Initial Commit

Author: claudiodekker

packages/core/.github/workflows/app-tests.yml

@@ -0,0 +1,90 @@
+name: App Tests
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        php: [ 8.1 ]
+        laravel: [ 9 ]
+        stability: [ 'prefer-lowest', 'prefer-stable' ]
+        adapter: [ 'bladebones' ]
+        variants: [
+          '',
+          '--without-rate-limiting',
+          '--kind username-based',
+          '--kind username-based --without-rate-limiting'
+        ]
+
+    name: PHP ${{ matrix.php }} - Laravel ${{ matrix.laravel }} ${{ matrix.variants }} (w/ ${{ matrix.stability }})
+    steps:
+      - name: Determine latest release version
+        run: |
+          LATEST_RELEASE=`curl --silent -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest"`
+          LATEST_TAG_NAME=`echo $LATEST_RELEASE | jq -r '.tag_name // "v0.1.0"'`
+          echo "LATEST_RELEASE_VERSION=${LATEST_TAG_NAME}" >> $GITHUB_ENV
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          path: ./package
+
+      - name: Switch to predictable branch name (for Composer dev-branch versioning)
+        run: git checkout -b gh-actions-predictable-composer-branch
+        working-directory: ./package
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: dom, curl, libxml, mbstring, zip
+          ini-values: error_reporting=E_ALL
+          tools: composer:v2
+          coverage: none
+
+      - name: Create Laravel Project
+        uses: nick-fields/retry@v2
+        with:
+          timeout_minutes: 5
+          max_attempts: 5
+          command: composer create-project laravel/laravel app "${{ matrix.laravel }}.x" --remove-vcs --prefer-dist --no-interaction
+
+      - name: Set Laravel Environment
+        run: |
+          sed -i "s/APP_DEBUG=.*/APP_DEBUG=true/" .env
+          sed -i "s/DB_PASSWORD=.*/DB_PASSWORD=secret/" .env
+        working-directory: ./app
+
+      - name: Install Package
+        run: |
+          composer config repositories.package path ../package
+          composer require "claudiodekker/laravel-auth:dev-gh-actions-predictable-composer-branch as ${{ env.LATEST_RELEASE_VERSION }}" claudiodekker/laravel-auth-${{ matrix.adapter }} --${{ matrix.stability }}
+        working-directory: ./app
+
+      - name: Generate Auth Scaffolding
+        run: php artisan auth:generate --yes ${{ matrix.variants }}
+        working-directory: ./app
+
+      - name: Migrate Database
+        run: php artisan migrate
+        working-directory: ./app
+
+      - name: Execute tests
+        run: vendor/bin/phpunit
+        working-directory: ./app
+
+    services:
+      mysql:
+        image: 'mysql:5.7'
+        ports:
+          - 3306:3306
+        env:
+          MYSQL_DATABASE: laravel
+          MYSQL_ROOT_PASSWORD: secret

packages/core/.github/workflows/dependabot-auto-merge.yml

@@ -0,0 +1,32 @@
+name: dependabot-auto-merge
+
+on: pull_request_target
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1.3.5
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Auto-merge Dependabot PRs for semver-minor updates
+        if: ${{steps.metadata.outputs.update-type == 'version-update:semver-minor'}}
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Auto-merge Dependabot PRs for semver-patch updates
+        if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

packages/core/.github/workflows/fix-styling.yml

@@ -0,0 +1,25 @@
+name: Check & fix styling
+
+on: push
+
+jobs:
+  laravel-pint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.1'
+          tools: pint
+
+      - name: Run Laravel Pint
+        run: pint --preset laravel
+
+      - name: Commit changes
+        uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          commit_message: Fix styling

packages/core/.github/workflows/package-tests.yml

@@ -0,0 +1,51 @@
+name: Package Tests
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        php: [ 8.1 ]
+        laravel: [ 9 ]
+        stability: [ 'prefer-lowest', 'prefer-stable' ]
+
+    name: PHP ${{ matrix.php }} - Laravel ${{ matrix.laravel }} (w/ ${{ matrix.stability }})
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: dom, curl, libxml, mbstring, zip
+          ini-values: error_reporting=E_ALL
+          tools: composer:v2
+          coverage: none
+
+      - name: Set Minimum PHP 8.1 Versions
+        uses: nick-fields/retry@v2
+        with:
+          timeout_minutes: 5
+          max_attempts: 5
+          command: |
+            composer require phpunit/phpunit:^9.5.8 --dev --${{ matrix.stability }} --no-update --no-interaction
+            composer require vlucas/phpdotenv:^5.3.1 --${{ matrix.stability }} --no-update --no-interaction
+        if: matrix.php >= 8.1 && matrix.stability == 'prefer-lowest'
+
+      - name: Install dependencies
+        uses: nick-fields/retry@v2
+        with:
+          timeout_minutes: 5
+          max_attempts: 5
+          command: composer update --${{ matrix.stability }} --no-interaction
+
+      - name: Execute tests
+        run: vendor/bin/phpunit

packages/core/.gitignore

@@ -0,0 +1,6 @@
+/.idea
+/.vscode
+/vendor
+.php-cs-fixer.cache
+.php-cs-fixer.php
+.phpunit.result.cache

packages/core/CHANGELOG.md

@@ -0,0 +1,14 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased](https://github.com/claudiