): ?UserIdentity;
 }
diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index 82e5c7d34..d1b01aaee 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -8,6 +8,7 @@
 use CodeIgniter\HTTP\RedirectResponse;
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
 use CodeIgniter\Shield\Entities\User;
+use CodeIgniter\Shield\Entities\UserIdentity;
 use CodeIgniter\Shield\Exceptions\RuntimeException;
 use CodeIgniter\Shield\Models\UserIdentityModel;
 
@@ -136,6 +137,17 @@ final protected function createIdentity(User $user): void
         );
     }
 
+    public function getIdentity(User $user): ?UserIdentity
+    {
+        /** @var UserIdentityModel $identityModel */
+        $identityModel = model(UserIdentityModel::class);
+
+        return $identityModel->getIdentityByType(
+            $user,
+            Session::ID_TYPE_EMAIL_2FA
+        );
+    }
+
     public function getType(): string
     {
         return $this->type;
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index 39d6529ae..ed2c75e13 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -10,6 +10,7 @@
 use CodeIgniter\HTTP\Response;
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
 use CodeIgniter\Shield\Entities\User;
+use CodeIgniter\Shield\Entities\UserIdentity;
 use CodeIgniter\Shield\Exceptions\LogicException;
 use CodeIgniter\Shield\Exceptions\RuntimeException;
 use CodeIgniter\Shield\Models\UserIdentityModel;
@@ -125,6 +126,17 @@ final protected function createIdentity(User $user): string
         );
     }
 
+    public function getIdentity(User $user): ?UserIdentity
+    {
+        /** @var UserIdentityModel $identityModel */
+        $identityModel = model(UserIdentityModel::class);
+
+        return $identityModel->getIdentityByType(
+            $user,
+            Session::ID_TYPE_EMAIL_ACTIVATE
+        );
+    }
+
     public function getType(): string
     {
         return $this->type;
diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index 559cb7118..6a965a639 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -152,11 +152,11 @@ public function attempt(array $credentials): Result
         // Update the user's last used date on their password identity.
         $user->touchIdentity($user->getEmailIdentity());
 
-        // Check ID_TYPE_EMAIL_ACTIVATE identity
-        $hasEmailActivate = $this->setAuthActionEmailActivate();
+        // Set auth action from database.
+        $this->setAuthAction();
 
         // If an action has been defined for login, start it up.
-        $hasAction = $this->startUpAction('login', $user);
+        $this->startUpAction('login', $user);
 
         $this->startLogin($user);
 
@@ -164,7 +164,7 @@ public function attempt(array $credentials): Result
 
         $this->issueRememberMeToken();
 
-        if (! $hasAction && ! $hasEmailActivate) {
+        if (! $this->hasAction()) {
             $this->completeLogin($user);
         }
 
@@ -426,7 +426,8 @@ public function hasAction(): bool
     }
 
     /**
-     * Gets identities for action from database, and set session.
+     * Finds an identity for actions from database, and sets the identity
+     * that is found first in the session.
      *
      * @return bool true if the action is set in the session.
      */
@@ -436,56 +437,19 @@ private function setAuthAction(): bool
             return false;
         }
 
-        // First, check ID_TYPE_EMAIL_ACTIVATE identity
-        $hasAction = $this->setAuthActionEmailActivate();
-        if ($hasAction) {
-            return true;
-        }
-
-        // Next, check ID_TYPE_EMAIL_2FA identity
-        return $this->setAuthActionEmail2FA();
-    }
-
-    /**
-     * @return bool true if the action is set in the session.
-     */
-    private function setAuthActionEmailActivate(): bool
-    {
-        $identity = $this->userIdentityModel->getIdentityByType(
-            $this->user,
-            self::ID_TYPE_EMAIL_ACTIVATE
-        );
-
-        if ($identity) {
-            $actionClass = setting('Auth.actions')[$identity->name];
-
-            if ($actionClass) {
-                $this->userState = self::STATE_PENDING;
-
-                $this->setSessionKey('auth_action', $actionClass);
-                $this->setSessionKey('auth_action_message', $identity->extra);
+        $authActions = setting('Auth.actions');
 
-                return true;
+        foreach ($authActions as $actionClass) {
+            if ($actionClass === null) {
+                continue;
             }
-        }
-
-        return false;
-    }
 
-    /**
-     * @return bool true if the action is set in the session.
-     */
-    private function setAuthActionEmail2FA(): bool
-    {
-        $identity = $this->userIdentityModel->getIdentityByType(
-            $this->user,
-            self::ID_TYPE_EMAIL_2FA
-        );
+            /** @var ActionInterface $action */
+            $action = Factories::actions($actionClass);  // @phpstan-ignore-line
 
-        if ($identity) {
-            $actionClass = setting('Auth.actions')[$identity->name];
+            $identity = $action->getIdentity($this->user);
 
-            if ($actionClass) {
+            if ($identity) {
                 $this->userState = self::STATE_PENDING;
 
                 $this->setSessionKey('auth_action', $actionClass);
diff --git a/src/Config/Auth.php b/src/Config/Auth.php
index 68f2fea20..cf829afbf 100644
--- a/src/Config/Auth.php
+++ b/src/Config/Auth.php
@@ -54,15 +54,17 @@ class Auth extends BaseConfig
      * Specifies the class that represents an action to take after
      * the user logs in or registers a new account at the site.
      *
+     * You must register actions in the order of the actions to be performed.
+     *
      * Available actions with Shield:
-     * - login:    CodeIgniter\Shield\Authentication\Actions\Email2FA
-     * - register: CodeIgniter\Shield\Authentication\Actions\EmailActivator
+     * - register: 'CodeIgniter\Shield\Authentication\Actions\EmailActivator'
+     * - login:    'CodeIgniter\Shield\Authentication\Actions\Email2FA'
      *
      * @var array<string, class-string<ActionInterface>|null>
      */
     public array $actions = [
-        'login'    => null,
         'register' => null,
+        'login'    => null,
     ];
 
     /**

From aea358a2e6509402175a43e473c737ce58d588c2 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sat, 20 Aug 2022 13:45:10 +0900
Subject: [PATCH 078/193] refactor: rename after*() to createIdentity() in
 Action classes

---
 src/Authentication/Actions/ActionInterface.php |  7 +++++++
 src/Authentication/Actions/Email2FA.php        | 13 +++++--------
 src/Authentication/Actions/EmailActivator.php  | 11 ++++-------
 src/Authentication/Authenticators/Session.php  |  7 ++-----
 src/Models/UserIdentityModel.php               |  2 ++
 5 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/src/Authentication/Actions/ActionInterface.php b/src/Authentication/Actions/ActionInterface.php
index a7a8b5e3b..d440044be 100644
--- a/src/Authentication/Actions/ActionInterface.php
+++ b/src/Authentication/Actions/ActionInterface.php
@@ -50,6 +50,13 @@ public function verify(IncomingRequest $request);
      */
     public function getType(): string;
 
+    /**
+     * Creates an identity for the action of the user.
+     *
+     * @return string secret
+     */
+    public function createIdentity(User $user): string;
+
     /**
      * Returns an identity for the action of the user.
      */
diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index d1b01aaee..b6069edcd 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -112,21 +112,18 @@ public function verify(IncomingRequest $request)
     }
 
     /**
-     * Called from `Session::attempt()`.
+     * Creates an identity for the action of the user.
+     *
+     * @return string secret
      */
-    public function afterLogin(User $user): void
-    {
-        $this->createIdentity($user);
-    }
-
-    final protected function createIdentity(User $user): void
+    public function createIdentity(User $user): string
     {
         /** @var UserIdentityModel $identityModel */
         $identityModel = model(UserIdentityModel::class);
 
         $generator = static fn (): string => random_string('nozero', 6);
 
-        $identityModel->createCodeIdentity(
+        return $identityModel->createCodeIdentity(
             $user,
             [
                 'type'  => $this->type,
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index ed2c75e13..21fb057e4 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -101,14 +101,11 @@ public function verify(IncomingRequest $request)
     }
 
     /**
-     * Called from `RegisterController::registerAction()`
+     * Creates an identity for the action of the user.
+     *
+     * @return string secret
      */
-    public function afterRegister(User $user): void
-    {
-        $this->createIdentity($user);
-    }
-
-    final protected function createIdentity(User $user): string
+    public function createIdentity(User $user): string
     {
         /** @var UserIdentityModel $identityModel */
         $identityModel = model(UserIdentityModel::class);
diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index 6a965a639..108e6c3a4 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -186,14 +186,11 @@ public function startUpAction(string $type, User $user): bool
             return false;
         }
 
+        /** @var ActionInterface $action */
         $action = Factories::actions($actionClass); // @phpstan-ignore-line
 
         // Create identity for the action.
-        // E.g., afterRegister()
-        $method = 'after' . ucfirst($type);
-        if (method_exists($action, $method)) {
-            $action->{$method}($user);
-        }
+        $action->createIdentity($user);
 
         $this->setAuthAction();
 
diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php
index 4e82a904e..1678ce33e 100644
--- a/src/Models/UserIdentityModel.php
+++ b/src/Models/UserIdentityModel.php
@@ -76,6 +76,8 @@ public function createEmailIdentity(User $user, array $credentials): void
      * Create an identity with 6 digits code for auth action
      *
      * @param callable $codeGenerator generate secret code
+     *
+     * @return string secret
      */
     public function createCodeIdentity(
         User $user,

From c354c903cce0168dfbb2f1512044005fa6d43299 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sat, 20 Aug 2022 13:54:44 +0900
Subject: [PATCH 079/193] docs: add doc comments

---
 src/Authentication/Actions/Email2FA.php       | 6 ++++++
 src/Authentication/Actions/EmailActivator.php | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index b6069edcd..fb0ee6e4b 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -134,6 +134,9 @@ public function createIdentity(User $user): string
         );
     }
 
+    /**
+     * Returns an identity for the action of the user.
+     */
     public function getIdentity(User $user): ?UserIdentity
     {
         /** @var UserIdentityModel $identityModel */
@@ -145,6 +148,9 @@ public function getIdentity(User $user): ?UserIdentity
         );
     }
 
+    /**
+     * Returns the string type of the action class.
+     */
     public function getType(): string
     {
         return $this->type;
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index 21fb057e4..fefaded5c 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -123,6 +123,9 @@ public function createIdentity(User $user): string
         );
     }
 
+    /**
+     * Returns an identity for the action of the user.
+     */
     public function getIdentity(User $user): ?UserIdentity
     {
         /** @var UserIdentityModel $identityModel */
@@ -134,6 +137,9 @@ public function getIdentity(User $user): ?UserIdentity
         );
     }
 
+    /**
+     * Returns the string type of the action class.
+     */
     public function getType(): string
     {
         return $this->type;

From 27ce1b1d28098381007f3b0733822fc199a69d18 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sat, 20 Aug 2022 13:55:07 +0900
Subject: [PATCH 080/193] refactor: use property instead of class constant

---
 src/Authentication/Actions/Email2FA.php       | 2 +-
 src/Authentication/Actions/EmailActivator.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index fb0ee6e4b..117da094a 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -144,7 +144,7 @@ public function getIdentity(User $user): ?UserIdentity
 
         return $identityModel->getIdentityByType(
             $user,
-            Session::ID_TYPE_EMAIL_2FA
+            $this->type
         );
     }
 
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index fefaded5c..23e256c6a 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -133,7 +133,7 @@ public function getIdentity(User $user): ?UserIdentity
 
         return $identityModel->getIdentityByType(
             $user,
-            Session::ID_TYPE_EMAIL_ACTIVATE
+            $this->type
         );
     }
 

From ada92774ffec2077e4edcf5fc08e5cf2d624b638 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sat, 20 Aug 2022 17:47:06 +0900
Subject: [PATCH 081/193] docs: add @phpstan-param

---
 src/Models/UserIdentityModel.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php
index 1678ce33e..d10b1273a 100644
--- a/src/Models/UserIdentityModel.php
+++ b/src/Models/UserIdentityModel.php
@@ -75,6 +75,8 @@ public function createEmailIdentity(User $user, array $credentials): void
     /**
      * Create an identity with 6 digits code for auth action
      *
+     * @phpstan-param array{type: string, name: string, extra: string} $data
+     *
      * @param callable $codeGenerator generate secret code
      *
      * @return string secret
@@ -85,7 +87,6 @@ public function createCodeIdentity(
         callable $codeGenerator
     ): string {
         assert($user->id !== null);
-        assert(isset($data['type']));
 
         helper('text');
 

From 933c0e48cb29860ae8328098e737b84f106b006c Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 24 Aug 2022 08:11:48 +0900
Subject: [PATCH 082/193] docs: update the item order in Auth:$actions

---
 docs/auth_actions.md | 4 ++--
 docs/quickstart.md   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/auth_actions.md b/docs/auth_actions.md
index 8ef25bc4e..cc0b859bf 100644
--- a/docs/auth_actions.md
+++ b/docs/auth_actions.md
@@ -18,8 +18,8 @@ Actions are setup in the `Auth` config file, with the `$actions` variable.
 
 ```php
 public $actions = [
-    'login'    => null,
     'register' => null,
+    'login'    => null,
 ];
 ```
 
@@ -27,8 +27,8 @@ To define an action to happen you will specify the class name as the value for t
 
 ```php
 public $actions = [
-    'login'    => 'CodeIgniter\Shield\Authentication\Actions\Email2FA',
     'register' => 'CodeIgniter\Shield\Authentication\Actions\EmailActivator',
+    'login'    => 'CodeIgniter\Shield\Authentication\Actions\Email2FA',
 ];
 ```
 
diff --git a/docs/quickstart.md b/docs/quickstart.md
index 963a060ba..b652e03eb 100644
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -110,8 +110,8 @@ Turned off by default, Shield's Email-based 2FA can be enabled by specifying the
 
 ```php
 public array $actions = [
-    'login'    => 'CodeIgniter\Shield\Authentication\Actions\Email2FA',
     'register' => null,
+    'login'    => 'CodeIgniter\Shield\Authentication\Actions\Email2FA',
 ];
 ```
 
@@ -121,8 +121,8 @@ By default, once a user registers they have an active account that can be used.
 
 ```php
 public array $actions = [
-    'login'    => null,
     'register' => 'CodeIgniter\Shield\Authentication\Actions\EmailActivator',
+    'login'    => null,
 ];
 ```
 

From 41eb9a1017099e22dcb25a0c66956688cf70f21d Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 24 Aug 2022 08:14:21 +0900
Subject: [PATCH 083/193] docs: add explanation for the order of Auth::$actions
 items

---
 docs/auth_actions.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/auth_actions.md b/docs/auth_actions.md
index cc0b859bf..d4fca9c8a 100644
--- a/docs/auth_actions.md
+++ b/docs/auth_actions.md
@@ -32,7 +32,10 @@ public $actions = [
 ];
 ```
 
-Once configured, everything should work out of the box. The routes are added with the basic `auth()->routes($routes)`
+You must register actions in the order of the actions to be performed.
+Once configured, everything should work out of the box.
+
+The routes are added with the basic `auth()->routes($routes)`
 call, but can be manually added if you choose not to use this helper method.
 
 ```php

From 21c8582f6ac4f67ac6dc2e2c1478f2b60114a41d Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 24 Aug 2022 08:45:41 +0900
Subject: [PATCH 084/193] refactor: move logic that deletes any previous
 identities for action to Action classes

The createCodeIdentity() method in Model should not delete records.
---
 src/Authentication/Actions/Email2FA.php       | 3 +++
 src/Authentication/Actions/EmailActivator.php | 3 +++
 src/Models/UserIdentityModel.php              | 3 ---
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index 117da094a..088bf27ac 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -121,6 +121,9 @@ public function createIdentity(User $user): string
         /** @var UserIdentityModel $identityModel */
         $identityModel = model(UserIdentityModel::class);
 
+        // Delete any previous identities for action
+        $identityModel->deleteIdentitiesByType($user, $this->type);
+
         $generator = static fn (): string => random_string('nozero', 6);
 
         return $identityModel->createCodeIdentity(
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index 23e256c6a..a98879c78 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -110,6 +110,9 @@ public function createIdentity(User $user): string
         /** @var UserIdentityModel $identityModel */
         $identityModel = model(UserIdentityModel::class);
 
+        // Delete any previous identities for action
+        $identityModel->deleteIdentitiesByType($user, $this->type);
+
         $generator = static fn (): string => random_string('nozero', 6);
 
         return $identityModel->createCodeIdentity(
diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php
index d10b1273a..b966b2246 100644
--- a/src/Models/UserIdentityModel.php
+++ b/src/Models/UserIdentityModel.php
@@ -90,9 +90,6 @@ public function createCodeIdentity(
 
         helper('text');
 
-        // Delete any previous identities for action
-        $this->deleteIdentitiesByType($user, $data['type']);
-
         // Create an identity for the action
         $maxTry          = 5;
         $data['user_id'] = $user->id;

From 4c8ceeadd9aafd01552362b03051c6fa7fb68cda Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 24 Aug 2022 09:49:59 +0900
Subject: [PATCH 085/193] refactor: use action class's getIdentity() in
 checkAction()

The identity should be managed by the action class.
---
 src/Authentication/Actions/Email2FA.php       | 13 ++++++++++---
 src/Authentication/Actions/EmailActivator.php | 13 ++++++++++---
 src/Authentication/Authenticators/Session.php |  9 +++------
 3 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index 088bf27ac..e8da2f0b5 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -95,13 +95,20 @@ public function handle(IncomingRequest $request)
      */
     public function verify(IncomingRequest $request)
     {
-        $token = $request->getPost('token');
-
         /** @var Session $authenticator */
         $authenticator = auth('session')->getAuthenticator();
 
+        $postedToken = $request->getPost('token');
+
+        $user = $authenticator->getPendingUser();
+        if ($user === null) {
+            throw new RuntimeException('Cannot get the pending login User.');
+        }
+
+        $identity = $this->getIdentity($user);
+
         // Token mismatch? Let them try again...
-        if (! $authenticator->checkAction($this->type, $token)) {
+        if (! $authenticator->checkAction($identity, $postedToken)) {
             session()->setFlashdata('error', lang('Auth.invalid2FAToken'));
 
             return view(setting('Auth.views')['action_email_2fa_verify']);
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index a98879c78..008e46799 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -78,13 +78,20 @@ public function handle(IncomingRequest $request)
      */
     public function verify(IncomingRequest $request)
     {
-        $token = $request->getVar('token');
-
         /** @var Session $authenticator */
         $authenticator = auth('session')->getAuthenticator();
 
+        $postedToken = $request->getVar('token');
+
+        $user = $authenticator->getPendingUser();
+        if ($user === null) {
+            throw new RuntimeException('Cannot get the pending login User.');
+        }
+
+        $identity = $this->getIdentity($user);
+
         // No match - let them try again.
-        if (! $authenticator->checkAction($this->type, $token)) {
+        if (! $authenticator->checkAction($identity, $postedToken)) {
             session()->setFlashdata('error', lang('Auth.invalidActivateToken'));
 
             return view(setting('Auth.views')['action_email_activate_show']);
diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index 108e6c3a4..b370516b6 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -215,10 +215,9 @@ public function getAction(): ?ActionInterface
     /**
      * Check token in Action
      *
-     * @param string $type  Action type. 'email_2fa' or 'email_activate'
      * @param string $token Token to check
      */
-    public function checkAction(string $type, string $token): bool
+    public function checkAction(UserIdentity $identity, string $token): bool
     {
         $user = ($this->loggedIn() || $this->isPending()) ? $this->user : null;
 
@@ -226,14 +225,12 @@ public function checkAction(string $type, string $token): bool
             throw new LogicException('Cannot get the User.');
         }
 
-        $identity = $user->getIdentity($type);
-
         if (empty($token) || $token !== $identity->secret) {
             return false;
         }
 
-        // On success - remove the identity and clean up session
-        $this->userIdentityModel->deleteIdentitiesByType($user, $type);
+        // On success - remove the identity
+        $this->userIdentityModel->deleteIdentitiesByType($user, $identity->type);
 
         // Clean up our session
         $this->removeSessionKey('auth_action');

From 44406982d810c26da4814c54bd2bea80f15849b7 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 24 Aug 2022 09:51:35 +0900
Subject: [PATCH 086/193] docs: make comment more detailed

---
 src/Authentication/Authenticators/Session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index b370516b6..5f7b207bb 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -198,7 +198,7 @@ public function startUpAction(string $type, User $user): bool
     }
 
     /**
-     * Returns an action object.
+     * Returns an action object from the session data
      */
     public function getAction(): ?ActionInterface
     {

From a70e1d01f2514d3473c70c9f49ffe38c37a51141 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 24 Aug 2022 10:27:43 +0900
Subject: [PATCH 087/193] docs: update auth_actions.md

---
 docs/auth_actions.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/auth_actions.md b/docs/auth_actions.md
index d4fca9c8a..67df90893 100644
--- a/docs/auth_actions.md
+++ b/docs/auth_actions.md
@@ -64,7 +64,7 @@ While the provided email-based activation and 2FA will work for many sites, othe
 needs, like using SMS to verify or something completely different. Actions have only one requirement:
 they must implement `CodeIgniter\Shield\Authentication\Actions\ActionInterface`.
 
-The interface defines three methods:
+The interface defines three methods for `ActionController`:
 
 **show()** should display the initial page the user lands on immediately after the authentication task,
 like login. It will typically display instructions to the user and provide an action to take, like
@@ -80,4 +80,4 @@ and provides feedback. In the `Email2FA` class, it verifies the code against wha
 database and either sends them back to the previous form to try again or redirects the user to the
 page that a `login` task would have redirected them to anyway.
 
-All methods should return either a `RedirectResponse` or a view string (e.g. using the `view()` function).
+All methods should return either a `Response` or a view string (e.g. using the `view()` function).

From 79e2cef5c30178d859a705255b3ecd55180225bc Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 24 Aug 2022 10:39:12 +0900
Subject: [PATCH 088/193] refactor: remove ActionInterface::getIdentity()

---
 src/Authentication/Actions/ActionInterface.php | 6 ------
 src/Authentication/Actions/Email2FA.php        | 2 +-
 src/Authentication/Actions/EmailActivator.php  | 2 +-
 src/Authentication/Authenticators/Session.php  | 2 +-
 4 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/src/Authentication/Actions/ActionInterface.php b/src/Authentication/Actions/ActionInterface.php
index d440044be..73b625b06 100644
--- a/src/Authentication/Actions/ActionInterface.php
+++ b/src/Authentication/Actions/ActionInterface.php
@@ -7,7 +7,6 @@
 use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\Response;
 use CodeIgniter\Shield\Entities\User;
-use CodeIgniter\Shield\Entities\UserIdentity;
 
 /**
  * Interface ActionInterface
@@ -56,9 +55,4 @@ public function getType(): string;
      * @return string secret
      */
     public function createIdentity(User $user): string;
-
-    /**
-     * Returns an identity for the action of the user.
-     */
-    public function getIdentity(User $user): ?UserIdentity;
 }
diff --git a/src/Authentication/Actions/Email2FA.php b/src/Authentication/Actions/Email2FA.php
index e8da2f0b5..0e4ade1c0 100644
--- a/src/Authentication/Actions/Email2FA.php
+++ b/src/Authentication/Actions/Email2FA.php
@@ -147,7 +147,7 @@ public function createIdentity(User $user): string
     /**
      * Returns an identity for the action of the user.
      */
-    public function getIdentity(User $user): ?UserIdentity
+    private function getIdentity(User $user): ?UserIdentity
     {
         /** @var UserIdentityModel $identityModel */
         $identityModel = model(UserIdentityModel::class);
diff --git a/src/Authentication/Actions/EmailActivator.php b/src/Authentication/Actions/EmailActivator.php
index 008e46799..c7a39577e 100644
--- a/src/Authentication/Actions/EmailActivator.php
+++ b/src/Authentication/Actions/EmailActivator.php
@@ -136,7 +136,7 @@ public function createIdentity(User $user): string
     /**
      * Returns an identity for the action of the user.
      */
-    public function getIdentity(User $user): ?UserIdentity
+    private function getIdentity(User $user): ?UserIdentity
     {
         /** @var UserIdentityModel $identityModel */
         $identityModel = model(UserIdentityModel::class);
diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
index 5f7b207bb..70a65e8dd 100644
--- a/src/Authentication/Authenticators/Session.php
+++ b/src/Authentication/Authenticators/Session.php
@@ -441,7 +441,7 @@ private function setAuthAction(): bool
             /** @var ActionInterface $action */
             $action = Factories::actions($actionClass);  // @phpstan-ignore-line
 
-            $identity = $action->getIdentity($this->user);
+            $identity = $this->userIdentityModel->getIdentityByType($this->user, $action->getType());
 
             if ($identity) {
                 $this->userState = self::STATE_PENDING;

From d0006e9dd6036fa350c2cd25c48715d31fb7edea Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 24 Aug 2022 11:00:08 +0900
Subject: [PATCH 089/193] test: add tests for Exception

---
 tests/Unit/EmailActivatorTest.php | 37 +++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 tests/Unit/EmailActivatorTest.php

diff --git a/tests/Unit/EmailActivatorTest.php b/tests/Unit/EmailActivatorTest.php
new file mode 100644
index 000000000..2211b85dc
--- /dev/null
+++ b/tests/Unit/EmailActivatorTest.php
@@ -0,0 +1,37 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Unit;
+
+use CodeIgniter\Shield\Authentication\Actions\EmailActivator;
+use CodeIgniter\Shield\Exceptions\RuntimeException;
+use Config\Services;
+use Tests\Support\TestCase;
+
+/**
+ * @internal
+ */
+final class EmailActivatorTest extends TestCase
+{
+    public function testShowCannotGetPendingLoginUser(): void
+    {
+        $this->expectException(RuntimeException::class);
+        $this->expectExceptionMessage('Cannot get the pending login User');
+
+        $activator = new EmailActivator();
+
+        $activator->show();
+    }
+
+    public function testVerifyCannotGetPendingLoginUser(): void
+    {
+        $this->expectException(RuntimeException::class);
+        $this->expectExceptionMessage('Cannot get the pending login User');
+
+        $activator = new EmailActivator();
+        $request   = Services::incomingrequest(null, false);
+
+        $activator->verify($request);
+    }
+}

From 57551e8ab7bd537fd0de55063e1059ba54777d97 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 24 Aug 2022 16:41:07 +0900
Subject: [PATCH 090/193] docs: improve install.md

---
 docs/install.md | 138 +++++++++++++++++++++++-------------------------
 1 file changed, 67 insertions(+), 71 deletions(-)

diff --git a/docs/install.md b/docs/install.md
index 0854483a9..e42614bb8 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -1,9 +1,9 @@
 # Installation
 
 - [Installation](#installation)
+  - [Requirements](#requirements)
+  - [Composer Installation](#composer-installation)
     - [Troubleshooting](#troubleshooting)
-      - [IMPORTANT: composer error](#important-composer-error)
-      - [Note: migration error](#note-migration-error)
   - [Initial Setup](#initial-setup)
     - [Command Setup](#command-setup)
     - [Manual Setup](#manual-setup)
@@ -12,8 +12,13 @@
 
 These instructions assume that you have already [installed the CodeIgniter 4 app starter](https://codeigniter.com/user_guide/installation/installing_composer.html) as the basis for your new project, set up your `.env` file, and created a database that you can access via the Spark CLI script.
 
-> **Note**
-> CodeIgniter Shield requires Codeigniter v4.2.3 or later.
+## Requirements
+
+- [Composer](https://getcomposer.org)
+- Codeigniter v4.2.3 or later
+- A created database that you can access via the Spark CLI script
+
+## Composer Installation
 
 Installation is done through [Composer](https://getcomposer.org). The example assumes you have it installed globally.
 If you have it installed as a phar, or othewise you will need to adjust the way you call composer itself.
@@ -22,8 +27,6 @@ If you have it installed as a phar, or othewise you will need to adjust the way
 > composer require codeigniter4/shield
 ```
 
----
-
 ### Troubleshooting
 
 #### IMPORTANT: composer error
@@ -37,60 +40,36 @@ If you get the following error:
 
 1. Add the following to change your [minimum-stability](https://getcomposer.org/doc/articles/versions.md#minimum-stability) in your project `composer.json`:
 
-```
-    "minimum-stability": "dev",
-    "prefer-stable": true,
-```
+    ```
+        "minimum-stability": "dev",
+        "prefer-stable": true,
+    ```
 
 2. Or specify an explicit version:
 
-```
-> composer require codeigniter4/shield:dev-develop
-```
-
-The above specifies `develop` branch.
-See https://getcomposer.org/doc/articles/versions.md#branches
-
-```
-> composer require codeigniter4/shield:^1.0.0-beta
-```
-
-The above specifies `v1.0.0-beta` or later and before `v2.0.0`.
-See https://getcomposer.org/doc/articles/versions.md#caret-version-range-
-
----
-
-This requires the [CodeIgniter Settings](https://github.com/codeigniter4/settings) package, which uses a database
-table to store configuration options. As such, you should run the migrations.
-
-```
-> php spark migrate --all
-```
-
----
-
-#### Note: migration error
+    ```
+    > composer require codeigniter4/shield:dev-develop
+    ```
 
-When you run `spark migrate --all`, if you get `Class "SQLite3" not found` error:
+    The above specifies `develop` branch.
+    See https://getcomposer.org/doc/articles/versions.md#branches
 
-1. Remove sample migration files in `tests/_support/Database/Migrations/`
-2. Or install `sqlite3` php extension
+    ```
+    > composer require codeigniter4/shield:^1.0.0-beta
+    ```
 
-If you get `Specified key was too long` error:
-
-1. Use InnoDB, not MyISAM.
-
----
+    The above specifies `v1.0.0-beta` or later and before `v2.0.0`.
+    See https://getcomposer.org/doc/articles/versions.md#caret-version-range-
 
 ## Initial Setup
 
 ### Command Setup
 
-1. Run the following command. This command handles steps 1-4 of *Manual Setup* and runs the migrations.
+1. Run the following command. This command handles steps 1-5 of *Manual Setup* and runs the migrations.
 
-```
-> php spark shield:setup
-```
+    ```
+    > php spark shield:setup
+    ```
 
 ### Manual Setup
 
@@ -99,43 +78,60 @@ your project.
 
 1. Copy the `Auth.php` and  `AuthGroups.php` from `vendor/codeigniter4/shield/src/Config/` into your project's config folder and update the namespace to `Config`. You will also need to have these classes extend the original classes. See the example below. These files contain all of the settings, group, and permission information for your application and will need to be modified to meet the needs of your site.
 
-```php
-// new file - app/Config/Auth.php
-<?php
-
-namespace Config;
+    ```php
+    // new file - app/Config/Auth.php
+    <?php
 
-// ...
-use CodeIgniter\Shield\Config\Auth as ShieldAuth;
+    namespace Config;
 
-class Auth extends ShieldAuth
-{
     // ...
-}
-```
+    use CodeIgniter\Shield\Config\Auth as ShieldAuth;
+
+    class Auth extends ShieldAuth
+    {
+        // ...
+    }
+    ```
 
 2. **Helper Setup** The `setting` helper needs to be included in almost every page. The simplest way to do this is to add it to the `BaseController::initController` method:
 
-```php
-public function initController(RequestInterface $request, ResponseInterface $response, LoggerInterface $logger)
-{
-    $this->helpers = array_merge($this->helpers, ['setting']);
+    ```php
+    public function initController(RequestInterface $request, ResponseInterface $response, LoggerInterface $logger)
+    {
+        $this->helpers = array_merge($this->helpers, ['setting']);
 
-    // Do Not Edit This Line
-    parent::initController($request, $response, $logger);
-}
-```
+        // Do Not Edit This Line
+        parent::initController($request, $response, $logger);
+    }
+    ```
 
-This requires that all of your controllers extend the `BaseController`, but that's a good practice anyway.
+    This requires that all of your controllers extend the `BaseController`, but that's a good practice anyway.
 
 3. **Routes Setup** The default auth routes can be setup with a single call in `app/Config/Routes.php`:
 
-```php
-service('auth')->routes($routes);
-```
+    ```php
+    service('auth')->routes($routes);
+    ```
 
 4. **Security Setup** Set `Config\Security::$csrfProtection` to `'session'` (or set `security.csrfProtection = session` in your `.env` file) for security reasons, if you use Session Authenticator.
 
+5. **Migration** Run the migrations.
+
+    ```
+    > php spark migrate --all
+    ```
+
+    #### Note: migration error
+
+    When you run `spark migrate --all`, if you get `Class "SQLite3" not found` error:
+
+    1. Remove sample migration files in `tests/_support/Database/Migrations/`
+    2. Or install `sqlite3` php extension
+
+    If you get `Specified key was too long` error:
+
+    1. Use InnoDB, not MyISAM.
+
 ## Controller Filters
 
 Shield provides 4 [Controller Filters](https://codeigniter.com/user_guide/incoming/filters.html) you can

From 3763fc65a30b2a86c75c556a96d555624c0be2d7 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 25 Aug 2022 10:24:11 +0900
Subject: [PATCH 091/193] docs: add lang for code block

---
 docs/install.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/install.md b/docs/install.md
index e42614bb8..3e59ee3dc 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -40,21 +40,21 @@ If you get the following error:
 
 1. Add the following to change your [minimum-stability](https://getcomposer.org/doc/articles/versions.md#minimum-stability) in your project `composer.json`:
 
-    ```
+    ```json
         "minimum-stability": "dev",
         "prefer-stable": true,
     ```
 
 2. Or specify an explicit version:
 
-    ```
+    ```console
     > composer require codeigniter4/shield:dev-develop
     ```
 
     The above specifies `develop` branch.
     See https://getcomposer.org/doc/articles/versions.md#branches
 
-    ```
+    ```console
     > composer require codeigniter4/shield:^1.0.0-beta
     ```
 
@@ -67,7 +67,7 @@ If you get the following error:
 
 1. Run the following command. This command handles steps 1-5 of *Manual Setup* and runs the migrations.
 
-    ```
+    ```console
     > php spark shield:setup
     ```
 
@@ -117,7 +117,7 @@ your project.
 
 5. **Migration** Run the migrations.
 
-    ```
+    ```console
     > php spark migrate --all
     ```
 

From 530d6b28435f112f1a826710e388ef2e7279b327 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 25 Aug 2022 10:24:50 +0900
Subject: [PATCH 092/193] docs: make the version stand out

---
 docs/install.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/install.md b/docs/install.md
index 3e59ee3dc..7b6c52002 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -15,7 +15,7 @@ These instructions assume that you have already [installed the CodeIgniter 4 app
 ## Requirements
 
 - [Composer](https://getcomposer.org)
-- Codeigniter v4.2.3 or later
+- Codeigniter **v4.2.3** or later
 - A created database that you can access via the Spark CLI script
 
 ## Composer Installation

From 97fabab25ff9dc1e79a607b5051e68b4077ed7b9 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 25 Aug 2022 11:19:37 +0900
Subject: [PATCH 093/193] docs: update list order

---
 docs/auth_actions.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/auth_actions.md b/docs/auth_actions.md
index 67df90893..3084e056a 100644
--- a/docs/auth_actions.md
+++ b/docs/auth_actions.md
@@ -7,10 +7,10 @@
 Authentication Actions are a way to group actions that can happen after login or registration.
 Shield ships with two actions you can use, and makes it simple for you to define your own.
 
-1. **Email-based Two Factor Authentication** (Email2FA) will send a 6-digit code to the user's
+1. **Email-based Account Activation** (EmailActivate) confirms a new user's email address by
+   sending them an email with a link they must follow in order to have their account activated.
+2. **Email-based Two Factor Authentication** (Email2FA) will send a 6-digit code to the user's
     email address that they must confirm before they can continue.
-2. **Email-based Account Activation** (EmailActivate) confirms a new user's email address by
-    sending them an email with a link they must follow in order to have their account activated.
 
 ## Configuring Actions
 

From 45caf9f366910c798a360fd3aa6e4840c5951bd9 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 25 Aug 2022 11:21:16 +0900
Subject: [PATCH 094/193] config: fix view file order

---
 src/Config/Auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Config/Auth.php b/src/Config/Auth.php
index cf829afbf..5782ed1f0 100644
--- a/src/Config/Auth.php
+++ b/src/Config/Auth.php
@@ -26,8 +26,8 @@ class Auth extends BaseConfig
         'action_email_2fa'            => '\CodeIgniter\Shield\Views\email_2fa_show',
         'action_email_2fa_verify'     => '\CodeIgniter\Shield\Views\email_2fa_verify',
         'action_email_2fa_email'      => '\CodeIgniter\Shield\Views\Email\email_2fa_email',
-        'action_email_activate_email' => '\CodeIgniter\Shield\Views\Email\email_activate_email',
         'action_email_activate_show'  => '\CodeIgniter\Shield\Views\email_activate_show',
+        'action_email_activate_email' => '\CodeIgniter\Shield\Views\Email\email_activate_email',
         'magic-link-login'            => '\CodeIgniter\Shield\Views\magic_link_form',
         'magic-link-message'          => '\CodeIgniter\Shield\Views\magic_link_message',
         'magic-link-email'            => '\CodeIgniter\Shield\Views\Email\magic_link_email',

From 4dfdaa562138488d724912b42d73c372148d3ad6 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 25 Aug 2022 11:22:24 +0900
Subject: [PATCH 095/193] docs: update view file order

---
 docs/auth_actions.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/auth_actions.md b/docs/auth_actions.md
index 3084e056a..8154bd5f0 100644
--- a/docs/auth_actions.md
+++ b/docs/auth_actions.md
@@ -53,8 +53,8 @@ Views for all of these pages are defined in the `Auth` config file, with the `$v
         'action_email_2fa'            => '\CodeIgniter\Shield\Views\email_2fa_show',
         'action_email_2fa_verify'     => '\CodeIgniter\Shield\Views\email_2fa_verify',
         'action_email_2fa_email'      => '\CodeIgniter\Shield\Views\Email\email_2fa_email',
-        'action_email_activate_email' => '\CodeIgniter\Shield\Views\Email\email_activate_email',
         'action_email_activate_show'  => '\CodeIgniter\Shield\Views\email_activate_show',
+        'action_email_activate_email' => '\CodeIgniter\Shield\Views\Email\email_activate_email',
     ];
 ```
 

From a18f55e42e49e4c5660fe0a4e6cfd7ef60fbe56f Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 25 Aug 2022 11:23:29 +0900
Subject: [PATCH 096/193] test: add dot in expectation

---
 tests/Unit/EmailActivatorTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/Unit/EmailActivatorTest.php b/tests/Unit/EmailActivatorTest.php
index 2211b85dc..daa7f79ac 100644
--- a/tests/Unit/EmailActivatorTest.php
+++ b/tests/Unit/EmailActivatorTest.php
@@ -17,7 +17,7 @@ final class EmailActivatorTest extends TestCase
     public function testShowCannotGetPendingLoginUser(): void
     {
         $this->expectException(RuntimeException::class);
-        $this->expectExceptionMessage('Cannot get the pending login User');
+        $this->expectExceptionMessage('Cannot get the pending login User.');
 
         $activator = new EmailActivator();
 
@@ -27,7 +27,7 @@ public function testShowCannotGetPendingLoginUser(): void
     public function testVerifyCannotGetPendingLoginUser(): void
     {
         $this->expectException(RuntimeException::class);
-        $this->expectExceptionMessage('Cannot get the pending login User');
+        $this->expectExceptionMessage('Cannot get the pending login User.');
 
         $activator = new EmailActivator();
         $request   = Services::incomingrequest(null, false);

From b7a9e0c05ee71cb6ff80c5cf861abe0707e08114 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 26 Aug 2022 10:36:25 +0900
Subject: [PATCH 097/193] docs: change section order

regiter -> login -> logout
---
 docs/quickstart.md | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/docs/quickstart.md b/docs/quickstart.md
index b652e03eb..eed556c6d 100644
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -6,8 +6,8 @@ NOTE: The examples assume that you have run the setup script and that you have c
 
 - [Quick Start Guide](#quick-start-guide)
   - [Authentication Flow](#authentication-flow)
-    - [Customize login redirect](#customize-login-redirect)
     - [Customize register redirect](#customize-register-redirect)
+    - [Customize login redirect](#customize-login-redirect)
     - [Customize logout redirect](#customize-logout-redirect)
     - [Customize Remember-me functionality](#customize-remember-me-functionality)
     - [Change Access Token Lifetime](#change-access-token-lifetime)
@@ -42,29 +42,29 @@ public array $redirects = [
 
 NOTE: This redirect happens after the specified action is complete. In the case of register or login, it might not happen immediately. For example, if you have any Auth Actions specified, they will be redirected when those actions are completed successfully. If no Auth Actions are specified, they will be redirected immediately after registration or login.
 
-### Customize login redirect
+### Customize register redirect
 
-You can further customize where a user is redirected to on login with the `loginRedirect` method of the `Auth` config file. This is handy if you want to redirect based on user group or other criteria.
+You can customize where a user is redirected to after registration in the `registerRedirect` method of the `Auth` config file.
 
 ```php
-public function loginRedirect(): string
+public function registerRedirect(): string
 {
-    $url = auth()->user()->inGroup('admin')
-        ? '/admin'
-        : setting('Auth.redirects')['login'];
+    $url = setting('Auth.redirects')['register'];
 
     return $this->getUrl($url);
 }
 ```
 
-### Customize register redirect
+### Customize login redirect
 
-You can customize where a user is redirected to after registration in the `registerRedirect` method of the `Auth` config file.
+You can further customize where a user is redirected to on login with the `loginRedirect` method of the `Auth` config file. This is handy if you want to redirect based on user group or other criteria.
 
 ```php
-public function registerRedirect(): string
+public function loginRedirect(): string
 {
-    $url = setting('Auth.redirects')['register'];
+    $url = auth()->user()->inGroup('admin')
+        ? '/admin'
+        : setting('Auth.redirects')['login'];
 
     return $this->getUrl($url);
 }

From 21af4f0ddb8e26e0c2424ba29b3740c8f2074e7a Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 26 Aug 2022 10:37:04 +0900
Subject: [PATCH 098/193] docs: change section order

Acount Activation -> Two-Factor Authentication
---
 docs/quickstart.md | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/docs/quickstart.md b/docs/quickstart.md
index eed556c6d..44b124690 100644
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -11,8 +11,8 @@ NOTE: The examples assume that you have run the setup script and that you have c
     - [Customize logout redirect](#customize-logout-redirect)
     - [Customize Remember-me functionality](#customize-remember-me-functionality)
     - [Change Access Token Lifetime](#change-access-token-lifetime)
-    - [Enable Two-Factor Authentication](#enable-two-factor-authentication)
     - [Enable Account Activation via Email](#enable-account-activation-via-email)
+    - [Enable Two-Factor Authentication](#enable-two-factor-authentication)
   - [Authorization Flow](#authorization-flow)
     - [Change Available Groups](#change-available-groups)
     - [Set the Default Group](#set-the-default-group)
@@ -104,17 +104,6 @@ By default, Access Tokens can be used for 1 year since the last use. This can be
 public int $unusedTokenLifetime = YEAR;
 ```
 
-### Enable Two-Factor Authentication
-
-Turned off by default, Shield's Email-based 2FA can be enabled by specifying the class to use in the `Auth` config file.
-
-```php
-public array $actions = [
-    'register' => null,
-    'login'    => 'CodeIgniter\Shield\Authentication\Actions\Email2FA',
-];
-```
-
 ### Enable Account Activation via Email
 
 By default, once a user registers they have an active account that can be used. You can enable Shield's built-in, email-based activation flow within the `Auth` config file.
@@ -126,8 +115,16 @@ public array $actions = [
 ];
 ```
 
+### Enable Two-Factor Authentication
 
+Turned off by default, Shield's Email-based 2FA can be enabled by specifying the class to use in the `Auth` config file.
 
+```php
+public array $actions = [
+    'register' => null,
+    'login'    => 'CodeIgniter\Shield\Authentication\Actions\Email2FA',
+];
+```
 
 ## Authorization Flow
 

From b4a9d82da12faad5e7d4182f1bb58f1701abd089 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 26 Aug 2022 10:37:53 +0900
Subject: [PATCH 099/193] docs: remove unneeded empty lines

---
 docs/quickstart.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/docs/quickstart.md b/docs/quickstart.md
index 44b124690..6a223cb5e 100644
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -177,7 +177,6 @@ public array $matrix = [
 ];
 ```
 
-
 ### Assign Permissions to a User
 
 Permissions can also be assigned directly to a user, regardless of what groups they belong to. This is done programatically on the `User` Entity.
@@ -253,8 +252,6 @@ if ($user->inGroup('admin', 'beta')) {
 }
 ```
 
-
-
 ## Managing Users
 
 Shield uses a more complex user setup than many other systems, separating [User Identities](concepts.md#identities) from the user accounts themselves. This quick overview should help you feel more confident when working with users on a day-to-day basis.

From 0d96d730503aa3994f22dc16d1cd051273019362 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 27 Aug 2022 16:00:57 +0330
Subject: [PATCH 100/193] fix: safe date string for correctly record the
 datetime of `last_active`

---
 src/Models/UserModel.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
index 5f3f0389c..3deb23a6e 100644
--- a/src/Models/UserModel.php
+++ b/src/Models/UserModel.php
@@ -326,7 +326,10 @@ protected function saveEmailIdentity(array $data): array
      */
     public function updateActiveDate(User $user): void
     {
-        $this->builder->set('last_active', $user->last_active)
+        // Safe date string for database
+        $last_active = $user->last_active->format('Y-m-d H:i:s');
+
+        $this->builder->set('last_active', $last_active)
             ->where('id', $user->id)
             ->update();
     }

From 20b090bec44d3a9f9822ea1bca72466826688b30 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Tue, 30 Aug 2022 08:10:56 +0900
Subject: [PATCH 101/193] fix: add logic to skip filters if not in HTTP

All filters do not make sense in CLI.
---
 src/Filters/AuthRates.php   | 5 +++++
 src/Filters/ChainAuth.php   | 5 +++++
 src/Filters/SessionAuth.php | 5 +++++
 src/Filters/TokenAuth.php   | 5 +++++
 4 files changed, 20 insertions(+)

diff --git a/src/Filters/AuthRates.php b/src/Filters/AuthRates.php
index 85f93f11f..c9031c98f 100644
--- a/src/Filters/AuthRates.php
+++ b/src/Filters/AuthRates.php
@@ -5,6 +5,7 @@
 namespace CodeIgniter\Shield\Filters;
 
 use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\RedirectResponse;
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\HTTP\Response;
@@ -31,6 +32,10 @@ class AuthRates implements FilterInterface
      */
     public function before(RequestInterface $request, $arguments = null)
     {
+        if (! $request instanceof IncomingRequest) {
+            return;
+        }
+
         $throttler = service('throttler');
 
         // Restrict an IP address to no more than 10 requests
diff --git a/src/Filters/ChainAuth.php b/src/Filters/ChainAuth.php
index d30e0e205..c9c5feca3 100644
--- a/src/Filters/ChainAuth.php
+++ b/src/Filters/ChainAuth.php
@@ -5,6 +5,7 @@
 namespace CodeIgniter\Shield\Filters;
 
 use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\RedirectResponse;
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\HTTP\Response;
@@ -35,6 +36,10 @@ class ChainAuth implements FilterInterface
      */
     public function before(RequestInterface $request, $arguments = null)
     {
+        if (! $request instanceof IncomingRequest) {
+            return;
+        }
+
         helper('settings');
 
         $chain = config('Auth')->authenticationChain;
diff --git a/src/Filters/SessionAuth.php b/src/Filters/SessionAuth.php
index ceed5f611..e518ced19 100644
--- a/src/Filters/SessionAuth.php
+++ b/src/Filters/SessionAuth.php
@@ -5,6 +5,7 @@
 namespace CodeIgniter\Shield\Filters;
 
 use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\RedirectResponse;
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\HTTP\Response;
@@ -34,6 +35,10 @@ class SessionAuth implements FilterInterface
      */
     public function before(RequestInterface $request, $arguments = null)
     {
+        if (! $request instanceof IncomingRequest) {
+            return;
+        }
+
         helper('setting');
 
         /** @var Session $authenticator */
diff --git a/src/Filters/TokenAuth.php b/src/Filters/TokenAuth.php
index 0a446e803..7b03c268b 100644
--- a/src/Filters/TokenAuth.php
+++ b/src/Filters/TokenAuth.php
@@ -5,6 +5,7 @@
 namespace CodeIgniter\Shield\Filters;
 
 use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\RedirectResponse;
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\HTTP\Response;
@@ -34,6 +35,10 @@ class TokenAuth implements FilterInterface
      */
     public function before(RequestInterface $request, $arguments = null)
     {
+        if (! $request instanceof IncomingRequest) {
+            return;
+        }
+
         helper('setting');
 
         /** @var AccessTokens $authenticator */

From 392da4e69bda456e9e2fb144400e1cd947a90ff6 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Tue, 30 Aug 2022 08:32:48 +0900
Subject: [PATCH 102/193] test: add a test

---
 tests/Unit/FilterInCliTest.php | 43 ++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 tests/Unit/FilterInCliTest.php

diff --git a/tests/Unit/FilterInCliTest.php b/tests/Unit/FilterInCliTest.php
new file mode 100644
index 000000000..fc5da2208
--- /dev/null
+++ b/tests/Unit/FilterInCliTest.php
@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Unit;
+
+use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\CLIRequest;
+use CodeIgniter\Shield\Filters\AuthRates;
+use CodeIgniter\Shield\Filters\ChainAuth;
+use CodeIgniter\Shield\Filters\SessionAuth;
+use CodeIgniter\Shield\Filters\TokenAuth;
+use Generator;
+use Tests\Support\TestCase;
+
+/**
+ * @internal
+ */
+final class FilterInCliTest extends TestCase
+{
+    /**
+     * @dataProvider filterProvider
+     */
+    public function testWhenInCliDoNothing(FilterInterface $filter): void
+    {
+        $clirequest = $this->createMock(CLIRequest::class);
+
+        $clirequest->expects($this->never())
+            ->method('getHeaderLine');
+
+        $filter->before($clirequest);
+    }
+
+    public function filterProvider(): Generator
+    {
+        yield from [
+            [new AuthRates()],
+            [new ChainAuth()],
+            [new SessionAuth()],
+            [new TokenAuth()],
+        ];
+    }
+}

From 7498e47fed115ef5726b0ad7a4837a73aa2b4ba7 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 25 Aug 2022 11:04:16 +0900
Subject: [PATCH 103/193] fix: for OCI8 driver

---
 src/Models/LoginModel.php | 2 ++
 src/Models/UserModel.php  | 6 ++----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Models/LoginModel.php b/src/Models/LoginModel.php
index 08bf3011d..b550e90cc 100644
--- a/src/Models/LoginModel.php
+++ b/src/Models/LoginModel.php
@@ -56,6 +56,8 @@ public function recordLoginAttempt(
         ?string $userAgent = null,
         $userId = null
     ): void {
+        $this->disableDBDebug();
+
         $return = $this->insert([
             'ip_address' => $ipAddress,
             'user_agent' => $userAgent,
diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
index 3deb23a6e..b34f87144 100644
--- a/src/Models/UserModel.php
+++ b/src/Models/UserModel.php
@@ -169,18 +169,16 @@ public function findByCredentials(array $credentials): ?User
         $email = $credentials['email'] ?? null;
         unset($credentials['email']);
 
-        $prefix = $this->db->DBPrefix;
-
         // any of the credentials used should be case-insensitive
         foreach ($credentials as $key => $value) {
-            $this->where("LOWER({$prefix}users.{$key})", strtolower($value));
+            $this->where('LOWER(' . $this->db->protectIdentifiers("users.{$key}") . ')', strtolower($value));
         }
 
         if (! empty($email)) {
             $data = $this->select('users.*, auth_identities.secret as email, auth_identities.secret2 as password_hash')
                 ->join('auth_identities', 'auth_identities.user_id = users.id')
                 ->where('auth_identities.type', Session::ID_TYPE_EMAIL_PASSWORD)
-                ->where("LOWER({$prefix}auth_identities.secret)", strtolower($email))
+                ->where('LOWER(' . $this->db->protectIdentifiers('auth_identities.secret') . ')', strtolower($email))
                 ->asArray()
                 ->first();
 

From e9a2336e4b66a17e3a8ef427df489c2d58126057 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 25 Aug 2022 11:36:04 +0900
Subject: [PATCH 104/193] fix: set property cast for AccessToken::$id

---
 src/Entities/AccessToken.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Entities/AccessToken.php b/src/Entities/AccessToken.php
index 1bc0cfab7..b93670bac 100644
--- a/src/Entities/AccessToken.php
+++ b/src/Entities/AccessToken.php
@@ -20,6 +20,7 @@ class AccessToken extends Entity
      * @var array<string, string>
      */
     protected $casts = [
+        'id'           => '?integer',
         'last_used_at' => 'datetime',
         'extra'        => 'array',
         'expires'      => 'datetime',

From 4bd544b2fb1d5f55cdc7f4a62bbef13d476a6522 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 25 Aug 2022 12:02:40 +0900
Subject: [PATCH 105/193] fix: set property cast for UserIdentity::$id

---
 src/Entities/UserIdentity.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Entities/UserIdentity.php b/src/Entities/UserIdentity.php
index 6ddff1c18..011aa524a 100644
--- a/src/Entities/UserIdentity.php
+++ b/src/Entities/UserIdentity.php
@@ -26,6 +26,7 @@ class UserIdentity extends Entity
      * @var array<string, string>
      */
     protected $casts = [
+        'id'          => '?integer',
         'force_reset' => 'int_bool',
     ];
 

From 75c37d0de32937b258156a8819478062111d5f16 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 25 Aug 2022 13:01:47 +0900
Subject: [PATCH 106/193] fix: add hack to insert error with OCI8

Query error: 1400, ORA-01400: cannot insert NULL into ("ORACLE"."db_auth_logins"."identifier"), query: INSERT INTO "db_auth_logins" ("ip_address", "user_agent", "id_type", "identifier", "user_id", "date", "success") VALUES ('0.0.0.0', '', 'email_password', '', NULL, '2022-08-24 22:10:33', 0)
---
 src/Models/LoginModel.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/Models/LoginModel.php b/src/Models/LoginModel.php
index b550e90cc..80185030b 100644
--- a/src/Models/LoginModel.php
+++ b/src/Models/LoginModel.php
@@ -58,6 +58,10 @@ public function recordLoginAttempt(
     ): void {
         $this->disableDBDebug();
 
+        if ($this->db->getPlatform() === 'OCI8' && $identifier === '') {
+            $identifier = ' ';
+        }
+
         $return = $this->insert([
             'ip_address' => $ipAddress,
             'user_agent' => $userAgent,

From 2136183f24809337a33ba0d064511dbee8cb1147 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Tue, 30 Aug 2022 17:51:46 +0900
Subject: [PATCH 107/193] docs: remove incorrect argument

---
 docs/authentication.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/authentication.md b/docs/authentication.md
index 14aa9d362..89b228b2b 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -240,7 +240,7 @@ token, you would need to get the user's access tokens and delete them manually.
 You can revoke all access tokens with the `revokeAllAccessTokens()` method.
 
 ```php
-$user->revokeAllAccessTokens($token);
+$user->revokeAllAccessTokens();
 ```
 
 ### Retrieving Access Tokens

From 463b2c6b255fb637bd776ea62aa4d31f16c28364 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Tue, 2 Aug 2022 15:00:52 +0900
Subject: [PATCH 108/193] chore: add multiple db platforms in GA workflow
 PHPUnit

---
 .github/workflows/phpunit.yml       |  77 ++++++++++++++-
 tests/_support/Config/Registrar.php | 141 ++++++++++++++++++++++++++++
 2 files changed, 215 insertions(+), 3 deletions(-)
 create mode 100644 tests/_support/Config/Registrar.php

diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml
index a19b837a5..eb98ca05f 100644
--- a/.github/workflows/phpunit.yml
+++ b/.github/workflows/phpunit.yml
@@ -20,14 +20,84 @@ on:
 
 jobs:
   main:
-    name: PHP ${{ matrix.php-versions }} Unit Tests
+    name: PHP ${{ matrix.php-versions }} - ${{ matrix.db-platforms }}
     runs-on: ubuntu-latest
     if: "!contains(github.event.head_commit.message, '[ci skip]')"
     strategy:
       matrix:
         php-versions: ['7.4', '8.0', '8.1']
+        db-platforms: ['MySQLi', 'Postgre', 'SQLite3', 'SQLSRV', 'OCI8']
+        mysql-versions: [ '5.7' ]
+        include:
+          - php-versions: '7.4'
+            db-platforms: MySQLi
+            mysql-versions: '8.0'
+
+    services:
+      mysql:
+        image: mysql:${{ matrix.mysql-versions }}
+        env:
+          MYSQL_ALLOW_EMPTY_PASSWORD: yes
+          MYSQL_DATABASE: test
+        ports:
+          - 3306:3306
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: test
+        ports:
+          - 5432:5432
+        options: --health-cmd=pg_isready --health-interval=10s --health-timeout=5s --health-retries=3
+
+      mssql:
+        image: mcr.microsoft.com/mssql/server:2019-CU10-ubuntu-20.04
+        env:
+          SA_PASSWORD: 1Secure*Password1
+          ACCEPT_EULA: Y
+          MSSQL_PID: Developer
+        ports:
+          - 1433:1433
+        options: --health-cmd="/opt/mssql-tools/bin/sqlcmd -S 127.0.0.1 -U sa -P 1Secure*Password1 -Q 'SELECT @@VERSION'" --health-interval=10s --health-timeout=5s --health-retries=3
+
+      oracle:
+        image: quillbuilduser/oracle-18-xe
+        env:
+          ORACLE_ALLOW_REMOTE: true
+        ports:
+          - 1521:1521
+        options: --health-cmd="/opt/oracle/product/18c/dbhomeXE/bin/sqlplus -s sys/Oracle18@oracledbxe/XE as sysdba <<< 'SELECT 1 FROM DUAL'" --health-interval=10s --health-timeout=5s --health-retries=3
 
     steps:
+      - name: Create database for MSSQL Server
+        if: matrix.db-platforms == 'SQLSRV'
+        run: sqlcmd -S 127.0.0.1 -U sa -P 1Secure*Password1 -Q "CREATE DATABASE test"
+
+      - name: Install Oracle InstantClient
+        if: matrix.db-platforms == 'OCI8'
+        run: |
+          sudo apt-get install wget libaio1 alien
+          sudo wget https://download.oracle.com/otn_software/linux/instantclient/185000/oracle-instantclient18.5-basic-18.5.0.0.0-3.x86_64.rpm
+          sudo wget https://download.oracle.com/otn_software/linux/instantclient/185000/oracle-instantclient18.5-devel-18.5.0.0.0-3.x86_64.rpm
+          sudo wget https://download.oracle.com/otn_software/linux/instantclient/185000/oracle-instantclient18.5-sqlplus-18.5.0.0.0-3.x86_64.rpm
+          sudo alien oracle-instantclient18.5-basic-18.5.0.0.0-3.x86_64.rpm
+          sudo alien oracle-instantclient18.5-devel-18.5.0.0.0-3.x86_64.rpm
+          sudo alien oracle-instantclient18.5-sqlplus-18.5.0.0.0-3.x86_64.rpm
+          sudo dpkg -i oracle-instantclient18.5-basic_18.5.0.0.0-4_amd64.deb oracle-instantclient18.5-devel_18.5.0.0.0-4_amd64.deb oracle-instantclient18.5-sqlplus_18.5.0.0.0-4_amd64.deb
+          echo "LD_LIBRARY_PATH=/lib/oracle/18.5/client64/lib/" >> $GITHUB_ENV
+          echo "NLS_LANG=AMERICAN_AMERICA.UTF8" >> $GITHUB_ENV
+          echo "C_INCLUDE_PATH=/usr/include/oracle/18.5/client64" >> $GITHUB_ENV
+          echo 'NLS_DATE_FORMAT=YYYY-MM-DD HH24:MI:SS' >> $GITHUB_ENV
+          echo 'NLS_TIMESTAMP_FORMAT=YYYY-MM-DD HH24:MI:SS' >> $GITHUB_ENV
+          echo 'NLS_TIMESTAMP_TZ_FORMAT=YYYY-MM-DD HH24:MI:SS' >> $GITHUB_ENV
+
+      - name: Create database for Oracle Database
+        if: matrix.db-platforms == 'OCI8'
+        run: echo -e "ALTER SESSION SET CONTAINER = XEPDB1;\nCREATE BIGFILE TABLESPACE \"TEST\" DATAFILE '/opt/oracle/product/18c/dbhomeXE/dbs/TEST' SIZE 10M AUTOEXTEND ON MAXSIZE UNLIMITED SEGMENT SPACE MANAGEMENT AUTO EXTENT MANAGEMENT LOCAL AUTOALLOCATE;\nCREATE USER \"ORACLE\" IDENTIFIED BY \"ORACLE\" DEFAULT TABLESPACE \"TEST\" TEMPORARY TABLESPACE TEMP QUOTA UNLIMITED ON \"TEST\";\nGRANT CONNECT,RESOURCE TO \"ORACLE\";\nexit;" | /lib/oracle/18.5/client64/bin/sqlplus -s sys/Oracle18@localhost:1521/XE as sysdba
+
       - name: Checkout
         uses: actions/checkout@v3
 
@@ -36,7 +106,7 @@ jobs:
         with:
           php-version: ${{ matrix.php-versions }}
           tools: composer, phive, phpunit
-          extensions: intl, json, mbstring, gd, xdebug, xml, sqlite3
+          extensions: intl, json, mbstring, gd, xdebug, xml, sqlite3, sqlsrv, oci8, pgsql
           coverage: xdebug
         env:
           COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -63,6 +133,7 @@ jobs:
       - name: Test with PHPUnit
         run: vendor/bin/phpunit --verbose --coverage-text --testsuite main
         env:
+          DB: ${{ matrix.db-platforms }}
           TERM: xterm-256color
           TACHYCARDIA_MONITOR_GA: enabled
 
@@ -75,7 +146,7 @@ jobs:
         env:
           COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           COVERALLS_PARALLEL: true
-          COVERALLS_FLAG_NAME: PHP ${{ matrix.php-versions }}
+          COVERALLS_FLAG_NAME: PHP ${{ matrix.php-versions }} - ${{ matrix.db-platforms }}
 
   coveralls:
     needs: [main]
diff --git a/tests/_support/Config/Registrar.php b/tests/_support/Config/Registrar.php
new file mode 100644
index 000000000..1ea55dbb0
--- /dev/null
+++ b/tests/_support/Config/Registrar.php
@@ -0,0 +1,141 @@
+<?php
+
+/**
+ * This file is part of CodeIgniter 4 framework.
+ *
+ * (c) CodeIgniter Foundation <admin@codeigniter.com>
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Tests\Support\Config;
+
+/**
+ * Class Registrar
+ *
+ * Provides a basic registrar class for testing BaseConfig registration functions.
+ */
+class Registrar
+{
+    /**
+     * DB config array for testing purposes.
+     *
+     * @var array
+     */
+    protected static $dbConfig = [
+        'MySQLi' => [
+            'DSN'      => '',
+            'hostname' => '127.0.0.1',
+            'username' => 'root',
+            'password' => '',
+            'database' => 'test',
+            'DBDriver' => 'MySQLi',
+            'DBPrefix' => 'db_',
+            'pConnect' => false,
+            'DBDebug'  => (ENVIRONMENT !== 'production'),
+            'charset'  => 'utf8',
+            'DBCollat' => 'utf8_general_ci',
+            'swapPre'  => '',
+            'encrypt'  => false,
+            'compress' => false,
+            'strictOn' => false,
+            'failover' => [],
+            'port'     => 3306,
+        ],
+        'Postgre' => [
+            'DSN'      => '',
+            'hostname' => 'localhost',
+            'username' => 'postgres',
+            'password' => 'postgres',
+            'database' => 'test',
+            'DBDriver' => 'Postgre',
+            'DBPrefix' => 'db_',
+            'pConnect' => false,
+            'DBDebug'  => (ENVIRONMENT !== 'production'),
+            'charset'  => 'utf8',
+            'DBCollat' => 'utf8_general_ci',
+            'swapPre'  => '',
+            'encrypt'  => false,
+            'compress' => false,
+            'strictOn' => false,
+            'failover' => [],
+            'port'     => 5432,
+        ],
+        'SQLite3' => [
+            'DSN'         => '',
+            'hostname'    => 'localhost',
+            'username'    => '',
+            'password'    => '',
+            'database'    => 'database.db',
+            'DBDriver'    => 'SQLite3',
+            'DBPrefix'    => 'db_',
+            'pConnect'    => false,
+            'DBDebug'     => (ENVIRONMENT !== 'production'),
+            'charset'     => 'utf8',
+            'DBCollat'    => 'utf8_general_ci',
+            'swapPre'     => '',
+            'encrypt'     => false,
+            'compress'    => false,
+            'strictOn'    => false,
+            'failover'    => [],
+            'port'        => 3306,
+            'foreignKeys' => true,
+        ],
+        'SQLSRV' => [
+            'DSN'      => '',
+            'hostname' => 'localhost',
+            'username' => 'sa',
+            'password' => '1Secure*Password1',
+            'database' => 'test',
+            'DBDriver' => 'SQLSRV',
+            'DBPrefix' => 'db_',
+            'pConnect' => false,
+            'DBDebug'  => (ENVIRONMENT !== 'production'),
+            'charset'  => 'utf8',
+            'DBCollat' => 'utf8_general_ci',
+            'swapPre'  => '',
+            'encrypt'  => false,
+            'compress' => false,
+            'strictOn' => false,
+            'failover' => [],
+            'port'     => 1433,
+        ],
+        'OCI8' => [
+            'DSN'      => 'localhost:1521/XEPDB1',
+            'hostname' => '',
+            'username' => 'ORACLE',
+            'password' => 'ORACLE',
+            'database' => '',
+            'DBDriver' => 'OCI8',
+            'DBPrefix' => 'db_',
+            'pConnect' => false,
+            'DBDebug'  => (ENVIRONMENT !== 'production'),
+            'charset'  => 'utf8',
+            'DBCollat' => 'utf8_general_ci',
+            'swapPre'  => '',
+            'encrypt'  => false,
+            'compress' => false,
+            'strictOn' => false,
+            'failover' => [],
+        ],
+    ];
+
+    /**
+     * Override database config
+     *
+     * @return array
+     */
+    public static function Database()
+    {
+        $config = [];
+
+        // Under GitHub Actions, we can set an ENV var named 'DB'
+        // so that we can test against multiple databases.
+        if (($group = getenv('DB')) && ! empty(self::$dbConfig[$group])) {
+            $config['tests'] = self::$dbConfig[$group];
+        }
+
+        return $config;
+    }
+}

From b5a7322b18661ffb2e6b8ef107626c5279dc9b79 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 25 Aug 2022 11:03:48 +0900
Subject: [PATCH 109/193] refactor: add declare(strict_types=1)

---
 tests/_support/Config/Registrar.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/_support/Config/Registrar.php b/tests/_support/Config/Registrar.php
index 1ea55dbb0..182a50671 100644
--- a/tests/_support/Config/Registrar.php
+++ b/tests/_support/Config/Registrar.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * This file is part of CodeIgniter 4 framework.
  *

From eb4b24a7b18a1bffced98c986c71be324a04df16 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 31 Aug 2022 15:05:12 +0900
Subject: [PATCH 110/193] docs: add Session Authenticator Event and Logging

---
 docs/events.md                         |  6 ++++
 docs/session_auth_event_and_logging.md | 42 ++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 docs/session_auth_event_and_logging.md

diff --git a/docs/events.md b/docs/events.md
index 4f1f8531b..1d429b960 100644
--- a/docs/events.md
+++ b/docs/events.md
@@ -65,3 +65,9 @@ When the magic link login fails, the following array will be provided:
 #### logout
 
 Fired immediately after a successful logout. The only argument is the `User` entity.
+
+### Event Timing
+
+To learn more about Event timing, please see the list below.
+
+- [Session Authenticator Event and Logging](./session_auth_event_and_logging.md).
diff --git a/docs/session_auth_event_and_logging.md b/docs/session_auth_event_and_logging.md
new file mode 100644
index 000000000..4216c5f23
--- /dev/null
+++ b/docs/session_auth_event_and_logging.md
@@ -0,0 +1,42 @@
+# Session Authenticator Event and Logging
+
+The following is a list of Events and Logging for Session Authenticator.
+
+## Register
+
+- Default Register
+    - Post email/username/password
+        - OK → event `register` and `login`
+        - NG → no event
+- Register with Email Activation
+    1. Post email/username/password
+        - OK → event `register`
+        - NG → no event
+    2. Post token
+        - OK → event `login`
+        - NG → no event
+
+## Login
+
+- Default Login
+    - Post email/password
+        - OK → event `login` / table `auth_logins`
+        - NG → event `failedLogin` / table `auth_logins`
+- Email2FA Login
+    1. Post email/password
+        - OK → no event / table `auth_logins`
+        - NG → event `failedLogin` / table `auth_logins`
+    2. Post token
+        - OK → event `login`
+        - NG → no event
+- Remember-me
+    - Send remember-me cookie w/o session cookie
+        - OK → no event
+        - NG → no event
+- Magic-link
+    1. Post email
+        - OK → no event
+        - NG → no event
+    2. Send request with token
+        - OK → event `login` / table `auth_logins`
+        - NG → event `failedLogin` / table `auth_logins`

From 0faf478d649f7a4f22fe20f83dded44efafbdff9 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 2 Sep 2022 09:19:44 +0900
Subject: [PATCH 111/193] refactor: remove unneeded `isset($config['except']`

To fix PHPStan error:
Error: Offset 'except' on array in isset() always exists and is not nullable.
 ------ --------------------------------------------------------------
  Line   src/Auth.php
 ------ --------------------------------------------------------------
  109    Offset 'except' on array in isset() always exists and is not
         nullable.
 ------ --------------------------------------------------------------
---
 src/Auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Auth.php b/src/Auth.php
index 2a0525eb9..1b063f4ee 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -106,7 +106,7 @@ public function routes(RouteCollection &$routes, array $config = []): void
 
         $routes->group('/', ['namespace' => 'CodeIgniter\Shield\Controllers'], static function (RouteCollection $routes) use ($authRoutes, $config): void {
             foreach ($authRoutes as $name => $row) {
-                if (! isset($config['except']) || (isset($config['except']) && ! in_array($name, $config['except'], true))) {
+                if (! isset($config['except']) || ! in_array($name, $config['except'], true)) {
                     foreach ($row as $params) {
                         $options = isset($params[3])
                             ? ['as' => $params[3]]

From 19993c4f8e9dfd978190f9b31efa996232a69919 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 2 Sep 2022 09:21:12 +0900
Subject: [PATCH 112/193] style: composer cs-fix

---
 src/Config/Auth.php           | 1 +
 src/Entities/Entity.php       | 1 +
 src/Entities/User.php         | 2 ++
 src/Entities/UserIdentity.php | 2 ++
 src/Models/UserModel.php      | 1 +
 src/Result.php                | 1 +
 6 files changed, 8 insertions(+)

diff --git a/src/Config/Auth.php b/src/Config/Auth.php
index 5782ed1f0..448d606e7 100644
--- a/src/Config/Auth.php
+++ b/src/Config/Auth.php
@@ -122,6 +122,7 @@ class Auth extends BaseConfig
      * If no match is found, then the next in the chain will be checked.
      *
      * @var string[]
+     *
      * @phpstan-var list<string>
      */
     public array $authenticationChain = [
diff --git a/src/Entities/Entity.php b/src/Entities/Entity.php
index 5708c8a41..3672285b9 100644
--- a/src/Entities/Entity.php
+++ b/src/Entities/Entity.php
@@ -16,6 +16,7 @@ abstract class Entity extends FrameworkEntity
      * Custom convert handlers
      *
      * @var array<string, string>
+     *
      * @phpstan-var array<string, class-string>
      */
     protected $castHandlers = [
diff --git a/src/Entities/User.php b/src/Entities/User.php
index 44df161e6..fa85958ef 100644
--- a/src/Entities/User.php
+++ b/src/Entities/User.php
@@ -27,7 +27,9 @@ class User extends Entity
 
     /**
      * @var string[]
+     *
      * @phpstan-var list<string>
+     *
      * @psalm-var list<string>
      */
     protected $dates = [
diff --git a/src/Entities/UserIdentity.php b/src/Entities/UserIdentity.php
index 011aa524a..5d659ba6a 100644
--- a/src/Entities/UserIdentity.php
+++ b/src/Entities/UserIdentity.php
@@ -32,7 +32,9 @@ class UserIdentity extends Entity
 
     /**
      * @var string[]
+     *
      * @phpstan-var list<string>
+     *
      * @psalm-var list<string>
      */
     protected $dates = [
diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
index b34f87144..08d053050 100644
--- a/src/Models/UserModel.php
+++ b/src/Models/UserModel.php
@@ -98,6 +98,7 @@ protected function fetchIdentities(array $data): array
      * @param UserIdentity[] $identities
      *
      * @return User[] UserId => User object
+     *
      * @phpstan-return array<int|string, User> UserId => User object
      */
     private function assignIdentities(array $data, array $identities): array
diff --git a/src/Result.php b/src/Result.php
index fa0ce1b37..ba4abdb01 100644
--- a/src/Result.php
+++ b/src/Result.php
@@ -26,6 +26,7 @@ class Result
 
     /**
      * @phpstan-param array{success: bool, reason?: string|null, extraInfo?: string|User} $details
+     *
      * @psalm-param array{success: bool, reason?: string|null, extraInfo?: string|User} $details
      */
     public function __construct(array $details)

From 5b3dedb89b5a4f6fbc57994e2fdfbabcd51577c0 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 1 Sep 2022 10:54:41 +0900
Subject: [PATCH 113/193] chore: update composer scripts

---
 composer.json | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/composer.json b/composer.json
index e87f5f646..fa7c75f8f 100644
--- a/composer.json
+++ b/composer.json
@@ -58,24 +58,25 @@
         "post-update-cmd": [
             "bash admin/setup.sh"
         ],
-        "analyze": "phpstan analyze",
+        "analyze": [
+            "phpstan analyze",
+            "psalm",
+            "rector process --dry-run"
+        ],
+        "sa": "@analyze",
         "ci": [
             "Composer\\Config::disableProcessTimeout",
+            "@cs",
             "@deduplicate",
-            "@sa",
-            "@test",
+            "@analyze",
             "@inspect",
-            "rector process",
-            "@style"
+            "@test"
         ],
-        "deduplicate": "phpcpd app/ src/",
+        "cs": "php-cs-fixer fix --ansi --verbose --dry-run --diff",
+        "cs-fix": "php-cs-fixer fix --ansi --verbose --diff",
+        "deduplicate": "phpcpd app/ src/ --exclude src/Database/Migrations/2020-12-28-223112_create_auth_tables.php",
         "inspect": "deptrac analyze --cache-file=build/deptrac.cache",
         "mutate": "infection --threads=2 --skip-initial-tests --coverage=build/phpunit",
-        "sa": [
-            "phpstan analyze",
-            "psalm"
-        ],
-        "cs-fix": "php-cs-fixer fix --ansi --verbose --diff",
         "style": "@cs-fix",
         "test": "phpunit"
     }

From 3cd6a8cf16da97e9cd29bf977fd6544636469b5e Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 1 Sep 2022 10:56:34 +0900
Subject: [PATCH 114/193] chore: update editorconfig

---
 .editorconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.editorconfig b/.editorconfig
index 9d4b1ef22..7382bb8eb 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -11,5 +11,5 @@ end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
 
-[*.yml]
+[*.{yml,yaml}]
 indent_size = 2

From 6a3f8bd82d49e673d2a7c354780f4fce1f75474a Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 2 Sep 2022 08:54:12 +0900
Subject: [PATCH 115/193] chore: move @inspect before @analyze in "ci"

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index fa7c75f8f..62e0fa6be 100644
--- a/composer.json
+++ b/composer.json
@@ -68,8 +68,8 @@
             "Composer\\Config::disableProcessTimeout",
             "@cs",
             "@deduplicate",
-            "@analyze",
             "@inspect",
+            "@analyze",
             "@test"
         ],
         "cs": "php-cs-fixer fix --ansi --verbose --dry-run --diff",

From 95b02fafff522c59d4890913d62cb6b58d1a3bb5 Mon Sep 17 00:00:00 2001
From: Lonnie Ezell <lonnieje@gmail.com>
Date: Fri, 2 Sep 2022 00:35:36 -0500
Subject: [PATCH 116/193] ApiToken docs and filter update.

---
 docs/guides/api-tokens.md                     | 88 +++++++++++++++++++
 docs/guides/index.md                          |  3 +
 src/Filters/TokenAuth.php                     |  2 +-
 .../Filters/AbstractFilterTest.php            |  3 +
 .../Filters/TokenFilterTest.php               | 23 +++++
 5 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 docs/guides/api-tokens.md
 create mode 100644 docs/guides/index.md

diff --git a/docs/guides/api-tokens.md b/docs/guides/api-tokens.md
new file mode 100644
index 000000000..d8e6ebf7d
--- /dev/null
+++ b/docs/guides/api-tokens.md
@@ -0,0 +1,88 @@
+# API Tokens
+
+Access Tokens can be used to authenticate users for your own site, or when allowing third-party developers to access your API. When making requests using access tokens, the token should be included in the `Authorization` header as a `Bearer` token.
+
+To issue tokens for users, the `UserModel` must use the `CodeIgniter\Shield\Authentication\Traits\HasAccessTokens` trait. The `UserModel` that ships with Shield already uses this trait.
+
+```php
+use CodeIgniter\Shield\Authentication\Traits\HasAccessTokens
+use CodeIgniter\Model;
+
+class UserModel extneds Model
+{
+    use HasAccessTokens;
+}
+```
+
+Tokens are issued with the `generateAccessToken()` method on the user. This returns a `CodeIgniter\Shield\Entities\AccessToken` instance. Tokens are hashed using a SHA-256 algorithm before being saved to the database. The access token returned when you generate it will include a `raw_token` field that contains the plain-text, un-hashed, token. You should display this to your user at once so they have a chance to copy it somewhere safe, as this is the only time this will be available. After this request, there is no way to get the raw token.
+
+The `generateAccessToken` method requires a name for the token. These are free strings and are often used to identify the user/device the token was generated from, like 'Johns MacBook Air'.
+
+```php
+$routes->get('/access/token', static function() {
+    $token = auth()->user()->generateAccessToken(request()->getVar('token_name));
+
+    return ['token' => $token->raw_token];
+});
+```
+
+You can access all of the users' tokens with the `accessTokens()` method on the user.
+
+```php
+$tokens = $user->accessTokens();
+foreach($tokens as $token) {
+    //
+}
+```
+
+## Token Permissions
+
+Access tokens can be given `scopes`, which are basically permission strings, for the token. This is generally not the same as the permission the user has, but is used to specify the permissions on the API itself. If not specified, the token is granted all access to all scopes. This might be enough for a smaller API.
+
+```php
+return $user->generateAccessToken('token-name', ['users-read'])->raw_token;
+```
+
+NOTE: At this time, scope names should avoid using a colon (:) as this causes issues with the route filters being correctly recognized.
+
+When handling incoming requests you can check if the token has been granted access to the scope with the `tokenCan` method.
+
+```php
+if ($user->tokenCan('users-read')) {
+    //
+}
+```
+
+### Revoking Tokens
+
+Tokens can be revoked by deleting them from the database with the `revokeAccessToken($rawToken)` or `revokeAllAccessTokens()` methods.
+
+```php
+$user->revokeAccessToken($rawToken);
+$user->revokeAllAccessTokens();
+```
+
+## Protecting Routes
+
+The first way to specify which routes are protected is to use the `tokens` controller filter.
+
+For example, to ensure it protects all routes under the `/api` route group, you would use the `$filters` setting on `app/Config/Filters.php`.
+
+```php
+public $filters = [
+    'tokens' => ['before' => ['api/*']],
+];
+```
+
+You can also specify the filter should run on one or more routes within the routes file itself:
+
+```php
+$routes->group('api', ['filter' => 'tokens'], function($routes) {
+    //
+});
+$routes->get('users', 'UserController::list', ['filter' => 'tokens:users-read']);
+```
+
+When the filter runs, it checks the `Authorization` header for a `Bearer` value that has the raw token. It then looks hashes the raw token and looks it up in the database. Once found, it can determine the correct user, which will then be available through an `auth()->user()` call.
+
+Note: Currently only a single scope can be used on a route filter. If multiple scopes are passed in, only the first one is checked.
diff --git a/docs/guides/index.md b/docs/guides/index.md
new file mode 100644
index 000000000..5ca573ea4
--- /dev/null
+++ b/docs/guides/index.md
@@ -0,0 +1,3 @@
+# Shield Guides
+
+These guides provide short tutorials on setting up or using different aspects of Shield.
diff --git a/src/Filters/TokenAuth.php b/src/Filters/TokenAuth.php
index 7b03c268b..a877f9064 100644
--- a/src/Filters/TokenAuth.php
+++ b/src/Filters/TokenAuth.php
@@ -48,7 +48,7 @@ public function before(RequestInterface $request, $arguments = null)
             'token' => $request->getHeaderLine(setting('Auth.authenticatorHeader')['tokens'] ?? 'Authorization'),
         ]);
 
-        if (! $result->isOK()) {
+        if (! $result->isOK() || (! empty($arguments) && $result->extraInfo()->tokenCant($arguments[0]))) {
             return redirect()->to('/login');
         }
 
diff --git a/tests/Authentication/Filters/AbstractFilterTest.php b/tests/Authentication/Filters/AbstractFilterTest.php
index f5cd12840..d1321e1b5 100644
--- a/tests/Authentication/Filters/AbstractFilterTest.php
+++ b/tests/Authentication/Filters/AbstractFilterTest.php
@@ -61,6 +61,9 @@ static function ($routes): void {
             echo 'Open';
         });
         $routes->get('login', 'AuthController::login', ['as' => 'login']);
+        $routes->get('protected-user-route', static function (): void {
+            echo 'Protected';
+        }, ['filter' => $this->alias . ':users-read']);
 
         Services::injectMock('routes', $routes);
     }
diff --git a/tests/Authentication/Filters/TokenFilterTest.php b/tests/Authentication/Filters/TokenFilterTest.php
index 0f001869d..a7cc8080b 100644
--- a/tests/Authentication/Filters/TokenFilterTest.php
+++ b/tests/Authentication/Filters/TokenFilterTest.php
@@ -63,4 +63,27 @@ public function testRecordActiveDate(): void
         // Last Active should be greater than 'updated_at' column
         $this->assertGreaterThan(auth('tokens')->user()->updated_at, auth('tokens')->user()->last_active);
     }
+
+    public function testFiltersProtectsWithScopes(): void
+    {
+        /** @var User $user1 */
+        $user1  = fake(UserModel::class);
+        $token1 = $user1->generateAccessToken('foo', ['users-read']);
+        /** @var User $user2 */
+        $user2  = fake(UserModel::class);
+        $token2 = $user2->generateAccessToken('foo', ['users-write']);
+
+        // User 1 should be able to access the route
+        $this->withHeaders(['Authorization' => 'Bearer ' . $token1->raw_token])
+            ->get('protected-user-route');
+
+        // Last Active should be greater than 'updated_at' column
+        $this->assertGreaterThan(auth('tokens')->user()->updated_at, auth('tokens')->user()->last_active);
+
+        // User 2 should NOT be able to access the route
+        $result = $this->withHeaders(['Authorization' => 'Bearer ' . $token2->raw_token])
+            ->get('protected-user-route');
+
+        $result->assertRedirectTo('/login');
+    }
 }

From fb0f387679651f0624f705449b3fbf32730c9b62 Mon Sep 17 00:00:00 2001
From: Lonnie Ezell <lonnieje@gmail.com>
Date: Fri, 2 Sep 2022 00:41:39 -0500
Subject: [PATCH 117/193] Update doc title and links

---
 docs/guides/api-tokens.md | 2 +-
 docs/guides/index.md      | 3 ---
 docs/index.md             | 3 +++
 3 files changed, 4 insertions(+), 4 deletions(-)
 delete mode 100644 docs/guides/index.md

diff --git a/docs/guides/api-tokens.md b/docs/guides/api-tokens.md
index d8e6ebf7d..5e522444e 100644
--- a/docs/guides/api-tokens.md
+++ b/docs/guides/api-tokens.md
@@ -1,4 +1,4 @@
-# API Tokens
+# Protecting an API with Access Tokens
 
 Access Tokens can be used to authenticate users for your own site, or when allowing third-party developers to access your API. When making requests using access tokens, the token should be included in the `Authorization` header as a `Bearer` token.
 
diff --git a/docs/guides/index.md b/docs/guides/index.md
deleted file mode 100644
index 5ca573ea4..000000000
--- a/docs/guides/index.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Shield Guides
-
-These guides provide short tutorials on setting up or using different aspects of Shield.
diff --git a/docs/index.md b/docs/index.md
index 9cce2cdee..0b26e25c4 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -9,3 +9,6 @@
 * [Events](events.md)
 * [Testing](testing.md)
 * [Customization](customization.md)
+
+Guides:
+* [Protecting an API with Access Tokens](guides/api-tokens.md)

From 0e2bb6e99f066dec34f72b01ad161f4fe7a53d5f Mon Sep 17 00:00:00 2001
From: Arif RH <arifrahmanhakim.net@gmail.com>
Date: Mon, 5 Sep 2022 19:37:44 +0700
Subject: [PATCH 118/193] quickstart - managing users

---
 docs/quickstart.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/quickstart.md b/docs/quickstart.md
index 6a223cb5e..e29b457e7 100644
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -254,8 +254,7 @@ if ($user->inGroup('admin', 'beta')) {
 
 ## Managing Users
 
-Shield uses a more complex user setup than many other systems, separating [User Identities](concepts.md#identities) from the user accounts themselves. This quick overview should help you feel more confident when working with users on a day-to-day basis.
-Since Shield uses a more complex user setup than many other systems, due to the [User Identities](concepts.md#user-identities), this quick overview should help you feel more confident when working with users on a day-to-day basis.
+Since Shield uses a more complex user setup than many other systems, separating [User Identities](concepts.md#user-identities) from the user accounts themselves. This quick overview should help you feel more confident when working with users on a day-to-day basis.
 
 ### Creating Users
 

From 77adfcdc116c8d5a0e78ec25e3531cc08b4da64c Mon Sep 17 00:00:00 2001
From: Arif RH <arifrahmanhakim.net@gmail.com>
Date: Mon, 5 Sep 2022 19:43:50 +0700
Subject: [PATCH 119/193] authentication - check

---
 docs/authentication.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/authentication.md b/docs/authentication.md
index 89b228b2b..3fdffe352 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -146,11 +146,11 @@ $credentials = [
 $validCreds = auth()->check($credentials);
 
 if (! $validCreds->isOK()) {
-    return redirect()->back()->with('error', $loginAttempt->reason());
+    return redirect()->back()->with('error', $validCreds->reason());
 }
 ```
 
-The Result instance returned contains the logged in user as `extraInfo()`.
+The Result instance returned contains the valid user as `extraInfo()`.
 
 ### loggedIn()
 

From b37ce685f9f1be07d7509ff4978ab1ea036e5dc1 Mon Sep 17 00:00:00 2001
From: Lonnie Ezell <lonnieje@gmail.com>
Date: Tue, 6 Sep 2022 22:30:11 -0500
Subject: [PATCH 120/193] Apply suggestions from code review

Co-authored-by: MGatner <mgatner@icloud.com>
---
 docs/guides/api-tokens.md | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/docs/guides/api-tokens.md b/docs/guides/api-tokens.md
index 5e522444e..ade3fa231 100644
--- a/docs/guides/api-tokens.md
+++ b/docs/guides/api-tokens.md
@@ -2,18 +2,6 @@
 
 Access Tokens can be used to authenticate users for your own site, or when allowing third-party developers to access your API. When making requests using access tokens, the token should be included in the `Authorization` header as a `Bearer` token.
 
-To issue tokens for users, the `UserModel` must use the `CodeIgniter\Shield\Authentication\Traits\HasAccessTokens` trait. The `UserModel` that ships with Shield already uses this trait.
-
-```php
-use CodeIgniter\Shield\Authentication\Traits\HasAccessTokens
-use CodeIgniter\Model;
-
-class UserModel extneds Model
-{
-    use HasAccessTokens;
-}
-```
-
 Tokens are issued with the `generateAccessToken()` method on the user. This returns a `CodeIgniter\Shield\Entities\AccessToken` instance. Tokens are hashed using a SHA-256 algorithm before being saved to the database. The access token returned when you generate it will include a `raw_token` field that contains the plain-text, un-hashed, token. You should display this to your user at once so they have a chance to copy it somewhere safe, as this is the only time this will be available. After this request, there is no way to get the raw token.
 
 The `generateAccessToken` method requires a name for the token. These are free strings and are often used to identify the user/device the token was generated from, like 'Johns MacBook Air'.
@@ -22,11 +10,11 @@ The `generateAccessToken` method requires a name for the token. These are free s
 $routes->get('/access/token', static function() {
     $token = auth()->user()->generateAccessToken(request()->getVar('token_name));
 
-    return ['token' => $token->raw_token];
+    return json_encode(['token' => $token->raw_token]);
 });
 ```
 
-You can access all of the users' tokens with the `accessTokens()` method on the user.
+You can access all of the user's tokens with the `accessTokens()` method on that user.
 
 ```php
 $tokens = $user->accessTokens();
@@ -83,6 +71,6 @@ $routes->group('api', ['filter' => 'tokens'], function($routes) {
 $routes->get('users', 'UserController::list', ['filter' => 'tokens:users-read']);
 ```
 
-When the filter runs, it checks the `Authorization` header for a `Bearer` value that has the raw token. It then looks hashes the raw token and looks it up in the database. Once found, it can determine the correct user, which will then be available through an `auth()->user()` call.
+When the filter runs, it checks the `Authorization` header for a `Bearer` value that has the raw token. It then hashes the raw token and looks it up in the database. Once found, it can determine the correct user, which will then be available through an `auth()->user()` call.
 
 Note: Currently only a single scope can be used on a route filter. If multiple scopes are passed in, only the first one is checked.

From c42282a087e790e404570b4836b5a135d7c6c6bc Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 7 Sep 2022 16:13:26 +0900
Subject: [PATCH 121/193] refactor: fix phpstan errors

---
 src/Authentication/Authenticators/AccessTokens.php | 2 ++
 src/Entities/AccessToken.php                       | 3 +++
 src/Entities/User.php                              | 4 ++++
 src/Entities/UserIdentity.php                      | 3 +++
 src/Models/UserModel.php                           | 3 +++
 tests/Controllers/LoginTest.php                    | 2 ++
 6 files changed, 17 insertions(+)

diff --git a/src/Authentication/Authenticators/AccessTokens.php b/src/Authentication/Authenticators/AccessTokens.php
index 762e21fe6..973e6197c 100644
--- a/src/Authentication/Authenticators/AccessTokens.php
+++ b/src/Authentication/Authenticators/AccessTokens.php
@@ -115,6 +115,8 @@ public function check(array $credentials): Result
             ]);
         }
 
+        assert($token->last_used_at instanceof Time || $token->last_used_at === null);
+
         // Hasn't been used in a long time
         if (
             $token->last_used_at
diff --git a/src/Entities/AccessToken.php b/src/Entities/AccessToken.php
index b93670bac..efdfe9f6a 100644
--- a/src/Entities/AccessToken.php
+++ b/src/Entities/AccessToken.php
@@ -5,12 +5,15 @@
 namespace CodeIgniter\Shield\Entities;
 
 use CodeIgniter\Entity\Entity;
+use CodeIgniter\I18n\Time;
 
 /**
  * Class AccessToken
  *
  * Represents a single Personal Access Token, used
  * for authenticating users for an API.
+ *
+ * @property Time|null $last_used_at
  */
 class AccessToken extends Entity
 {
diff --git a/src/Entities/User.php b/src/Entities/User.php
index fa85958ef..6578de4a8 100644
--- a/src/Entities/User.php
+++ b/src/Entities/User.php
@@ -5,12 +5,16 @@
 namespace CodeIgniter\Shield\Entities;
 
 use CodeIgniter\Database\Exceptions\DataException;
+use CodeIgniter\I18n\Time;
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
 use CodeIgniter\Shield\Authentication\Traits\HasAccessTokens;
 use CodeIgniter\Shield\Authorization\Traits\Authorizable;
 use CodeIgniter\Shield\Models\LoginModel;
 use CodeIgniter\Shield\Models\UserIdentityModel;
 
+/**
+ * @property Time|null $last_active
+ */
 class User extends Entity
 {
     use Authorizable;
diff --git a/src/Entities/UserIdentity.php b/src/Entities/UserIdentity.php
index 5d659ba6a..541ab26dc 100644
--- a/src/Entities/UserIdentity.php
+++ b/src/Entities/UserIdentity.php
@@ -4,6 +4,7 @@
 
 namespace CodeIgniter\Shield\Entities;
 
+use CodeIgniter\I18n\Time;
 use CodeIgniter\Shield\Authentication\Passwords;
 
 /**
@@ -19,6 +20,8 @@
  * OAUTH or JWT tokens, etc. A user can have multiple of each,
  * though a Authenticator may want to enforce only one exists for that
  * user, like a password.
+ *
+ * @property Time|null $last_used_at
  */
 class UserIdentity extends Entity
 {
diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
index 08d053050..74167b356 100644
--- a/src/Models/UserModel.php
+++ b/src/Models/UserModel.php
@@ -5,6 +5,7 @@
 namespace CodeIgniter\Shield\Models;
 
 use CodeIgniter\Database\Exceptions\DataException;
+use CodeIgniter\I18n\Time;
 use CodeIgniter\Model;
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
 use CodeIgniter\Shield\Entities\User;
@@ -325,6 +326,8 @@ protected function saveEmailIdentity(array $data): array
      */
     public function updateActiveDate(User $user): void
     {
+        assert($user->last_active instanceof Time);
+
         // Safe date string for database
         $last_active = $user->last_active->format('Y-m-d H:i:s');
 
diff --git a/tests/Controllers/LoginTest.php b/tests/Controllers/LoginTest.php
index e56392ed1..429bfae52 100644
--- a/tests/Controllers/LoginTest.php
+++ b/tests/Controllers/LoginTest.php
@@ -89,6 +89,7 @@ public function testLoginActionEmailSuccess(): void
         ]);
         // Last Used date should have been set
         $identity = $this->user->getEmailIdentity();
+        $this->assertInstanceOf(Time::class, $identity->last_used_at);
         $this->assertSame(Time::now()->getTimestamp(), $identity->last_used_at->getTimestamp());
 
         // Session should have `logged_in` value with user's id
@@ -151,6 +152,7 @@ public function testLoginActionUsernameSuccess(): void
         ]);
         // Last Used date should have been set
         $identity = $this->user->getEmailIdentity();
+        $this->assertInstanceOf(Time::class, $identity->last_used_at);
         $this->assertSame(Time::now()->getTimestamp(), $identity->last_used_at->getTimestamp());
 
         // Session should have `logged_in` value with user's id

From 88a3bc033f4368875af6d643e1377e03f1a08290 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 7 Sep 2022 16:17:37 +0900
Subject: [PATCH 122/193] docs: add @property to User

To fix psalm errors.
---
 src/Entities/User.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Entities/User.php b/src/Entities/User.php
index 6578de4a8..3b4d53eeb 100644
--- a/src/Entities/User.php
+++ b/src/Entities/User.php
@@ -13,7 +13,11 @@
 use CodeIgniter\Shield\Models\UserIdentityModel;
 
 /**
- * @property Time|null $last_active
+ * @property string|null         $email
+ * @property UserIdentity[]|null $identities
+ * @property Time|null           $last_active
+ * @property string|null         $password
+ * @property string|null         $password_hash
  */
 class User extends Entity
 {

From 144aa32bb4eda62e77ba60b5f80bb8ebeccd4406 Mon Sep 17 00:00:00 2001
From: Lonnie Ezell <lonnieje@gmail.com>
Date: Wed, 7 Sep 2022 08:21:09 -0500
Subject: [PATCH 123/193] Apply suggestions from code review

Co-authored-by: kenjis <kenji.uui@gmail.com>
---
 docs/guides/api-tokens.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/docs/guides/api-tokens.md b/docs/guides/api-tokens.md
index ade3fa231..183470ac5 100644
--- a/docs/guides/api-tokens.md
+++ b/docs/guides/api-tokens.md
@@ -4,7 +4,7 @@ Access Tokens can be used to authenticate users for your own site, or when allow
 
 Tokens are issued with the `generateAccessToken()` method on the user. This returns a `CodeIgniter\Shield\Entities\AccessToken` instance. Tokens are hashed using a SHA-256 algorithm before being saved to the database. The access token returned when you generate it will include a `raw_token` field that contains the plain-text, un-hashed, token. You should display this to your user at once so they have a chance to copy it somewhere safe, as this is the only time this will be available. After this request, there is no way to get the raw token.
 
-The `generateAccessToken` method requires a name for the token. These are free strings and are often used to identify the user/device the token was generated from, like 'Johns MacBook Air'.
+The `generateAccessToken()` method requires a name for the token. These are free strings and are often used to identify the user/device the token was generated from, like 'Johns MacBook Air'.
 
 ```php
 $routes->get('/access/token', static function() {
@@ -31,9 +31,10 @@ Access tokens can be given `scopes`, which are basically permission strings, for
 return $user->generateAccessToken('token-name', ['users-read'])->raw_token;
 ```
 
-NOTE: At this time, scope names should avoid using a colon (:) as this causes issues with the route filters being correctly recognized.
+> **Note**
+> At this time, scope names should avoid using a colon (`:`) as this causes issues with the route filters being correctly recognized.
 
-When handling incoming requests you can check if the token has been granted access to the scope with the `tokenCan` method.
+When handling incoming requests you can check if the token has been granted access to the scope with the `tokenCan()` method.
 
 ```php
 if ($user->tokenCan('users-read')) {
@@ -73,4 +74,5 @@ $routes->get('users', 'UserController::list', ['filter' => 'tokens:users-read'])
 
 When the filter runs, it checks the `Authorization` header for a `Bearer` value that has the raw token. It then hashes the raw token and looks it up in the database. Once found, it can determine the correct user, which will then be available through an `auth()->user()` call.
 
-Note: Currently only a single scope can be used on a route filter. If multiple scopes are passed in, only the first one is checked.
+> **Note**
+> Currently only a single scope can be used on a route filter. If multiple scopes are passed in, only the first one is checked.

From 5197679e1237e13f46502d6e8ae62b714071dc2a Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 8 Sep 2022 08:50:01 +0900
Subject: [PATCH 124/193] docs: add CONTRIBUTING.md

---
 CONTRIBUTING.md | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 CONTRIBUTING.md

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 000000000..7820fbf89
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,10 @@
+# Contributing to CodeIgniter4
+
+CodeIgniter is a community driven project and accepts contributions of
+code and documentation from the community.
+
+If you'd like to contribute, please read the [Contributing to CodeIgniter](https://github.com/codeigniter4/CodeIgniter4/blob/develop/contributing/README.md)
+in the [main repository](https://github.com/codeigniter4/CodeIgniter4).
+
+If you are going to contribute to this repository, please report bugs or send PRs
+to this repository instead of the main repository.

From 2ceeea4ce278d38ec227cfce47f94a7158402526 Mon Sep 17 00:00:00 2001
From: Arif RH <arifrahmanhakim.net@gmail.com>
Date: Thu, 8 Sep 2022 07:19:10 +0700
Subject: [PATCH 125/193] fix sensible check on isNotPersonal

---
 .../Passwords/NothingPersonalValidator.php    |  4 +--
 tests/Unit/NothingPersonalValidatorTest.php   | 28 +++++++++++++++++++
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/src/Authentication/Passwords/NothingPersonalValidator.php b/src/Authentication/Passwords/NothingPersonalValidator.php
index c46b5a731..99c80c0f0 100644
--- a/src/Authentication/Passwords/NothingPersonalValidator.php
+++ b/src/Authentication/Passwords/NothingPersonalValidator.php
@@ -114,12 +114,12 @@ protected function isNotPersonal(string $password, ?User $user): bool
             $haystacks = $this->strip_explode($password);
 
             foreach ($haystacks as $haystack) {
-                if (empty($haystack) || in_array($haystack, $trivial, true)) {
+                if (empty($haystack) || in_array($haystack, $trivial, true) || mb_strlen($haystack, 'UTF-8') < 3) {
                     continue;  //ignore trivial words
                 }
 
                 foreach ($needles as $needle) {
-                    if (empty($needle) || in_array($needle, $trivial, true)) {
+                    if (empty($needle) || in_array($needle, $trivial, true)|| mb_strlen($needle, 'UTF-8') < 3) {
                         continue;
                     }
 
diff --git a/tests/Unit/NothingPersonalValidatorTest.php b/tests/Unit/NothingPersonalValidatorTest.php
index cbc6f80ce..e2d9a4896 100644
--- a/tests/Unit/NothingPersonalValidatorTest.php
+++ b/tests/Unit/NothingPersonalValidatorTest.php
@@ -119,6 +119,34 @@ public function testTrueWhenNoUsername(): void
         $this->assertTrue($result->isOK());
     }
 
+    public function testTrueForAllowedTooSmallMatch(): Void
+    {
+        $user = new User([
+            'email'    => 'xxx@example.com',
+            'username' => 'john doe',
+        ]);
+
+        $password = 'xx-test@123';
+
+        $result = $this->validator->check($password, $user);
+
+        $this->assertTrue($result->isOK());
+    }
+
+    public function testFalseForSensibleMatch(): Void
+    {
+        $user = new User([
+            'email'    => 'xxx@example.com',
+            'username' => 'john doe',
+        ]);
+
+        $password = 'xxx-test@123';
+
+        $result = $this->validator->check($password, $user);
+
+        $this->assertFalse($result->isOK());
+    }
+
     /**
      * The dataProvider is a list of passwords to be tested.
      * Some of them clearly contain elements of the username.

From 8cf98aad260d84eab0a4cbd7acb46d10adc46c2d Mon Sep 17 00:00:00 2001
From: Arif RH <arifrahmanhakim.net@gmail.com>
Date: Thu, 8 Sep 2022 07:37:06 +0700
Subject: [PATCH 126/193] cs fix

---
 tests/Unit/NothingPersonalValidatorTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/Unit/NothingPersonalValidatorTest.php b/tests/Unit/NothingPersonalValidatorTest.php
index e2d9a4896..37c5d1bf5 100644
--- a/tests/Unit/NothingPersonalValidatorTest.php
+++ b/tests/Unit/NothingPersonalValidatorTest.php
@@ -119,7 +119,7 @@ public function testTrueWhenNoUsername(): void
         $this->assertTrue($result->isOK());
     }
 
-    public function testTrueForAllowedTooSmallMatch(): Void
+    public function testTrueForAllowedTooSmallMatch(): void
     {
         $user = new User([
             'email'    => 'xxx@example.com',
@@ -133,7 +133,7 @@ public function testTrueForAllowedTooSmallMatch(): Void
         $this->assertTrue($result->isOK());
     }
 
-    public function testFalseForSensibleMatch(): Void
+    public function testFalseForSensibleMatch(): void
     {
         $user = new User([
             'email'    => 'xxx@example.com',

From b1da54148d952d4110888981e7d1899e334ef4f7 Mon Sep 17 00:00:00 2001
From: Arif RH <arifrahmanhakim.net@gmail.com>
Date: Thu, 8 Sep 2022 08:01:29 +0700
Subject: [PATCH 127/193] missing cs-fix

---
 src/Authentication/Passwords/NothingPersonalValidator.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Authentication/Passwords/NothingPersonalValidator.php b/src/Authentication/Passwords/NothingPersonalValidator.php
index 99c80c0f0..b82d2dfb6 100644
--- a/src/Authentication/Passwords/NothingPersonalValidator.php
+++ b/src/Authentication/Passwords/NothingPersonalValidator.php
@@ -119,7 +119,7 @@ protected function isNotPersonal(string $password, ?User $user): bool
                 }
 
                 foreach ($needles as $needle) {
-                    if (empty($needle) || in_array($needle, $trivial, true)|| mb_strlen($needle, 'UTF-8') < 3) {
+                    if (empty($needle) || in_array($needle, $trivial, true) || mb_strlen($needle, 'UTF-8') < 3) {
                         continue;
                     }
 

From 113312f2a5fd9252b1a12cc50cc3c37a9c319e7a Mon Sep 17 00:00:00 2001
From: MGatner <mgatner@icloud.com>
Date: Thu, 8 Sep 2022 06:05:57 -0400
Subject: [PATCH 128/193] Update docs/guides/api-tokens.md

---
 docs/guides/api-tokens.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/api-tokens.md b/docs/guides/api-tokens.md
index 183470ac5..7575ed804 100644
--- a/docs/guides/api-tokens.md
+++ b/docs/guides/api-tokens.md
@@ -8,7 +8,7 @@ The `generateAccessToken()` method requires a name for the token. These are free
 
 ```php
 $routes->get('/access/token', static function() {
-    $token = auth()->user()->generateAccessToken(request()->getVar('token_name));
+    $token = auth()->user()->generateAccessToken(service('request')->getVar('token_name));
 
     return json_encode(['token' => $token->raw_token]);
 });

From 217df344039a5a49940038468d66420b2529e369 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Thu, 8 Sep 2022 20:21:19 +0900
Subject: [PATCH 129/193] docs: fix by proofreading

Co-authored-by: MGatner <mgatner@icloud.com>
---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 7820fbf89..b712dd69f 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -3,7 +3,7 @@
 CodeIgniter is a community driven project and accepts contributions of
 code and documentation from the community.
 
-If you'd like to contribute, please read the [Contributing to CodeIgniter](https://github.com/codeigniter4/CodeIgniter4/blob/develop/contributing/README.md)
+If you'd like to contribute, please read [Contributing to CodeIgniter](https://github.com/codeigniter4/CodeIgniter4/blob/develop/contributing/README.md)
 in the [main repository](https://github.com/codeigniter4/CodeIgniter4).
 
 If you are going to contribute to this repository, please report bugs or send PRs

From 117a856abd9875a02d9bb86853237f9205f7d804 Mon Sep 17 00:00:00 2001
From: Arif RH <arifrahmanhakim.net@gmail.com>
Date: Thu, 8 Sep 2022 18:34:32 +0700
Subject: [PATCH 130/193] Update
 src/Authentication/Passwords/NothingPersonalValidator.php

Co-authored-by: kenjis <kenji.uui@gmail.com>
---
 src/Authentication/Passwords/NothingPersonalValidator.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Authentication/Passwords/NothingPersonalValidator.php b/src/Authentication/Passwords/NothingPersonalValidator.php
index b82d2dfb6..6a4102e6b 100644
--- a/src/Authentication/Passwords/NothingPersonalValidator.php
+++ b/src/Authentication/Passwords/NothingPersonalValidator.php
@@ -115,7 +115,7 @@ protected function isNotPersonal(string $password, ?User $user): bool
 
             foreach ($haystacks as $haystack) {
                 if (empty($haystack) || in_array($haystack, $trivial, true) || mb_strlen($haystack, 'UTF-8') < 3) {
-                    continue;  //ignore trivial words
+                    continue;  // ignore trivial words
                 }
 
                 foreach ($needles as $needle) {

From 3baba492904394777c31445f5d208fcc9654bdbf Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 9 Sep 2022 17:21:53 +0900
Subject: [PATCH 131/193] docs: fix title

---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index b712dd69f..1685e84ca 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,4 +1,4 @@
-# Contributing to CodeIgniter4
+# Contributing to CodeIgniter Shield
 
 CodeIgniter is a community driven project and accepts contributions of
 code and documentation from the community.

From f6b982aa7ec9882ef7620c424c5c28c28e68beb2 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 9 Sep 2022 17:22:24 +0900
Subject: [PATCH 132/193] docs: add links

---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 1685e84ca..c5af6e27f 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -6,5 +6,5 @@ code and documentation from the community.
 If you'd like to contribute, please read [Contributing to CodeIgniter](https://github.com/codeigniter4/CodeIgniter4/blob/develop/contributing/README.md)
 in the [main repository](https://github.com/codeigniter4/CodeIgniter4).
 
-If you are going to contribute to this repository, please report bugs or send PRs
+If you are going to contribute to this repository, please [report bugs](https://github.com/codeigniter4/shield/issues/new?assignees=&labels=bug&template=bug_report.yml&title=Bug%3A+) or [send PRs](https://github.com/codeigniter4/shield/compare)
 to this repository instead of the main repository.

From 6b112c49b33041c4ba91e4f97bc95c0e7940fb8e Mon Sep 17 00:00:00 2001
From: Lonnie Ezell <lonnieje@gmail.com>
Date: Tue, 30 Aug 2022 23:25:42 -0500
Subject: [PATCH 133/193] feat: notify devs when user has used magic link
 login.

---
 docs/quickstart.md                      | 19 +++++++++++++++++++
 src/Controllers/MagicLinkController.php |  4 ++++
 tests/Authentication/MagicLinkTest.php  |  7 +++++++
 3 files changed, 30 insertions(+)

diff --git a/docs/quickstart.md b/docs/quickstart.md
index e29b457e7..2c7bbe78b 100644
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -13,6 +13,7 @@ NOTE: The examples assume that you have run the setup script and that you have c
     - [Change Access Token Lifetime](#change-access-token-lifetime)
     - [Enable Account Activation via Email](#enable-account-activation-via-email)
     - [Enable Two-Factor Authentication](#enable-two-factor-authentication)
+    - [Responding to Magic Link Logins](#responding-to-magic-link-logins)
   - [Authorization Flow](#authorization-flow)
     - [Change Available Groups](#change-available-groups)
     - [Set the Default Group](#set-the-default-group)
@@ -126,6 +127,24 @@ public array $actions = [
 ];
 ```
 
+### Responding to Magic Link Logins
+
+Magic Link logins allow a user that has forgotten their password that have an email sent with a unique login link that will provide a one-time login for them. Once they've logged in you can decide how to respond. In some cases, you might want to redirect them to a special page where the must choose a new password. In other cases, you might simply want to display a one-time message prompting them to go to their account page and choose a new password there.
+
+You can detect if a user has finished the magic link login by checking for a session value, `magic_link_login`. If they have recently completed the flow, it will exist and have a value of `true`.
+
+```php
+if (session('magic_link_login')) {
+    return redirect()->route('set_password');
+}
+```
+
+This value sticks around in the session for 5 minutes. Once you no longer need to take any actions, you might want to delete the value from the session.
+
+```php
+session()->removeTempData('magic_link_login');
+```
+
 ## Authorization Flow
 
 ### Change Available Groups
diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index ed9a74b9f..7c35de4a1 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -163,6 +163,10 @@ public function verify(): RedirectResponse
 
         $this->recordLoginAttempt($identifier, true, $user->id);
 
+        // Give the developer a way to know the user
+        // logged in via a magic link.
+        session()->setTempdata('magic_link_login', true);
+
         // Get our login redirect url
         return redirect()->to(config('Auth')->loginRedirect());
     }
diff --git a/tests/Authentication/MagicLinkTest.php b/tests/Authentication/MagicLinkTest.php
index 1920b4d5b..176260b38 100644
--- a/tests/Authentication/MagicLinkTest.php
+++ b/tests/Authentication/MagicLinkTest.php
@@ -114,6 +114,9 @@ public function testMagicLinkVerifyExpired(): void
 
         $result->assertRedirectTo(route_to('magic-link'));
         $result->assertSessionHas('error', lang('Auth.magicLinkExpired'));
+
+        // It should have set temp session var
+        $this->assertFalse(session()->has('magic_link_login'));
     }
 
     public function testMagicLinkVerifySuccess(): void
@@ -134,5 +137,9 @@ public function testMagicLinkVerifySuccess(): void
         $result->assertRedirectTo(site_url());
         $result->assertSessionHas('user', ['id' => $user->id]);
         $this->assertTrue(auth()->loggedIn());
+
+        // It should have set temp session var
+        $this->assertTrue(session()->has('magic_link_login'));
+        $this->assertTrue(session('magic_link_login'));
     }
 }

From 96b1eee3fdd617f28ac0e20ab83d55410715f42c Mon Sep 17 00:00:00 2001
From: Lonnie Ezell <lonnieje@gmail.com>
Date: Thu, 1 Sep 2022 22:51:22 -0500
Subject: [PATCH 134/193] Fire an event when user uses magic login link

---
 docs/quickstart.md                      | 17 ++++++++++++++++-
 src/Controllers/MagicLinkController.php |  4 +++-
 tests/Authentication/MagicLinkTest.php  |  4 ++--
 3 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/docs/quickstart.md b/docs/quickstart.md
index 2c7bbe78b..fca50fe80 100644
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -14,6 +14,8 @@ NOTE: The examples assume that you have run the setup script and that you have c
     - [Enable Account Activation via Email](#enable-account-activation-via-email)
     - [Enable Two-Factor Authentication](#enable-two-factor-authentication)
     - [Responding to Magic Link Logins](#responding-to-magic-link-logins)
+      - [Session Notification](#session-notification)
+      - [Event](#event)
   - [Authorization Flow](#authorization-flow)
     - [Change Available Groups](#change-available-groups)
     - [Set the Default Group](#set-the-default-group)
@@ -131,10 +133,12 @@ public array $actions = [
 
 Magic Link logins allow a user that has forgotten their password that have an email sent with a unique login link that will provide a one-time login for them. Once they've logged in you can decide how to respond. In some cases, you might want to redirect them to a special page where the must choose a new password. In other cases, you might simply want to display a one-time message prompting them to go to their account page and choose a new password there.
 
+#### Session Notification
+
 You can detect if a user has finished the magic link login by checking for a session value, `magic_link_login`. If they have recently completed the flow, it will exist and have a value of `true`.
 
 ```php
-if (session('magic_link_login')) {
+if (session('magic_login')) {
     return redirect()->route('set_password');
 }
 ```
@@ -145,6 +149,17 @@ This value sticks around in the session for 5 minutes. Once you no longer need t
 session()->removeTempData('magic_link_login');
 ```
 
+#### Event
+
+At the same time the above session variable is set, a `magic_login` [event](https://codeigniter.com/user_guide/extending/events.html) is fired off that you may subscribe to. Note that no data is passed to the event as you can easily grab the current user from the `user()` helper or the `auth()->user()` method.
+
+```php
+Events::on('magic_login', static function () {
+    // ...
+});
+```
+
+
 ## Authorization Flow
 
 ### Change Available Groups
diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index 7c35de4a1..ab057f66a 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -165,7 +165,9 @@ public function verify(): RedirectResponse
 
         // Give the developer a way to know the user
         // logged in via a magic link.
-        session()->setTempdata('magic_link_login', true);
+        session()->setTempdata('magic_login', true);
+
+        Events::trigger('magic_login');
 
         // Get our login redirect url
         return redirect()->to(config('Auth')->loginRedirect());
diff --git a/tests/Authentication/MagicLinkTest.php b/tests/Authentication/MagicLinkTest.php
index 176260b38..97061795c 100644
--- a/tests/Authentication/MagicLinkTest.php
+++ b/tests/Authentication/MagicLinkTest.php
@@ -139,7 +139,7 @@ public function testMagicLinkVerifySuccess(): void
         $this->assertTrue(auth()->loggedIn());
 
         // It should have set temp session var
-        $this->assertTrue(session()->has('magic_link_login'));
-        $this->assertTrue(session('magic_link_login'));
+        $this->assertTrue(session()->has('magic_login'));
+        $this->assertTrue(session('magic_login'));
     }
 }

From b2d51ca8745e9f9a95d3563181752dddd0c5177b Mon Sep 17 00:00:00 2001
From: Lonnie Ezell <lonnieje@gmail.com>
Date: Wed, 31 Aug 2022 08:25:41 -0500
Subject: [PATCH 135/193] Update docs/quickstart.md

Co-authored-by: MGatner <mgatner@icloud.com>
---
 docs/quickstart.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/quickstart.md b/docs/quickstart.md
index fca50fe80..ba3cfe79b 100644
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -131,7 +131,7 @@ public array $actions = [
 
 ### Responding to Magic Link Logins
 
-Magic Link logins allow a user that has forgotten their password that have an email sent with a unique login link that will provide a one-time login for them. Once they've logged in you can decide how to respond. In some cases, you might want to redirect them to a special page where the must choose a new password. In other cases, you might simply want to display a one-time message prompting them to go to their account page and choose a new password there.
+Magic Link logins allow a user that has forgotten their password to have an email sent with a unique, one-time login link. Once they've logged in you can decide how to respond. In some cases, you might want to redirect them to a special page where they must choose a new password. In other cases, you might simply want to display a one-time message prompting them to go to their account page and choose a new password.
 
 #### Session Notification
 

From bb9c1fdee37f5afc2d77da2dc922ea34e1a9ef8c Mon Sep 17 00:00:00 2001
From: Lonnie Ezell <lonnieje@gmail.com>
Date: Mon, 5 Sep 2022 22:45:35 -0500
Subject: [PATCH 136/193] Addressing review comments

---
 docs/events.md                          | 14 ++++++++++++++
 docs/session_auth_event_and_logging.md  |  2 +-
 src/Controllers/MagicLinkController.php |  4 ++--
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/docs/events.md b/docs/events.md
index 1d429b960..0166cb246 100644
--- a/docs/events.md
+++ b/docs/events.md
@@ -9,6 +9,8 @@ Shield fires off several events during the lifecycle of the application that you
       - [login](#login)
       - [failedLogin](#failedlogin)
       - [logout](#logout)
+      - [magicLogin](#magiclogin)
+    - [Event Timing](#event-timing)
 
 ## Responding to Events
 
@@ -66,6 +68,18 @@ When the magic link login fails, the following array will be provided:
 
 Fired immediately after a successful logout. The only argument is the `User` entity.
 
+#### magicLogin
+
+Fired when a user has been successfully logged in via a magic link. This event does not have any parameters passed in. The authenticated user can be discovered through the `auth()` helper.
+
+```php
+Events::on('magicLogin', function() {
+    $user = auth()->user();
+
+    //
+})
+```
+
 ### Event Timing
 
 To learn more about Event timing, please see the list below.
diff --git a/docs/session_auth_event_and_logging.md b/docs/session_auth_event_and_logging.md
index 4216c5f23..a1232ccfa 100644
--- a/docs/session_auth_event_and_logging.md
+++ b/docs/session_auth_event_and_logging.md
@@ -38,5 +38,5 @@ The following is a list of Events and Logging for Session Authenticator.
         - OK → no event
         - NG → no event
     2. Send request with token
-        - OK → event `login` / table `auth_logins`
+        - OK → event `login` and `magicLogin` / table `auth_logins`
         - NG → event `failedLogin` / table `auth_logins`
diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index ab057f66a..bdfde354e 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -165,9 +165,9 @@ public function verify(): RedirectResponse
 
         // Give the developer a way to know the user
         // logged in via a magic link.
-        session()->setTempdata('magic_login', true);
+        session()->setTempdata('magicLogin', true);
 
-        Events::trigger('magic_login');
+        Events::trigger('magicLogin');
 
         // Get our login redirect url
         return redirect()->to(config('Auth')->loginRedirect());

From ea1008d901ee94cdfc62030e97b7fb31e1c36fdf Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 9 Sep 2022 17:43:53 +0900
Subject: [PATCH 137/193] docs: update session and event name to magicLogin

---
 docs/quickstart.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/quickstart.md b/docs/quickstart.md
index ba3cfe79b..50772fae7 100644
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -135,10 +135,10 @@ Magic Link logins allow a user that has forgotten their password to have an emai
 
 #### Session Notification
 
-You can detect if a user has finished the magic link login by checking for a session value, `magic_link_login`. If they have recently completed the flow, it will exist and have a value of `true`.
+You can detect if a user has finished the magic link login by checking for a session value, `magicLogin`. If they have recently completed the flow, it will exist and have a value of `true`.
 
 ```php
-if (session('magic_login')) {
+if (session('magicLogin')) {
     return redirect()->route('set_password');
 }
 ```
@@ -146,15 +146,15 @@ if (session('magic_login')) {
 This value sticks around in the session for 5 minutes. Once you no longer need to take any actions, you might want to delete the value from the session.
 
 ```php
-session()->removeTempData('magic_link_login');
+session()->removeTempData('magicLogin');
 ```
 
 #### Event
 
-At the same time the above session variable is set, a `magic_login` [event](https://codeigniter.com/user_guide/extending/events.html) is fired off that you may subscribe to. Note that no data is passed to the event as you can easily grab the current user from the `user()` helper or the `auth()->user()` method.
+At the same time the above session variable is set, a `magicLogin` [event](https://codeigniter.com/user_guide/extending/events.html) is fired off that you may subscribe to. Note that no data is passed to the event as you can easily grab the current user from the `user()` helper or the `auth()->user()` method.
 
 ```php
-Events::on('magic_login', static function () {
+Events::on('magicLogin', static function () {
     // ...
 });
 ```

From db5015374d76f58974bfc55ea56fd88547a3c6c0 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 9 Sep 2022 17:47:27 +0900
Subject: [PATCH 138/193] test: update session and event name to magicLogin

---
 tests/Authentication/MagicLinkTest.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/Authentication/MagicLinkTest.php b/tests/Authentication/MagicLinkTest.php
index 97061795c..27e37926f 100644
--- a/tests/Authentication/MagicLinkTest.php
+++ b/tests/Authentication/MagicLinkTest.php
@@ -116,7 +116,7 @@ public function testMagicLinkVerifyExpired(): void
         $result->assertSessionHas('error', lang('Auth.magicLinkExpired'));
 
         // It should have set temp session var
-        $this->assertFalse(session()->has('magic_link_login'));
+        $this->assertFalse(session()->has('magicLogin'));
     }
 
     public function testMagicLinkVerifySuccess(): void
@@ -139,7 +139,7 @@ public function testMagicLinkVerifySuccess(): void
         $this->assertTrue(auth()->loggedIn());
 
         // It should have set temp session var
-        $this->assertTrue(session()->has('magic_login'));
-        $this->assertTrue(session('magic_login'));
+        $this->assertTrue(session()->has('magicLogin'));
+        $this->assertTrue(session('magicLogin'));
     }
 }

From f94191503dbd1ff44a665603ea58348e54f76dea Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sat, 10 Sep 2022 10:26:56 +0900
Subject: [PATCH 139/193] docs: fix typo

Co-authored-by: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>
---
 docs/quickstart.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/quickstart.md b/docs/quickstart.md
index 50772fae7..a0e886fd7 100644
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -146,7 +146,7 @@ if (session('magicLogin')) {
 This value sticks around in the session for 5 minutes. Once you no longer need to take any actions, you might want to delete the value from the session.
 
 ```php
-session()->removeTempData('magicLogin');
+session()->removeTempdata('magicLogin');
 ```
 
 #### Event

From 1f8e92a3cd42b6a4d3ecdd2c5463f0df8f58aba1 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 10 Sep 2022 07:53:00 +0330
Subject: [PATCH 140/193] docs: add some important shield features to
 `README.md`

---
 README.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/README.md b/README.md
index 260a803a4..aec962dbd 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,23 @@ These are much like the access codes that GitHub uses, where they are unique to
 can have more than one. This can be used for API authentication of third-party users, and even for allowing
 access for a mobile application that you build.
 
+## Some Important Features
+
+1. Session-based authentication (traditional email/password with remember me)
+2. Stateless authentication using Personal Access Tokens
+3. Optional Email verification on account registration
+4. Optional Email-based Two Factor Authentication after login
+5. Magic Login Links when a user forgets their password
+6. Flexible groups-based access control (think roles, but more flexible)
+7. Users can be granted additional permissions
+8. User Entity and UserModel ready for you to use or extend
+9. A simple helper that provides access to the most common auth actions
+10. Easily extendable controllers
+11. All required views that can be used as is or swapped out for your own
+12. Highly configurable
+13. Built to extend and modify
+14. Save initial settings in your code so it can be in version control, but can also be updated in the database, thanks to our [Settings library](https://github.com/codeigniter4/settings)
+
 ## Getting Started
 
 ### Prerequisites

From 7b27abcd08844e78804c23505ab707b55eedf98b Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 10 Sep 2022 09:25:54 +0330
Subject: [PATCH 141/193] docs: edit link 'Protecting an API with Access
 Tokens'

---
 docs/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/index.md b/docs/index.md
index 0b26e25c4..e3b763ce6 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -11,4 +11,4 @@
 * [Customization](customization.md)
 
 Guides:
-* [Protecting an API with Access Tokens](guides/api-tokens.md)
+* [Protecting an API with Access Tokens](guides/api_tokens.md)

From 7b06fcde2ade39c6c01a4b531986f1671282fed7 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 10 Sep 2022 09:35:16 +0330
Subject: [PATCH 142/193] docs: renamed file  to  similar to other files.

---
 docs/guides/{api-tokens.md => api_tokens.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename docs/guides/{api-tokens.md => api_tokens.md} (100%)

diff --git a/docs/guides/api-tokens.md b/docs/guides/api_tokens.md
similarity index 100%
rename from docs/guides/api-tokens.md
rename to docs/guides/api_tokens.md

From cd6d35ce41a62bacd9728f4c36b142decc30f797 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 10 Sep 2022 12:27:28 +0330
Subject: [PATCH 143/193] docs: add use session filter

---
 docs/install.md | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/docs/install.md b/docs/install.md
index 7b6c52002..645130b89 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -4,10 +4,12 @@
   - [Requirements](#requirements)
   - [Composer Installation](#composer-installation)
     - [Troubleshooting](#troubleshooting)
+      - [IMPORTANT: composer error](#important-composer-error)
   - [Initial Setup](#initial-setup)
     - [Command Setup](#command-setup)
     - [Manual Setup](#manual-setup)
   - [Controller Filters](#controller-filters)
+    - [Protect All Pages](#protect-all-pages)
     - [Rate Limiting](#rate-limiting)
 
 These instructions assume that you have already [installed the CodeIgniter 4 app starter](https://codeigniter.com/user_guide/installation/installing_composer.html) as the basis for your new project, set up your `.env` file, and created a database that you can access via the Spark CLI script.
@@ -140,8 +142,19 @@ use to protect your routes, `session`, `tokens`, and `chained`. The first two co
 to see if the user is logged in through either of authenticators, allowing a single API endpoint to
 work for both an SPA using session auth, and a mobile app using access tokens. The fourth, `auth-rates`,
 provides a good basis for rate limiting of auth-related routes.
+These can be used in any of the [normal filter config settings](https://codeigniter4.github.io/CodeIgniter4/incoming/filters.html#globals), or [within the routes file](https://codeigniter.com/user_guide/incoming/routing.html#applying-filters).
 
-These filters are already loaded for you by the registrar class located at `src/Config/Registrar.php`.
+### Protect All Pages
+
+If you want to limit all routes (e.g. `localhost:8080/admin`, `localhost:8080/panel` and ...), you need to add the following code in the `app\Config\Filters.php` file.
+
+```php
+public $filters = [
+    'session' => ['except' => ['login*', '/register*']],
+];
+```
+
+> **Note** These filters are already loaded for you by the registrar class located at `src/Config/Registrar.php`.
 
 ```php
 public $aliases = [
@@ -153,8 +166,6 @@ public $aliases = [
 ];
 ```
 
-These can be used in any of the normal filter config settings, or within the routes file.
-
 ### Rate Limiting
 
 To help protect your authentication forms from being spammed by bots, it is recommended that you use

From e90186b8a1e4365ec8d42ed02f5a5f3587fddedd Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 10 Sep 2022 13:10:45 +0330
Subject: [PATCH 144/193] docs: edit `/register*` to `register*`

---
 docs/install.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/install.md b/docs/install.md
index 645130b89..6d74ee2bd 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -150,7 +150,7 @@ If you want to limit all routes (e.g. `localhost:8080/admin`, `localhost:8080/pa
 
 ```php
 public $filters = [
-    'session' => ['except' => ['login*', '/register*']],
+    'session' => ['except' => ['login*', 'register*']],
 ];
 ```
 

From 17e9a07cd2f7bfaed8f1dfc1455118781519ec83 Mon Sep 17 00:00:00 2001
From: Andrey Pyzhikov <5071@mail.ru>
Date: Sat, 10 Sep 2022 18:58:05 +0800
Subject: [PATCH 145/193] docs: Missing apostrophe

Missing apostrophe in getVar() method parameter

```php
$routes->get('/access/token', static function() {
    $token = auth()->user()->generateAccessToken(service('request')->getVar('token_name));

    return json_encode(['token' => $token->raw_token]);
});
```
---
 docs/guides/api-tokens.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/api-tokens.md b/docs/guides/api-tokens.md
index 7575ed804..923726aa5 100644
--- a/docs/guides/api-tokens.md
+++ b/docs/guides/api-tokens.md
@@ -8,7 +8,7 @@ The `generateAccessToken()` method requires a name for the token. These are free
 
 ```php
 $routes->get('/access/token', static function() {
-    $token = auth()->user()->generateAccessToken(service('request')->getVar('token_name));
+    $token = auth()->user()->generateAccessToken(service('request')->getVar('token_name'));
 
     return json_encode(['token' => $token->raw_token]);
 });

From 8b42b118a84325395fbfc3aa396feecbbad6af61 Mon Sep 17 00:00:00 2001
From: Lonnie Ezell <lonnieje@gmail.com>
Date: Tue, 6 Sep 2022 00:15:19 -0500
Subject: [PATCH 146/193] Added mobile auth guide.

---
 docs/guides/mobile-apps.md | 60 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 docs/guides/mobile-apps.md

diff --git a/docs/guides/mobile-apps.md b/docs/guides/mobile-apps.md
new file mode 100644
index 000000000..2e29471f5
--- /dev/null
+++ b/docs/guides/mobile-apps.md
@@ -0,0 +1,60 @@
+# Mobile Authentication with Access Tokens
+
+Access Tokens can be used to authenticate mobile applications that are consuming your API. This is similar to how you would work with [third-party users](api-tokens.md) of your API, but with small differences in how you would issue the tokens.
+
+## Issuing the Tokens
+
+Typically, a mobile application would issue a request from their login screen, passing in the credentials to authenticate with. Once authenticated you would return the `raw token` within the response and that would be saved on the device to use in following API calls.
+
+Start by creating a route that would handle the request from the login screen on the mobile device. The device name can be any arbitrary string, but is typically used to identify the device the request is being made from, like "Johns iPhone 13".
+
+```php
+
+// Routes.php
+$route->post('auth/token', 'App\Controllers\Auth\LoginController::mobileLogin');
+
+// LoginController.php
+namespace App\Controllers\Auth;
+
+use CodeIgniter\Controllers\BaseController;
+
+class LoginController extends BaseController
+{
+    public function mobileLogin()
+    {
+        // Valide credentials
+        $rules = setting('Validation.login') ?? [
+            'email' => [
+                'label' => 'Auth.email',
+                'rules' => config('AuthSession')->emailValidationRules,
+            ],
+            'password' => [
+                'label' => 'Auth.password',
+                'rules' => 'required',
+            ],
+        ];
+
+        if (! $this->validate($rules)) {
+            return $this->response
+                ->setJSON(['errors' => $this->validator->getErrors()])
+                ->setStatusCode(422)
+        }
+
+        // Attempt to login
+        $result = auth()->attempt($this->request->getPost(setting('Auth.validFields')));
+        if (! $result->isOK()) {
+            return $this->response
+                ->setJSON(['error' => $result->reason])
+                ->setStatusCode(401);
+        }
+
+        // Generate token and return to client
+        $token = auth()->user()->generateAccessToken(request()->getVar('device_name'));
+
+        return $this->response
+            ->setJSON(['token' => $token->raw_token]);
+    }
+}
+```
+
+When making all future requests to the API, the mobile client should return the raw token in the `Authorization` header as a `Bearer` token.

From 9c666b79cc188c17b3a3495386b71c8080337ea4 Mon Sep 17 00:00:00 2001
From: Lonnie Ezell <lonnieje@gmail.com>
Date: Tue, 6 Sep 2022 00:17:14 -0500
Subject: [PATCH 147/193] Adds mobile guide to docs index

---
 docs/index.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/index.md b/docs/index.md
index e3b763ce6..06f44b681 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -12,3 +12,4 @@
 
 Guides:
 * [Protecting an API with Access Tokens](guides/api_tokens.md)
+* [Mobile Authentication with Access Tokens](guides/mobile-apps.md)

From 0bc1c23ac55a25e03ea113de43dbdaa9a8b126e2 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sun, 11 Sep 2022 18:07:39 +0900
Subject: [PATCH 148/193] docs: fix filename

---
 docs/guides/{mobile-apps.md => mobile_apps.md} | 0
 docs/index.md                                  | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename docs/guides/{mobile-apps.md => mobile_apps.md} (100%)

diff --git a/docs/guides/mobile-apps.md b/docs/guides/mobile_apps.md
similarity index 100%
rename from docs/guides/mobile-apps.md
rename to docs/guides/mobile_apps.md
diff --git a/docs/index.md b/docs/index.md
index 06f44b681..dc22b6b84 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -12,4 +12,4 @@
 
 Guides:
 * [Protecting an API with Access Tokens](guides/api_tokens.md)
-* [Mobile Authentication with Access Tokens](guides/mobile-apps.md)
+* [Mobile Authentication with Access Tokens](guides/mobile_apps.md)

From f021d57e2b0150bb995883a4139abfd21e6550a0 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sun, 11 Sep 2022 18:09:16 +0900
Subject: [PATCH 149/193] docs: fix link

---
 docs/guides/mobile_apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/mobile_apps.md b/docs/guides/mobile_apps.md
index 2e29471f5..e2939c730 100644
--- a/docs/guides/mobile_apps.md
+++ b/docs/guides/mobile_apps.md
@@ -1,6 +1,6 @@
 # Mobile Authentication with Access Tokens
 
-Access Tokens can be used to authenticate mobile applications that are consuming your API. This is similar to how you would work with [third-party users](api-tokens.md) of your API, but with small differences in how you would issue the tokens.
+Access Tokens can be used to authenticate mobile applications that are consuming your API. This is similar to how you would work with [third-party users](api_tokens.md) of your API, but with small differences in how you would issue the tokens.
 
 ## Issuing the Tokens
 

From f45e5889ec8455dae5764ce41a5d07a4c85af6dc Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sun, 11 Sep 2022 18:14:53 +0900
Subject: [PATCH 150/193] docs: fix typo

---
 docs/guides/mobile_apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/mobile_apps.md b/docs/guides/mobile_apps.md
index e2939c730..789979abb 100644
--- a/docs/guides/mobile_apps.md
+++ b/docs/guides/mobile_apps.md
@@ -22,7 +22,7 @@ class LoginController extends BaseController
 {
     public function mobileLogin()
     {
-        // Valide credentials
+        // Validate credentials
         $rules = setting('Validation.login') ?? [
             'email' => [
                 'label' => 'Auth.email',

From 718a9e751537ace95704425ee1ffd452367f593a Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Sun, 11 Sep 2022 18:15:08 +0900
Subject: [PATCH 151/193] docs: replace request() with service()

---
 docs/guides/mobile_apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/mobile_apps.md b/docs/guides/mobile_apps.md
index 789979abb..b3ee9a04a 100644
--- a/docs/guides/mobile_apps.md
+++ b/docs/guides/mobile_apps.md
@@ -49,7 +49,7 @@ class LoginController extends BaseController
         }
 
         // Generate token and return to client
-        $token = auth()->user()->generateAccessToken(request()->getVar('device_name'));
+        $token = auth()->user()->generateAccessToken(service('request')->getVar('device_name'));
 
         return $this->response
             ->setJSON(['token' => $token->raw_token]);

From abbc4893d815ed809a1399ac01802e8512ecd75c Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Tue, 13 Sep 2022 04:11:29 +0330
Subject: [PATCH 152/193] fix: replace links with stable version of UG

---
 docs/install.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/install.md b/docs/install.md
index 6d74ee2bd..bda0107a1 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -142,7 +142,7 @@ use to protect your routes, `session`, `tokens`, and `chained`. The first two co
 to see if the user is logged in through either of authenticators, allowing a single API endpoint to
 work for both an SPA using session auth, and a mobile app using access tokens. The fourth, `auth-rates`,
 provides a good basis for rate limiting of auth-related routes.
-These can be used in any of the [normal filter config settings](https://codeigniter4.github.io/CodeIgniter4/incoming/filters.html#globals), or [within the routes file](https://codeigniter.com/user_guide/incoming/routing.html#applying-filters).
+These can be used in any of the [normal filter config settings](https://codeigniter.com/user_guide/incoming/filters.html?highlight=filter#globals), or [within the routes file](https://codeigniter.com/user_guide/incoming/routing.html?highlight=routs#applying-filters).
 
 ### Protect All Pages
 

From 8b9101f03abf27b2952d1aa5e7c6991871d14183 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Tue, 13 Sep 2022 04:46:17 +0330
Subject: [PATCH 153/193] edit: summarize and add full Shield feature link

---
 README.md | 23 +++++++++--------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index aec962dbd..0057a712c 100644
--- a/README.md
+++ b/README.md
@@ -31,20 +31,15 @@ access for a mobile application that you build.
 
 ## Some Important Features
 
-1. Session-based authentication (traditional email/password with remember me)
-2. Stateless authentication using Personal Access Tokens
-3. Optional Email verification on account registration
-4. Optional Email-based Two Factor Authentication after login
-5. Magic Login Links when a user forgets their password
-6. Flexible groups-based access control (think roles, but more flexible)
-7. Users can be granted additional permissions
-8. User Entity and UserModel ready for you to use or extend
-9. A simple helper that provides access to the most common auth actions
-10. Easily extendable controllers
-11. All required views that can be used as is or swapped out for your own
-12. Highly configurable
-13. Built to extend and modify
-14. Save initial settings in your code so it can be in version control, but can also be updated in the database, thanks to our [Settings library](https://github.com/codeigniter4/settings)
+* Session-based authentication (traditional email/password with remember me)
+* Stateless authentication using Personal Access Tokens
+* Optional Email verification on account registration
+* Optional Email-based Two Factor Authentication after login
+* Magic Login Links when a user forgets their password
+* Flexible groups-based access control (think roles, but more flexible)
+* Users can be granted additional permissions
+
+See the [An Official Auth Library](https://codeigniter.com/news/shield) for more Info.
 
 ## Getting Started
 

From 64a01038841b3bdfdd16db5ea12591302dc46194 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Tue, 13 Sep 2022 13:07:06 +0330
Subject: [PATCH 154/193] chore: add support links

---
 composer.json | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/composer.json b/composer.json
index 62e0fa6be..c418d27de 100644
--- a/composer.json
+++ b/composer.json
@@ -79,5 +79,13 @@
         "mutate": "infection --threads=2 --skip-initial-tests --coverage=build/phpunit",
         "style": "@cs-fix",
         "test": "phpunit"
+    },
+    "support": {
+        "forum": "https://forum.codeigniter.com",
+        "chat": "https://github.com/codeigniter4/shield/discussions",
+        "slack": "https://codeigniterchat.slack.com",
+        "source": "https://github.com/codeigniter4/shield",
+        "issues": "https://github.com/codeigniter4/shield/issues",
+        "docs": "https://github.com/codeigniter4/shield/blob/develop/docs/index.md"
     }
 }

From 029e1e716a4094634de4688cc481a60fea582e44 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Wed, 14 Sep 2022 09:04:35 +0330
Subject: [PATCH 155/193] style: fix code style

---
 src/Authorization/Traits/Authorizable.php           | 13 ++++++-------
 src/Config/Auth.php                                 |  3 +--
 .../2020-12-28-223112_create_auth_tables.php        |  2 +-
 src/Entities/Entity.php                             |  1 -
 src/Entities/User.php                               |  2 --
 src/Entities/UserIdentity.php                       |  2 --
 src/Models/UserIdentityModel.php                    |  1 -
 src/Models/UserModel.php                            |  5 ++---
 src/Result.php                                      |  1 -
 tests/Language/AbstractTranslationTestCase.php      |  8 ++++----
 tests/Unit/NothingPersonalValidatorTest.php         |  2 +-
 11 files changed, 15 insertions(+), 25 deletions(-)

diff --git a/src/Authorization/Traits/Authorizable.php b/src/Authorization/Traits/Authorizable.php
index ca4dca912..6d3b98e7f 100644
--- a/src/Authorization/Traits/Authorizable.php
+++ b/src/Authorization/Traits/Authorizable.php
@@ -78,9 +78,9 @@ public function removeGroup(string ...$groups): self
      * so only those groups are valid for this user, removing
      * all groups not in this list.
      *
-     * @throws AuthorizationException
-     *
      * @return $this
+     *
+     * @throws AuthorizationException
      */
     public function syncGroups(string ...$groups): self
     {
@@ -124,9 +124,9 @@ public function getPermissions(): ?array
     /**
      * Adds one or more permissions to the current user.
      *
-     * @throws AuthorizationException
-     *
      * @return $this
+     *
+     * @throws AuthorizationException
      */
     public function addPermission(string ...$permissions): self
     {
@@ -187,9 +187,9 @@ public function removePermission(string ...$permissions): self
      * so only those permissions are valid for this user, removing
      * all permissions not in this list.
      *
-     * @throws AuthorizationException
-     *
      * @return $this
+     *
+     * @throws AuthorizationException
      */
     public function syncPermissions(string ...$permissions): self
     {
@@ -342,7 +342,6 @@ private function savePermissions(): void
 
     /**
      * @phpstan-param 'group'|'permission' $type
-     *
      * @param GroupModel|PermissionModel $model
      */
     private function saveGroupsOrPermissions(string $type, $model, array $cache): void
diff --git a/src/Config/Auth.php b/src/Config/Auth.php
index 448d606e7..910670950 100644
--- a/src/Config/Auth.php
+++ b/src/Config/Auth.php
@@ -122,7 +122,6 @@ class Auth extends BaseConfig
      * If no match is found, then the next in the chain will be checked.
      *
      * @var string[]
-     *
      * @phpstan-var list<string>
      */
     public array $authenticationChain = [
@@ -213,7 +212,7 @@ class Auth extends BaseConfig
         'CodeIgniter\Shield\Authentication\Passwords\CompositionValidator',
         'CodeIgniter\Shield\Authentication\Passwords\NothingPersonalValidator',
         'CodeIgniter\Shield\Authentication\Passwords\DictionaryValidator',
-        //'CodeIgniter\Shield\Authentication\Passwords\PwnedValidator',
+        // 'CodeIgniter\Shield\Authentication\Passwords\PwnedValidator',
     ];
 
     /**
diff --git a/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php b/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php
index 53667dad2..f44eb41df 100644
--- a/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php
+++ b/src/Database/Migrations/2020-12-28-223112_create_auth_tables.php
@@ -132,7 +132,7 @@ public function up(): void
         $this->forge->createTable('auth_permissions_users');
     }
 
-    //--------------------------------------------------------------------
+    // --------------------------------------------------------------------
 
     public function down(): void
     {
diff --git a/src/Entities/Entity.php b/src/Entities/Entity.php
index 3672285b9..5708c8a41 100644
--- a/src/Entities/Entity.php
+++ b/src/Entities/Entity.php
@@ -16,7 +16,6 @@ abstract class Entity extends FrameworkEntity
      * Custom convert handlers
      *
      * @var array<string, string>
-     *
      * @phpstan-var array<string, class-string>
      */
     protected $castHandlers = [
diff --git a/src/Entities/User.php b/src/Entities/User.php
index 3b4d53eeb..41db67318 100644
--- a/src/Entities/User.php
+++ b/src/Entities/User.php
@@ -35,9 +35,7 @@ class User extends Entity
 
     /**
      * @var string[]
-     *
      * @phpstan-var list<string>
-     *
      * @psalm-var list<string>
      */
     protected $dates = [
diff --git a/src/Entities/UserIdentity.php b/src/Entities/UserIdentity.php
index 541ab26dc..5b854b03d 100644
--- a/src/Entities/UserIdentity.php
+++ b/src/Entities/UserIdentity.php
@@ -35,9 +35,7 @@ class UserIdentity extends Entity
 
     /**
      * @var string[]
-     *
      * @phpstan-var list<string>
-     *
      * @psalm-var list<string>
      */
     protected $dates = [
diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php
index b966b2246..4676be6b5 100644
--- a/src/Models/UserIdentityModel.php
+++ b/src/Models/UserIdentityModel.php
@@ -76,7 +76,6 @@ public function createEmailIdentity(User $user, array $credentials): void
      * Create an identity with 6 digits code for auth action
      *
      * @phpstan-param array{type: string, name: string, extra: string} $data
-     *
      * @param callable $codeGenerator generate secret code
      *
      * @return string secret
diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
index 74167b356..ead14f061 100644
--- a/src/Models/UserModel.php
+++ b/src/Models/UserModel.php
@@ -99,7 +99,6 @@ protected function fetchIdentities(array $data): array
      * @param UserIdentity[] $identities
      *
      * @return User[] UserId => User object
-     *
      * @phpstan-return array<int|string, User> UserId => User object
      */
     private function assignIdentities(array $data, array $identities): array
@@ -220,9 +219,9 @@ public function activate(User $user): void
      *
      * @param array|User $data
      *
-     * @throws ValidationException
-     *
      * @return int|string|true Insert ID if $returnID is true
+     *
+     * @throws ValidationException
      */
     public function insert($data = null, bool $returnID = true)
     {
diff --git a/src/Result.php b/src/Result.php
index ba4abdb01..fa0ce1b37 100644
--- a/src/Result.php
+++ b/src/Result.php
@@ -26,7 +26,6 @@ class Result
 
     /**
      * @phpstan-param array{success: bool, reason?: string|null, extraInfo?: string|User} $details
-     *
      * @psalm-param array{success: bool, reason?: string|null, extraInfo?: string|User} $details
      */
     public function __construct(array $details)
diff --git a/tests/Language/AbstractTranslationTestCase.php b/tests/Language/AbstractTranslationTestCase.php
index 0f5f4298d..ce5db5766 100644
--- a/tests/Language/AbstractTranslationTestCase.php
+++ b/tests/Language/AbstractTranslationTestCase.php
@@ -91,9 +91,9 @@ abstract class AbstractTranslationTestCase extends TestCase
      */
     protected array $excludedLocaleKeyTranslations = [];
 
-    //-------------------------------------------------------------------------
+    // -------------------------------------------------------------------------
     // TESTS
-    //-------------------------------------------------------------------------
+    // -------------------------------------------------------------------------
 
     /**
      * This tests that all language files configured in the main CI4 repository
@@ -328,9 +328,9 @@ final public function testLocaleHasCorrespondingTestCaseFile(string $locale): vo
         ));
     }
 
-    //-------------------------------------------------------------------------
+    // -------------------------------------------------------------------------
     // UTILITIES
-    //-------------------------------------------------------------------------
+    // -------------------------------------------------------------------------
 
     /**
      * Get all the ISO 639-1 and 639-2 locale codes.
diff --git a/tests/Unit/NothingPersonalValidatorTest.php b/tests/Unit/NothingPersonalValidatorTest.php
index 37c5d1bf5..0e588b6c7 100644
--- a/tests/Unit/NothingPersonalValidatorTest.php
+++ b/tests/Unit/NothingPersonalValidatorTest.php
@@ -281,7 +281,7 @@ public function maxSimilarityProvider()
             [
                 66,
                 false,
-            ],            [
+            ], [
                 0,
                 true,
             ],

From 22d36707fed0ea47d951af34311a541fd4f0f49f Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Wed, 14 Sep 2022 16:21:03 +0330
Subject: [PATCH 156/193] fix: set github discussions of forum link

---
 composer.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/composer.json b/composer.json
index c418d27de..16a299ee5 100644
--- a/composer.json
+++ b/composer.json
@@ -81,8 +81,7 @@
         "test": "phpunit"
     },
     "support": {
-        "forum": "https://forum.codeigniter.com",
-        "chat": "https://github.com/codeigniter4/shield/discussions",
+        "forum": "https://github.com/codeigniter4/shield/discussions",
         "slack": "https://codeigniterchat.slack.com",
         "source": "https://github.com/codeigniter4/shield",
         "issues": "https://github.com/codeigniter4/shield/issues",

From d98e5f1837fe4b8199af1b36e45ef821b32388d7 Mon Sep 17 00:00:00 2001
From: David Nsai <44303729+davidnsai@users.noreply.github.com>
Date: Fri, 16 Sep 2022 00:13:41 +0200
Subject: [PATCH 157/193] Fixed typo in documentation

---
 docs/guides/mobile_apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/mobile_apps.md b/docs/guides/mobile_apps.md
index b3ee9a04a..051ef2dd1 100644
--- a/docs/guides/mobile_apps.md
+++ b/docs/guides/mobile_apps.md
@@ -11,7 +11,7 @@ Start by creating a route that would handle the request from the login screen on
 ```php
 
 // Routes.php
-$route->post('auth/token', 'App\Controllers\Auth\LoginController::mobileLogin');
+$routes->post('auth/token', 'App\Controllers\Auth\LoginController::mobileLogin');
 
 // LoginController.php
 namespace App\Controllers\Auth;

From 9a5a9d1f942664ecf8aabcef030052382f0d5cb3 Mon Sep 17 00:00:00 2001
From: David Nsai <44303729+davidnsai@users.noreply.github.com>
Date: Fri, 16 Sep 2022 00:20:24 +0200
Subject: [PATCH 158/193] Added semi colon

---
 docs/guides/mobile_apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/mobile_apps.md b/docs/guides/mobile_apps.md
index b3ee9a04a..2fd3861ce 100644
--- a/docs/guides/mobile_apps.md
+++ b/docs/guides/mobile_apps.md
@@ -37,7 +37,7 @@ class LoginController extends BaseController
         if (! $this->validate($rules)) {
             return $this->response
                 ->setJSON(['errors' => $this->validator->getErrors()])
-                ->setStatusCode(422)
+                ->setStatusCode(422);
         }
 
         // Attempt to login

From 8776ed7bfe6e6697cece0faf9cf5dc27ec00c83d Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 17 Sep 2022 21:11:33 +0330
Subject: [PATCH 159/193] fix: show error correctly if set to
 `authenticatorHeader`.

---
 src/Language/de/Auth.php | 2 +-
 src/Language/en/Auth.php | 2 +-
 src/Language/es/Auth.php | 2 +-
 src/Language/fa/Auth.php | 2 +-
 src/Language/fr/Auth.php | 2 +-
 src/Language/id/Auth.php | 2 +-
 src/Language/ja/Auth.php | 2 +-
 src/Language/sk/Auth.php | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/Language/de/Auth.php b/src/Language/de/Auth.php
index 7d612286b..93268f4d2 100644
--- a/src/Language/de/Auth.php
+++ b/src/Language/de/Auth.php
@@ -12,7 +12,7 @@
     'badAttempt'            => 'Sie konnten nicht angemeldet werden. Bitte überprüfen Sie Ihre Anmeldedaten.',
     'noPassword'            => 'Kann einen Benutzer ohne Passwort nicht validieren.',
     'invalidPassword'       => 'Sie können nicht angemeldet werden. Bitte überprüfen Sie Ihr Passwort.',
-    'noToken'               => 'Jede Anfrage muss ein Überbringer-Token im Authorization-Header enthalten.',
+    'noToken'               => 'Jede Anfrage muss ein Überbringer-Token im {0}-Header enthalten.',
     'badToken'              => 'Das Zugriffstoken ist ungültig.',
     'oldToken'              => 'Das Zugriffstoken ist abgelaufen.',
     'noUserEntity'          => 'Die Benutzerentität muss für die Passwortüberprüfung angegeben werden.',
diff --git a/src/Language/en/Auth.php b/src/Language/en/Auth.php
index 4d49ea742..b0efb710d 100644
--- a/src/Language/en/Auth.php
+++ b/src/Language/en/Auth.php
@@ -12,7 +12,7 @@
     'badAttempt'            => 'Unable to log you in. Please check your credentials.',
     'noPassword'            => 'Cannot validate a user without a password.',
     'invalidPassword'       => 'Unable to log you in. Please check your password.',
-    'noToken'               => 'Every request must have a bearer token in the Authorization header.',
+    'noToken'               => 'Every request must have a bearer token in the {0} header.',
     'badToken'              => 'The access token is invalid.',
     'oldToken'              => 'The access token has expired.',
     'noUserEntity'          => 'User Entity must be provided for password validation.',
diff --git a/src/Language/es/Auth.php b/src/Language/es/Auth.php
index 81e879e60..796bdafe0 100644
--- a/src/Language/es/Auth.php
+++ b/src/Language/es/Auth.php
@@ -12,7 +12,7 @@
     'badAttempt'            => 'No puedes entrar. Por favor, comprueba tus creenciales.',
     'noPassword'            => 'No se puede validar un usuario sin una contraseña.',
     'invalidPassword'       => 'No uedes entrar. Por favor, comprueba tu contraseña.',
-    'noToken'               => 'Cada petición debe tenerun token en la Authorización.',
+    'noToken'               => 'Cada petición debe tenerun token en la {0}.',
     'badToken'              => 'Token de acceso no válido.',
     'oldToken'              => 'El token de acceso ha caducado.',
     'noUserEntity'          => 'Se debe dar una Entidad de Usuario para validar la contraseña.',
diff --git a/src/Language/fa/Auth.php b/src/Language/fa/Auth.php
index a77b530d1..380186d6b 100644
--- a/src/Language/fa/Auth.php
+++ b/src/Language/fa/Auth.php
@@ -21,7 +21,7 @@
     'badAttempt'            => 'امکان ورود به سیستم نیست. لطفا اعتبارنامه خود را بررسی کنید.',
     'noPassword'            => 'تایید کاربر بدون رمز عبور ممکن نیست.',
     'invalidPassword'       => 'ناتوان در ورود به سیستم. لطفا رمز عبور خود را بررسی کنید.',
-    'noToken'               => 'هر درخواست باید دارای یک توکن bearer در هدر Authorization باشد.',
+    'noToken'               => 'هر درخواست باید دارای یک توکن bearer در هدر {0} باشد.',
     'badToken'              => 'توکن دسترسی معتبر نمی باشد.',
     'oldToken'              => 'توکن دسترسی منقضی شده است.',
     'noUserEntity'          => 'برای اعتبار سنجی هویت کاربر بایستی رمز عبور ارائه شود',
diff --git a/src/Language/fr/Auth.php b/src/Language/fr/Auth.php
index d2213023a..9f0b9f63c 100644
--- a/src/Language/fr/Auth.php
+++ b/src/Language/fr/Auth.php
@@ -12,7 +12,7 @@
     'badAttempt'            => 'Connexion impossible. Veuillez vérifier les informations saisies.',
     'noPassword'            => 'Impossible de valider un utilisateur sans mot de passe.',
     'invalidPassword'       => 'Connexion impossible. Veuillez vérifier votre mot de passe.',
-    'noToken'               => 'Chaque demande doit comporter un jeton d\'accès dans l\'en-tête d\'autorisation.',
+    'noToken'               => 'Chaque demande doit comporter un jeton d\'accès dans l\'en-tête d\'{0}.',
     'badToken'              => 'Le jeton d\'accès est invalide.',
     'oldToken'              => 'Le jeton d\'accès a expiré.',
     'noUserEntity'          => 'User Entity doit être fournie pour la validation du mot de passe.',
diff --git a/src/Language/id/Auth.php b/src/Language/id/Auth.php
index 8d652f774..77fd15333 100644
--- a/src/Language/id/Auth.php
+++ b/src/Language/id/Auth.php
@@ -12,7 +12,7 @@
     'badAttempt'            => 'Anda tidak dapat masuk. Harap periksa kredensial Anda.',
     'noPassword'            => 'Tidak dapat memvalidasi pengguna tanpa kata sandi.',
     'invalidPassword'       => 'Anda tidak dapat masuk. Harap periksa kata sandi Anda.',
-    'noToken'               => 'Setiap permintaan harus memiliki token pembawa di header Authorization.',
+    'noToken'               => 'Setiap permintaan harus memiliki token pembawa di header {0}.',
     'badToken'              => 'Akses token tidak sah.',
     'oldToken'              => 'Akses token sudah tidak berlaku.',
     'noUserEntity'          => 'Entitas Pengguna harus disediakan untuk validasi kata sandi.',
diff --git a/src/Language/ja/Auth.php b/src/Language/ja/Auth.php
index d2cb33c39..1b3c57588 100644
--- a/src/Language/ja/Auth.php
+++ b/src/Language/ja/Auth.php
@@ -12,7 +12,7 @@
     'badAttempt'            => 'ログインできません。認証情報を確認してください。', // 'Unable to log you in. Please check your credentials.',
     'noPassword'            => 'パスワードのないユーザーは認証できません。', // 'Cannot validate a user without a password.',
     'invalidPassword'       => 'ログインできません。パスワードを確認してください。', // 'Unable to log you in. Please check your password.',
-    'noToken'               => 'すべてのリクエストは、AuthorizationヘッダーにBearerトークンが必要です。', // 'Every request must have a bearer token in the Authorization header.',
+    'noToken'               => 'すべてのリクエストは、{0}ヘッダーにBearerトークンが必要です。', // 'Every request must have a bearer token in the Authorization header.',
     'badToken'              => 'アクセストークンが無効です。', // 'The access token is invalid.',
     'oldToken'              => 'アクセストークンの有効期限が切れています。', // 'The access token has expired.',
     'noUserEntity'          => 'パスワード検証のため、Userエンティティを指定する必要があります。', // 'User Entity must be provided for password validation.',
diff --git a/src/Language/sk/Auth.php b/src/Language/sk/Auth.php
index 1df2f598f..42c64ca98 100644
--- a/src/Language/sk/Auth.php
+++ b/src/Language/sk/Auth.php
@@ -12,7 +12,7 @@
     'badAttempt'            => 'Prihlásenie zlyhalo. Skontrolujte svoje prihlasovacie údaje.',
     'noPassword'            => 'Nie je možné overiť používateľa bez hesla.',
     'invalidPassword'       => 'Prihlásenie zlyhalo. Skontrolujte svoje heslo.',
-    'noToken'               => 'Každá požiadavka musí mať v hlavičke Autorizácia nosný token',
+    'noToken'               => 'Každá požiadavka musí mať v hlavičke {0} nosný token',
     'badToken'              => 'Prístupový token je neplatný.',
     'oldToken'              => 'Platnosť prístupového tokenu vypršala.',
     'noUserEntity'          => 'Na overenie hesla je potrebné zadať entitu používateľa.',

From 1c1007090d09b030622b5c8a1ba70615c1040d8d Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 17 Sep 2022 21:24:56 +0330
Subject: [PATCH 160/193] fix: show error correctly if set to
 `authenticatorHeader`.

---
 src/Authentication/Authenticators/AccessTokens.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Authentication/Authenticators/AccessTokens.php b/src/Authentication/Authenticators/AccessTokens.php
index 973e6197c..905033a7f 100644
--- a/src/Authentication/Authenticators/AccessTokens.php
+++ b/src/Authentication/Authenticators/AccessTokens.php
@@ -95,7 +95,7 @@ public function check(array $credentials): Result
         if (! array_key_exists('token', $credentials) || empty($credentials['token'])) {
             return new Result([
                 'success' => false,
-                'reason'  => lang('Auth.noToken'),
+                'reason'  => lang('Auth.noToken', [config('Auth')->authenticatorHeader['tokens']]),
             ]);
         }
 

From 4e1d85174fe9f4dff6130d86586636e9024ba091 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sun, 18 Sep 2022 06:48:39 +0330
Subject: [PATCH 161/193] docs: fix protect url whit `$globals`

---
 docs/install.md | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/docs/install.md b/docs/install.md
index bda0107a1..e61a8e8ce 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -149,8 +149,18 @@ These can be used in any of the [normal filter config settings](https://codeigni
 If you want to limit all routes (e.g. `localhost:8080/admin`, `localhost:8080/panel` and ...), you need to add the following code in the `app\Config\Filters.php` file.
 
 ```php
-public $filters = [
-    'session' => ['except' => ['login*', 'register*']],
+public $globals = [
+    'before' => [
+        // 'honeypot',
+        // 'csrf',
+        // 'invalidchars',
+        'session' => ['except' => ['login*', 'register*']],
+    ],
+    'after' => [
+        'toolbar',
+        // 'honeypot',
+        // 'secureheaders',
+    ],
 ];
 ```
 

From 926cd1c3c7cad3ef7d852c142463a58ba04c1f2d Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>
Date: Sun, 18 Sep 2022 12:58:22 +0430
Subject: [PATCH 162/193] Update docs/install.md

Co-authored-by: kenjis <kenji.uui@gmail.com>
---
 docs/install.md | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/docs/install.md b/docs/install.md
index e61a8e8ce..a66d5a1af 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -151,16 +151,10 @@ If you want to limit all routes (e.g. `localhost:8080/admin`, `localhost:8080/pa
 ```php
 public $globals = [
     'before' => [
-        // 'honeypot',
-        // 'csrf',
-        // 'invalidchars',
+        // ...
         'session' => ['except' => ['login*', 'register*']],
     ],
-    'after' => [
-        'toolbar',
-        // 'honeypot',
-        // 'secureheaders',
-    ],
+    // ...
 ];
 ```
 

From 1bd2697ab9567bc326b079a30fd6d3503f80e145 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>
Date: Sun, 18 Sep 2022 12:58:29 +0430
Subject: [PATCH 163/193] Update docs/install.md

Co-authored-by: kenjis <kenji.uui@gmail.com>
---
 docs/install.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/install.md b/docs/install.md
index a66d5a1af..a69a55943 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -146,7 +146,7 @@ These can be used in any of the [normal filter config settings](https://codeigni
 
 ### Protect All Pages
 
-If you want to limit all routes (e.g. `localhost:8080/admin`, `localhost:8080/panel` and ...), you need to add the following code in the `app\Config\Filters.php` file.
+If you want to limit all routes (e.g. `localhost:8080/admin`, `localhost:8080/panel` and ...), you need to add the following code in the `app/Config/Filters.php` file.
 
 ```php
 public $globals = [

From 34c4e66681aa12c195d4ac90e29b76e2dc1b1e34 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sun, 18 Sep 2022 17:29:02 +0330
Subject: [PATCH 164/193] fix: replece `reason` to `reason()`

---
 docs/guides/mobile_apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/mobile_apps.md b/docs/guides/mobile_apps.md
index 2fd3861ce..1d61943a9 100644
--- a/docs/guides/mobile_apps.md
+++ b/docs/guides/mobile_apps.md
@@ -44,7 +44,7 @@ class LoginController extends BaseController
         $result = auth()->attempt($this->request->getPost(setting('Auth.validFields')));
         if (! $result->isOK()) {
             return $this->response
-                ->setJSON(['error' => $result->reason])
+                ->setJSON(['error' => $result->reason()])
                 ->setStatusCode(401);
         }
 

From 7adda6cbfcd64d65c18cf89185e624bea46686a0 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 17 Sep 2022 21:46:41 +0330
Subject: [PATCH 165/193] tests: update show error if set to
 `authenticatorHeader`.

---
 .../Authenticators/AccessTokenAuthenticatorTest.php             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php b/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
index 11b5a36ca..dd0f379ea 100644
--- a/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
+++ b/tests/Authentication/Authenticators/AccessTokenAuthenticatorTest.php
@@ -110,7 +110,7 @@ public function testCheckNoToken(): void
         $result = $this->auth->check([]);
 
         $this->assertFalse($result->isOK());
-        $this->assertSame(lang('Auth.noToken'), $result->reason());
+        $this->assertSame(lang('Auth.noToken', [config('Auth')->authenticatorHeader['tokens']]), $result->reason());
     }
 
     public function testCheckBadToken(): void

From 2042c1f24b9f9b4b630b58c4aa9e40df698b2129 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Mon, 19 Sep 2022 08:43:05 +0330
Subject: [PATCH 166/193] docs: add note for change
 `$authenticatorHeader['tokens']`

---
 docs/guides/api_tokens.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/guides/api_tokens.md b/docs/guides/api_tokens.md
index 923726aa5..ff99494cc 100644
--- a/docs/guides/api_tokens.md
+++ b/docs/guides/api_tokens.md
@@ -2,6 +2,8 @@
 
 Access Tokens can be used to authenticate users for your own site, or when allowing third-party developers to access your API. When making requests using access tokens, the token should be included in the `Authorization` header as a `Bearer` token.
 
+> **Note**  By default, `$authenticatorHeader['tokens']` is set to `Authorization`. You can change this value by setting the `$authenticatorHeader['tokens']` value in the `Auth.php` config file.
+
 Tokens are issued with the `generateAccessToken()` method on the user. This returns a `CodeIgniter\Shield\Entities\AccessToken` instance. Tokens are hashed using a SHA-256 algorithm before being saved to the database. The access token returned when you generate it will include a `raw_token` field that contains the plain-text, un-hashed, token. You should display this to your user at once so they have a chance to copy it somewhere safe, as this is the only time this will be available. After this request, there is no way to get the raw token.
 
 The `generateAccessToken()` method requires a name for the token. These are free strings and are often used to identify the user/device the token was generated from, like 'Johns MacBook Air'.

From f99ff968e3a669c120314000c9a51984e6eccad1 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Mon, 19 Sep 2022 08:54:17 +0330
Subject: [PATCH 167/193] docs: add note for change `Authorization` to
 `PersonalAccessCodes`

---
 docs/guides/mobile_apps.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/guides/mobile_apps.md b/docs/guides/mobile_apps.md
index b3ee9a04a..475b47330 100644
--- a/docs/guides/mobile_apps.md
+++ b/docs/guides/mobile_apps.md
@@ -58,3 +58,9 @@ class LoginController extends BaseController
 ```
 
 When making all future requests to the API, the mobile client should return the raw token in the `Authorization` header as a `Bearer` token.
+
+> **Note**
+>
+> By default, `$authenticatorHeader['tokens']` is set to `Authorization`. You can change this value by setting the `$authenticatorHeader['tokens']` value in the `Auth.php` config file.
+>
+> e.g. if `$authenticatorHeader['tokens']` is set to `PersonalAccessCodes`. the mobile client should return the raw token in the `PersonalAccessCodes` header as a `Bearer` token.

From de69b377beca5353ef56d5c0dde1de18c284f5c0 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>
Date: Mon, 19 Sep 2022 15:13:37 +0430
Subject: [PATCH 168/193] docs: fix grammar

Co-authored-by: MGatner <mgatner@icloud.com>
---
 docs/guides/mobile_apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/mobile_apps.md b/docs/guides/mobile_apps.md
index 475b47330..25675442f 100644
--- a/docs/guides/mobile_apps.md
+++ b/docs/guides/mobile_apps.md
@@ -61,6 +61,6 @@ When making all future requests to the API, the mobile client should return the
 
 > **Note**
 >
-> By default, `$authenticatorHeader['tokens']` is set to `Authorization`. You can change this value by setting the `$authenticatorHeader['tokens']` value in the `Auth.php` config file.
+> By default, `$authenticatorHeader['tokens']` is set to `Authorization`. You can change the header name by setting the `$authenticatorHeader['tokens']` value in the `Auth.php` config file.
 >
 > e.g. if `$authenticatorHeader['tokens']` is set to `PersonalAccessCodes`. the mobile client should return the raw token in the `PersonalAccessCodes` header as a `Bearer` token.

From 3df1b85e71f3531a5a5568e99746869491cf2a6e Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>
Date: Mon, 19 Sep 2022 15:14:27 +0430
Subject: [PATCH 169/193] docs : fix grammar

Co-authored-by: MGatner <mgatner@icloud.com>
---
 docs/guides/mobile_apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/mobile_apps.md b/docs/guides/mobile_apps.md
index 25675442f..2c95c10e7 100644
--- a/docs/guides/mobile_apps.md
+++ b/docs/guides/mobile_apps.md
@@ -63,4 +63,4 @@ When making all future requests to the API, the mobile client should return the
 >
 > By default, `$authenticatorHeader['tokens']` is set to `Authorization`. You can change the header name by setting the `$authenticatorHeader['tokens']` value in the `Auth.php` config file.
 >
-> e.g. if `$authenticatorHeader['tokens']` is set to `PersonalAccessCodes`. the mobile client should return the raw token in the `PersonalAccessCodes` header as a `Bearer` token.
+> e.g. if `$authenticatorHeader['tokens']` is set to `PersonalAccessCodes` then the mobile client should return the raw token in the `PersonalAccessCodes` header as a `Bearer` token.

From f8f2ce1ea612109bb2b0dc2140fc16cf5c880f96 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 21 Sep 2022 08:19:48 +0900
Subject: [PATCH 170/193] docs: add note about strong_password

See https://github.com/codeigniter4/shield/pull/439#discussion_r974787536
and https://github.com/codeigniter4/shield/issues/438
---
 docs/concepts.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/docs/concepts.md b/docs/concepts.md
index 530a0bd67..c8cafce74 100644
--- a/docs/concepts.md
+++ b/docs/concepts.md
@@ -88,3 +88,17 @@ public $passwordValidators = [
     //'CodeIgniter\Shield\Authentication\Passwords\PwnedValidator',
 ];
 ```
+
+You use `strong_password` rule for password validation explained above.
+
+> **Note**
+> The `strong_password` rule only supports use cases to check the user's own password.
+> It fetches the authenticated user's data for **NothingPersonalValidator**
+> if the visitor is authenticated.
+>
+> If you want to have use cases that set and check another user's password,
+> you can't use `strong_password`. You need to use `service('passwords')` directly
+> to check the password.
+>
+> But remember, it is not good practice to set passwords for other users.
+> This is because the password should be known only by that user.

From b84d3c8a9a18d5ee78cdfadd0ce7569ab5628e15 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 26 Sep 2022 10:03:29 +0900
Subject: [PATCH 171/193] fix: add missing assertion `$user->id !== null`

---
 src/Models/UserIdentityModel.php | 24 +++++++++++++++++++++++-
 src/Models/UserModel.php         |  3 +++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php
index 4676be6b5..218c2e3f2 100644
--- a/src/Models/UserIdentityModel.php
+++ b/src/Models/UserIdentityModel.php
@@ -59,6 +59,8 @@ public function create($data): void
      */
     public function createEmailIdentity(User $user, array $credentials): void
     {
+        assert($user->id !== null, '"$user->id" must not be null.');
+
         /** @var Passwords $passwords */
         $passwords = service('passwords');
 
@@ -85,7 +87,7 @@ public function createCodeIdentity(
         array $data,
         callable $codeGenerator
     ): string {
-        assert($user->id !== null);
+        assert($user->id !== null, '"$user->id" must not be null.');
 
         helper('text');
 
@@ -120,6 +122,8 @@ public function createCodeIdentity(
      */
     public function generateAccessToken(User $user, string $name, array $scopes = ['*']): AccessToken
     {
+        assert($user->id !== null, '"$user->id" must not be null.');
+
         helper('text');
 
         $return = $this->insert([
@@ -153,6 +157,8 @@ public function getAccessTokenByRawToken(string $rawToken): ?AccessToken
 
     public function getAccessToken(User $user, string $rawToken): ?AccessToken
     {
+        assert($user->id !== null, '"$user->id" must not be null.');
+
         return $this->where('user_id', $user->id)
             ->where('type', AccessTokens::ID_TYPE_ACCESS_TOKEN)
             ->where('secret', hash('sha256', $rawToken))
@@ -167,6 +173,8 @@ public function getAccessToken(User $user, string $rawToken): ?AccessToken
      */
     public function getAccessTokenById($id, User $user): ?AccessToken
     {
+        assert($user->id !== null, '"$user->id" must not be null.');
+
         return $this->where('user_id', $user->id)
             ->where('type', AccessTokens::ID_TYPE_ACCESS_TOKEN)
             ->where('id', $id)
@@ -179,6 +187,8 @@ public function getAccessTokenById($id, User $user): ?AccessToken
      */
     public function getAllAccessTokens(User $user): array
     {
+        assert($user->id !== null, '"$user->id" must not be null.');
+
         return $this
             ->where('user_id', $user->id)
             ->where('type', AccessTokens::ID_TYPE_ACCESS_TOKEN)
@@ -208,6 +218,8 @@ public function getIdentityBySecret(string $type, ?string $secret): ?UserIdentit
      */
     public function getIdentities(User $user): array
     {
+        assert($user->id !== null, '"$user->id" must not be null.');
+
         return $this->where('user_id', $user->id)->orderBy($this->primaryKey)->findAll();
     }
 
@@ -226,6 +238,8 @@ public function getIdentitiesByUserIds(array $userIds): array
      */
     public function getIdentityByType(User $user, string $type): ?UserIdentity
     {
+        assert($user->id !== null, '"$user->id" must not be null.');
+
         return $this->where('user_id', $user->id)
             ->where('type', $type)
             ->orderBy($this->primaryKey)
@@ -241,6 +255,8 @@ public function getIdentityByType(User $user, string $type): ?UserIdentity
      */
     public function getIdentitiesByTypes(User $user, array $types): array
     {
+        assert($user->id !== null, '"$user->id" must not be null.');
+
         if ($types === []) {
             return [];
         }
@@ -265,6 +281,8 @@ public function touchIdentity(UserIdentity $identity): void
 
     public function deleteIdentitiesByType(User $user, string $type): void
     {
+        assert($user->id !== null, '"$user->id" must not be null.');
+
         $return = $this->where('user_id', $user->id)
             ->where('type', $type)
             ->delete();
@@ -277,6 +295,8 @@ public function deleteIdentitiesByType(User $user, string $type): void
      */
     public function revokeAccessToken(User $user, string $rawToken): void
     {
+        assert($user->id !== null, '"$user->id" must not be null.');
+
         $return = $this->where('user_id', $user->id)
             ->where('type', AccessTokens::ID_TYPE_ACCESS_TOKEN)
             ->where('secret', hash('sha256', $rawToken))
@@ -290,6 +310,8 @@ public function revokeAccessToken(User $user, string $rawToken): void
      */
     public function revokeAllAccessTokens(User $user): void
     {
+        assert($user->id !== null, '"$user->id" must not be null.');
+
         $return = $this->where('user_id', $user->id)
             ->where('type', AccessTokens::ID_TYPE_ACCESS_TOKEN)
             ->delete();
diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
index ead14f061..7e6c21745 100644
--- a/src/Models/UserModel.php
+++ b/src/Models/UserModel.php
@@ -303,6 +303,9 @@ protected function saveEmailIdentity(array $data): array
             /** @var User $user */
             $user = $this->find($this->db->insertID());
 
+            // If you get identity (email/password), the User object must have the id.
+            $this->tempUser->id = $user->id;
+
             $user->email         = $this->tempUser->email ?? '';
             $user->password      = $this->tempUser->password ?? '';
             $user->password_hash = $this->tempUser->password_hash ?? '';

From 3188b09311842ff29f81bc13e5b78c0145779bf6 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 26 Sep 2022 10:04:42 +0900
Subject: [PATCH 172/193] docs: add @property

---
 src/Entities/UserIdentity.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Entities/UserIdentity.php b/src/Entities/UserIdentity.php
index 5b854b03d..193b7800c 100644
--- a/src/Entities/UserIdentity.php
+++ b/src/Entities/UserIdentity.php
@@ -21,7 +21,9 @@
  * though a Authenticator may want to enforce only one exists for that
  * user, like a password.
  *
- * @property Time|null $last_used_at
+ * @property Time|null   $last_used_at
+ * @property string|null $secret
+ * @property string|null $secret2
  */
 class UserIdentity extends Entity
 {

From 7cf690556b122a2bed80095ee130078a990319ff Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 26 Sep 2022 10:07:30 +0900
Subject: [PATCH 173/193] test: fix typo

---
 tests/Unit/UserTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/Unit/UserTest.php b/tests/Unit/UserTest.php
index 5154d63be..f6c857b62 100644
--- a/tests/Unit/UserTest.php
+++ b/tests/Unit/UserTest.php
@@ -55,7 +55,7 @@ public function testGetIdentitiesByType(): void
         $this->assertEmpty($this->user->getIdentities('foo'));
     }
 
-    public function testModelfindAllWithIdentities(): void
+    public function testModelFindAllWithIdentities(): void
     {
         fake(UserModel::class);
         fake(UserIdentityModel::class, ['user_id' => $this->user->id, 'type' => 'password']);
@@ -69,7 +69,7 @@ public function testModelfindAllWithIdentities(): void
         $this->assertCount(2, $identities);
     }
 
-    public function testModelfindByIdWithIdentities(): void
+    public function testModelFindByIdWithIdentities(): void
     {
         fake(UserModel::class);
         fake(UserIdentityModel::class, ['user_id' => $this->user->id, 'type' => 'password']);

From f94cd2df26a476ffd675a2288cea21582e296c1d Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 26 Sep 2022 10:15:42 +0900
Subject: [PATCH 174/193] fix: getting identites does not work after calling
 createEmailIdentity()

---
 src/Entities/User.php   |  3 +++
 tests/Unit/UserTest.php | 14 ++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/src/Entities/User.php b/src/Entities/User.php
index 41db67318..e12e4d059 100644
--- a/src/Entities/User.php
+++ b/src/Entities/User.php
@@ -121,6 +121,9 @@ public function createEmailIdentity(array $credentials): void
         $identityModel = model(UserIdentityModel::class);
 
         $identityModel->createEmailIdentity($this, $credentials);
+
+        // Ensure we will reload all identities
+        $this->identities = null;
     }
 
     /**
diff --git a/tests/Unit/UserTest.php b/tests/Unit/UserTest.php
index f6c857b62..2423a8d37 100644
--- a/tests/Unit/UserTest.php
+++ b/tests/Unit/UserTest.php
@@ -216,4 +216,18 @@ public function testUpdatePasswordHash(): void
             'secret2' => $hash,
         ]);
     }
+
+    public function testCreateEmailIdentity(): void
+    {
+        $identity = $this->user->getEmailIdentity();
+        $this->assertNull($identity);
+
+        $this->user->createEmailIdentity([
+            'email'    => 'foo@example.com',
+            'password' => 'passbar',
+        ]);
+
+        $identity = $this->user->getEmailIdentity();
+        $this->assertSame('foo@example.com', $identity->secret);
+    }
 }

From f4daf268b930f301658bcf1c8fb4c4ab7a41d32e Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 26 Sep 2022 10:26:37 +0900
Subject: [PATCH 175/193] test: add test for saveEmailIdentity()

---
 tests/Unit/UserTest.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tests/Unit/UserTest.php b/tests/Unit/UserTest.php
index 2423a8d37..12e4230fb 100644
--- a/tests/Unit/UserTest.php
+++ b/tests/Unit/UserTest.php
@@ -230,4 +230,16 @@ public function testCreateEmailIdentity(): void
         $identity = $this->user->getEmailIdentity();
         $this->assertSame('foo@example.com', $identity->secret);
     }
+
+    public function testSaveEmailIdentity(): void
+    {
+        $hash                      = service('passwords')->hash('passbar');
+        $this->user->email         = 'foo@example.com';
+        $this->user->password_hash = $hash;
+
+        $this->user->saveEmailIdentity();
+
+        $identity = $this->user->getEmailIdentity();
+        $this->assertSame('foo@example.com', $identity->secret);
+    }
 }

From 2ce8b3d6777d7903d49007587fcd2120899219ec Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 26 Sep 2022 10:28:19 +0900
Subject: [PATCH 176/193] style: add empty line

---
 src/Entities/User.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Entities/User.php b/src/Entities/User.php
index e12e4d059..7f104cd31 100644
--- a/src/Entities/User.php
+++ b/src/Entities/User.php
@@ -154,6 +154,7 @@ public function saveEmailIdentity(): bool
                 'email'    => $this->email,
                 'password' => '',
             ]);
+
             $identity = $this->getEmailIdentity();
         }
 

From c82ef36f1a600a96e9f08d9156c5b30c8aa681e9 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 26 Sep 2022 10:29:12 +0900
Subject: [PATCH 177/193] test: add test to save new user and get email
 identity

---
 tests/Unit/UserModelTest.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tests/Unit/UserModelTest.php b/tests/Unit/UserModelTest.php
index 6bfe4a708..c5150142e 100644
--- a/tests/Unit/UserModelTest.php
+++ b/tests/Unit/UserModelTest.php
@@ -62,6 +62,21 @@ public function testInsertUserObject(): void
         ]);
     }
 
+    /**
+     * @see https://github.com/codeigniter4/shield/issues/450
+     */
+    public function testSaveNewUserAndGetEmailIdentity(): void
+    {
+        $users = $this->createUserModel();
+        $user  = $this->createNewUser();
+
+        $users->save($user);
+
+        $identity = $user->getEmailIdentity();
+
+        $this->assertSame('foo@bar.com', $identity->secret);
+    }
+
     /**
      * This test is not correct.
      *

From 2ac86675b6cc86c44f63c048d34a4d8cdbaa12b7 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Mon, 26 Sep 2022 10:30:20 +0900
Subject: [PATCH 178/193] fix: $user->getEmailIdentity() returns null after
 saving new user

Now UserModel does not alter the passed User object state when saving,
but if it is insertion, add the user id to it.
---
 src/Models/UserModel.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
index 7e6c21745..c451b4b59 100644
--- a/src/Models/UserModel.php
+++ b/src/Models/UserModel.php
@@ -225,12 +225,18 @@ public function activate(User $user): void
      */
     public function insert($data = null, bool $returnID = true)
     {
-        $this->tempUser = $data instanceof User ? $data : null;
+        // Clone User object for not changing the passed object.
+        $this->tempUser = $data instanceof User ? clone $data : null;
 
         $result = parent::insert($data, $returnID);
 
         $this->checkQueryReturn($result);
 
+        // Set user id to the passed User object.
+        if ($data instanceof User) {
+            $data->id = $this->insertID;
+        }
+
         return $returnID ? $this->insertID : $result;
     }
 
@@ -245,7 +251,8 @@ public function insert($data = null, bool $returnID = true)
      */
     public function update($id = null, $data = null): bool
     {
-        $this->tempUser = $data instanceof User ? $data : null;
+        // Clone User object for not changing the passed object.
+        $this->tempUser = $data instanceof User ? clone $data : null;
 
         try {
             /** @throws DataException */

From 0a7a40ef468cb973018a7b960e6c0e9b68a2b7e8 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Tue, 27 Sep 2022 10:54:32 +0900
Subject: [PATCH 179/193] fix: improve error message

---
 src/Models/UserIdentityModel.php | 34 +++++++++++++++++++++-----------
 1 file changed, 22 insertions(+), 12 deletions(-)

diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php
index 218c2e3f2..180c828b1 100644
--- a/src/Models/UserIdentityModel.php
+++ b/src/Models/UserIdentityModel.php
@@ -12,6 +12,7 @@
 use CodeIgniter\Shield\Entities\AccessToken;
 use CodeIgniter\Shield\Entities\User;
 use CodeIgniter\Shield\Entities\UserIdentity;
+use CodeIgniter\Shield\Exceptions\LogicException;
 use Faker\Generator;
 
 class UserIdentityModel extends Model
@@ -59,7 +60,7 @@ public function create($data): void
      */
     public function createEmailIdentity(User $user, array $credentials): void
     {
-        assert($user->id !== null, '"$user->id" must not be null.');
+        $this->checkUserId($user);
 
         /** @var Passwords $passwords */
         $passwords = service('passwords');
@@ -74,6 +75,15 @@ public function createEmailIdentity(User $user, array $credentials): void
         $this->checkQueryReturn($return);
     }
 
+    private function checkUserId(User $user): void
+    {
+        if ($user->id === null) {
+            throw new LogicException(
+                '"$user->id" is null. You should not use the incomplete User object.'
+            );
+        }
+    }
+
     /**
      * Create an identity with 6 digits code for auth action
      *
@@ -87,7 +97,7 @@ public function createCodeIdentity(
         array $data,
         callable $codeGenerator
     ): string {
-        assert($user->id !== null, '"$user->id" must not be null.');
+        $this->checkUserId($user);
 
         helper('text');
 
@@ -122,7 +132,7 @@ public function createCodeIdentity(
      */
     public function generateAccessToken(User $user, string $name, array $scopes = ['*']): AccessToken
     {
-        assert($user->id !== null, '"$user->id" must not be null.');
+        $this->checkUserId($user);
 
         helper('text');
 
@@ -157,7 +167,7 @@ public function getAccessTokenByRawToken(string $rawToken): ?AccessToken
 
     public function getAccessToken(User $user, string $rawToken): ?AccessToken
     {
-        assert($user->id !== null, '"$user->id" must not be null.');
+        $this->checkUserId($user);
 
         return $this->where('user_id', $user->id)
             ->where('type', AccessTokens::ID_TYPE_ACCESS_TOKEN)
@@ -173,7 +183,7 @@ public function getAccessToken(User $user, string $rawToken): ?AccessToken
      */
     public function getAccessTokenById($id, User $user): ?AccessToken
     {
-        assert($user->id !== null, '"$user->id" must not be null.');
+        $this->checkUserId($user);
 
         return $this->where('user_id', $user->id)
             ->where('type', AccessTokens::ID_TYPE_ACCESS_TOKEN)
@@ -187,7 +197,7 @@ public function getAccessTokenById($id, User $user): ?AccessToken
      */
     public function getAllAccessTokens(User $user): array
     {
-        assert($user->id !== null, '"$user->id" must not be null.');
+        $this->checkUserId($user);
 
         return $this
             ->where('user_id', $user->id)
@@ -218,7 +228,7 @@ public function getIdentityBySecret(string $type, ?string $secret): ?UserIdentit
      */
     public function getIdentities(User $user): array
     {
-        assert($user->id !== null, '"$user->id" must not be null.');
+        $this->checkUserId($user);
 
         return $this->where('user_id', $user->id)->orderBy($this->primaryKey)->findAll();
     }
@@ -238,7 +248,7 @@ public function getIdentitiesByUserIds(array $userIds): array
      */
     public function getIdentityByType(User $user, string $type): ?UserIdentity
     {
-        assert($user->id !== null, '"$user->id" must not be null.');
+        $this->checkUserId($user);
 
         return $this->where('user_id', $user->id)
             ->where('type', $type)
@@ -255,7 +265,7 @@ public function getIdentityByType(User $user, string $type): ?UserIdentity
      */
     public function getIdentitiesByTypes(User $user, array $types): array
     {
-        assert($user->id !== null, '"$user->id" must not be null.');
+        $this->checkUserId($user);
 
         if ($types === []) {
             return [];
@@ -281,7 +291,7 @@ public function touchIdentity(UserIdentity $identity): void
 
     public function deleteIdentitiesByType(User $user, string $type): void
     {
-        assert($user->id !== null, '"$user->id" must not be null.');
+        $this->checkUserId($user);
 
         $return = $this->where('user_id', $user->id)
             ->where('type', $type)
@@ -295,7 +305,7 @@ public function deleteIdentitiesByType(User $user, string $type): void
      */
     public function revokeAccessToken(User $user, string $rawToken): void
     {
-        assert($user->id !== null, '"$user->id" must not be null.');
+        $this->checkUserId($user);
 
         $return = $this->where('user_id', $user->id)
             ->where('type', AccessTokens::ID_TYPE_ACCESS_TOKEN)
@@ -310,7 +320,7 @@ public function revokeAccessToken(User $user, string $rawToken): void
      */
     public function revokeAllAccessTokens(User $user): void
     {
-        assert($user->id !== null, '"$user->id" must not be null.');
+        $this->checkUserId($user);
 
         $return = $this->where('user_id', $user->id)
             ->where('type', AccessTokens::ID_TYPE_ACCESS_TOKEN)

From 691a59f9389b43b6bb8bd488872050cc0f29c7ad Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Tue, 27 Sep 2022 11:00:50 +0900
Subject: [PATCH 180/193] fix: remove logic to set user id in the passed User
 object

Modifying the object gives the false impression of database equivalency.
We have no created/updated timestamps, or other fields coming from the database,
or effects of stored procedures and field defaults.
---
 src/Models/UserModel.php     | 5 -----
 tests/Unit/UserModelTest.php | 8 +++++---
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php
index c451b4b59..fe095a815 100644
--- a/src/Models/UserModel.php
+++ b/src/Models/UserModel.php
@@ -232,11 +232,6 @@ public function insert($data = null, bool $returnID = true)
 
         $this->checkQueryReturn($result);
 
-        // Set user id to the passed User object.
-        if ($data instanceof User) {
-            $data->id = $this->insertID;
-        }
-
         return $returnID ? $this->insertID : $result;
     }
 
diff --git a/tests/Unit/UserModelTest.php b/tests/Unit/UserModelTest.php
index c5150142e..8258035aa 100644
--- a/tests/Unit/UserModelTest.php
+++ b/tests/Unit/UserModelTest.php
@@ -5,6 +5,7 @@
 namespace Tests\Unit;
 
 use CodeIgniter\Shield\Entities\User;
+use CodeIgniter\Shield\Exceptions\LogicException;
 use CodeIgniter\Shield\Models\UserModel;
 use CodeIgniter\Test\DatabaseTestTrait;
 use Tests\Support\TestCase;
@@ -67,14 +68,15 @@ public function testInsertUserObject(): void
      */
     public function testSaveNewUserAndGetEmailIdentity(): void
     {
+        $this->expectException(LogicException::class);
+        $this->expectExceptionMessage('"$user->id" is null. You should not use the incomplete User object.');
+
         $users = $this->createUserModel();
         $user  = $this->createNewUser();
 
         $users->save($user);
 
-        $identity = $user->getEmailIdentity();
-
-        $this->assertSame('foo@bar.com', $identity->secret);
+        $user->getEmailIdentity();
     }
 
     /**

From 548c490cbc246c5573f589450cc47d4b1be678da Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>
Date: Tue, 27 Sep 2022 18:19:04 +0330
Subject: [PATCH 181/193] docs: use `\` for it is treated as a fully qualified
 class

Co-authored-by: kenjis <kenji.uui@gmail.com>
---
 docs/guides/mobile_apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/mobile_apps.md b/docs/guides/mobile_apps.md
index 051ef2dd1..c3c21eca2 100644
--- a/docs/guides/mobile_apps.md
+++ b/docs/guides/mobile_apps.md
@@ -11,7 +11,7 @@ Start by creating a route that would handle the request from the login screen on
 ```php
 
 // Routes.php
-$routes->post('auth/token', 'App\Controllers\Auth\LoginController::mobileLogin');
+$routes->post('auth/token', '\App\Controllers\Auth\LoginController::mobileLogin');
 
 // LoginController.php
 namespace App\Controllers\Auth;

From 472dbba59bb7fb44f6e511d3821b739b039514c5 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 1 Oct 2022 01:47:08 +0330
Subject: [PATCH 182/193] docs: fix route for 'BaseController'

---
 docs/guides/mobile_apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/mobile_apps.md b/docs/guides/mobile_apps.md
index c76d296cd..4f8f6829f 100644
--- a/docs/guides/mobile_apps.md
+++ b/docs/guides/mobile_apps.md
@@ -16,7 +16,7 @@ $routes->post('auth/token', '\App\Controllers\Auth\LoginController::mobileLogin'
 // LoginController.php
 namespace App\Controllers\Auth;
 
-use CodeIgniter\Controllers\BaseController;
+use App\Controllers\BaseController;
 
 class LoginController extends BaseController
 {

From e3868dc889a602bf9bb351161992e4f325224a22 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 1 Oct 2022 17:29:31 +0330
Subject: [PATCH 183/193] refactor: remove unnecessary auth helper of
 `ActionController`

---
 src/Controllers/ActionController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controllers/ActionController.php b/src/Controllers/ActionController.php
index be43a87d8..805df0b88 100644
--- a/src/Controllers/ActionController.php
+++ b/src/Controllers/ActionController.php
@@ -18,7 +18,7 @@
 class ActionController extends BaseController
 {
     protected ?ActionInterface $action = null;
-    protected $helpers                 = ['auth', 'setting'];
+    protected $helpers                 = ['setting'];
 
     /**
      * Perform an initial check if we have a valid action or not.

From 05d2c80b139fe15c625929ec5fbd27c738401f4f Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sun, 2 Oct 2022 05:00:47 +0330
Subject: [PATCH 184/193] refactor: remove double instance of
 `auth('session')->getAuthenticator()`

---
 src/Controllers/LoginController.php | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
index 81e2c6019..f7c9248fa 100644
--- a/src/Controllers/LoginController.php
+++ b/src/Controllers/LoginController.php
@@ -61,9 +61,6 @@ public function loginAction(): RedirectResponse
             return redirect()->route('login')->withInput()->with('error', $result->reason());
         }
 
-        /** @var Session $authenticator */
-        $authenticator = auth('session')->getAuthenticator();
-
         // If an action has been defined for login, start it up.
         if ($authenticator->hasAction()) {
             return redirect()->route('auth-action-show')->withCookies();

From acb370104d002dffa01ec633cc97b923bb68286a Mon Sep 17 00:00:00 2001
From: Samuel Asor <sammyskills@gmail.com>
Date: Sun, 2 Oct 2022 15:43:36 +0100
Subject: [PATCH 185/193] Removed unnecessary ending form tag from
 magic_link_message

---
 src/Views/magic_link_message.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/Views/magic_link_message.php b/src/Views/magic_link_message.php
index 59e63ee47..0855272f3 100644
--- a/src/Views/magic_link_message.php
+++ b/src/Views/magic_link_message.php
@@ -12,8 +12,6 @@
             <p><b><?= lang('Auth.checkYourEmail') ?></b></p>
 
             <p><?= lang('Auth.magicLinkDetails', [setting('Auth.magicLinkLifetime') / 60]) ?></p>
-
-            </form>
         </div>
     </div>
 </div>

From 319739a655177e1491fd7c5741824a3c093e503a Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Tue, 4 Oct 2022 18:18:34 +0330
Subject: [PATCH 186/193] fix: property for `$last_used_at`

---
 src/Entities/AccessToken.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Entities/AccessToken.php b/src/Entities/AccessToken.php
index efdfe9f6a..c9e40af41 100644
--- a/src/Entities/AccessToken.php
+++ b/src/Entities/AccessToken.php
@@ -13,7 +13,7 @@
  * Represents a single Personal Access Token, used
  * for authenticating users for an API.
  *
- * @property Time|null $last_used_at
+ * @property Time|null|string $last_used_at
  */
 class AccessToken extends Entity
 {

From 3bb2303795b7413f7e328e073a30b13ca1cbd905 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Tue, 4 Oct 2022 18:19:55 +0330
Subject: [PATCH 187/193] fix: property for `$last_used_at`

---
 src/Entities/UserIdentity.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Entities/UserIdentity.php b/src/Entities/UserIdentity.php
index 193b7800c..03e704645 100644
--- a/src/Entities/UserIdentity.php
+++ b/src/Entities/UserIdentity.php
@@ -21,7 +21,7 @@
  * though a Authenticator may want to enforce only one exists for that
  * user, like a password.
  *
- * @property Time|null   $last_used_at
+ * @property Time|null|string   $last_used_at
  * @property string|null $secret
  * @property string|null $secret2
  */

From 97fb3e5ac94beeab630a7f93afc2c60e1a532d94 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Tue, 4 Oct 2022 18:39:29 +0330
Subject: [PATCH 188/193] style: run cs-fix

---
 src/Entities/AccessToken.php  | 2 +-
 src/Entities/UserIdentity.php | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Entities/AccessToken.php b/src/Entities/AccessToken.php
index c9e40af41..6f81a3b3b 100644
--- a/src/Entities/AccessToken.php
+++ b/src/Entities/AccessToken.php
@@ -13,7 +13,7 @@
  * Represents a single Personal Access Token, used
  * for authenticating users for an API.
  *
- * @property Time|null|string $last_used_at
+ * @property string|Time|null $last_used_at
  */
 class AccessToken extends Entity
 {
diff --git a/src/Entities/UserIdentity.php b/src/Entities/UserIdentity.php
index 03e704645..31ab3e249 100644
--- a/src/Entities/UserIdentity.php
+++ b/src/Entities/UserIdentity.php
@@ -21,9 +21,9 @@
  * though a Authenticator may want to enforce only one exists for that
  * user, like a password.
  *
- * @property Time|null|string   $last_used_at
- * @property string|null $secret
- * @property string|null $secret2
+ * @property string|Time|null $last_used_at
+ * @property string|null      $secret
+ * @property string|null      $secret2
  */
 class UserIdentity extends Entity
 {

From a8c8961e4e3479000901ffb36651a3df2f98dfa4 Mon Sep 17 00:00:00 2001
From: iamsyh <syhaider@outlook.com>
Date: Wed, 5 Oct 2022 05:08:08 +0500
Subject: [PATCH 189/193] fixed typo

---
 docs/install.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/install.md b/docs/install.md
index a69a55943..7f0b1743e 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -23,7 +23,7 @@ These instructions assume that you have already [installed the CodeIgniter 4 app
 ## Composer Installation
 
 Installation is done through [Composer](https://getcomposer.org). The example assumes you have it installed globally.
-If you have it installed as a phar, or othewise you will need to adjust the way you call composer itself.
+If you have it installed as a phar, or otherwise you will need to adjust the way you call composer itself.
 
 ```
 > composer require codeigniter4/shield

From 6bd044f1ba0539d288db44e9dd37d491393bfc15 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Wed, 5 Oct 2022 15:22:07 +0900
Subject: [PATCH 190/193] docs: update links to GA pages

---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 0057a712c..a46515bdd 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
 # CodeIgniter Shield
 
-[![Unit Tests](https://github.com/codeigniter4/shield/workflows/PHPUnit/badge.svg)](https://github.com/codeigniter4/shield/actions/workflows/test.yml)
-[![Static Analysis](https://github.com/codeigniter4/shield/workflows/PHPStan/badge.svg)](https://github.com/codeigniter4/shield/actions/workflows/analyze.yml)
-[![Architecture](https://github.com/codeigniter4/shield/workflows/Deptrac/badge.svg)](https://github.com/codeigniter4/shield/actions/workflows/inspect.yml)
+[![Unit Tests](https://github.com/codeigniter4/shield/workflows/PHPUnit/badge.svg)](https://github.com/codeigniter4/shield/actions/workflows/phpunit.yml)
+[![Static Analysis](https://github.com/codeigniter4/shield/workflows/PHPStan/badge.svg)](https://github.com/codeigniter4/shield/actions/workflows/phpstan.yml)
+[![Architecture](https://github.com/codeigniter4/shield/workflows/Deptrac/badge.svg)](https://github.com/codeigniter4/shield/actions/workflows/deptrac.yml)
 [![Coverage Status](https://coveralls.io/repos/github/codeigniter4/shield/badge.svg?branch=develop)](https://coveralls.io/github/codeigniter4/shield?branch=develop)
 
 Shield is an authentication and authorization framework for CodeIgniter 4. While it does provide a base set of tools

From 2660b3712a70767a2f29850e874a6f522754e054 Mon Sep 17 00:00:00 2001
From: kenjis <kenji.uui@gmail.com>
Date: Fri, 21 Oct 2022 16:22:40 +0900
Subject: [PATCH 191/193] style: composer cs-fix

---
 tests/Authentication/MagicLinkTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/Authentication/MagicLinkTest.php b/tests/Authentication/MagicLinkTest.php
index 27e37926f..2be743ac7 100644
--- a/tests/Authentication/MagicLinkTest.php
+++ b/tests/Authentication/MagicLinkTest.php
@@ -110,7 +110,7 @@ public function testMagicLinkVerifyExpired(): void
             'expires' => Time::now()->subDays(5),
         ]);
 
-        $result = $this->get(route_to('verify-magic-link') . '?token=' . 'abasdasdf');
+        $result = $this->get(route_to('verify-magic-link') . '?token=abasdasdf');
 
         $result->assertRedirectTo(route_to('magic-link'));
         $result->assertSessionHas('error', lang('Auth.magicLinkExpired'));
@@ -132,7 +132,7 @@ public function testMagicLinkVerifySuccess(): void
             'expires' => Time::now()->addMinutes(60),
         ]);
 
-        $result = $this->get(route_to('verify-magic-link') . '?token=' . 'abasdasdf');
+        $result = $this->get(route_to('verify-magic-link') . '?token=abasdasdf');
 
         $result->assertRedirectTo(site_url());
         $result->assertSessionHas('user', ['id' => $user->id]);

From 41cb64de6dbff915c294322c38bf4c57d6d42244 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <Pooya_parsa_dadashi@yahoo.com>
Date: Sat, 29 Oct 2022 05:53:56 +0330
Subject: [PATCH 192/193] docs: add `auth*` to except list

---
 docs/install.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/install.md b/docs/install.md
index 7f0b1743e..1642e48ab 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -152,7 +152,7 @@ If you want to limit all routes (e.g. `localhost:8080/admin`, `localhost:8080/pa
 public $globals = [
     'before' => [
         // ...
-        'session' => ['except' => ['login*', 'register*']],
+        'session' => ['except' => ['login*', 'register*', 'auth*']],
     ],
     // ...
 ];

From f5a3a05a95749e0d61efc36b76573bcafde3fc55 Mon Sep 17 00:00:00 2001
From: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>
Date: Sun, 30 Oct 2022 19:41:12 +0330
Subject: [PATCH 193/193] docs: add just shield auth routes

Co-authored-by: kenjis <kenji.uui@gmail.com>
---
 docs/install.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/install.md b/docs/install.md
index 1642e48ab..3d0531ea0 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -152,7 +152,7 @@ If you want to limit all routes (e.g. `localhost:8080/admin`, `localhost:8080/pa
 public $globals = [
     'before' => [
         // ...
-        'session' => ['except' => ['login*', 'register*', 'auth*']],
+        'session' => ['except' => ['login*', 'register', 'auth/a/*']],
     ],
     // ...
 ];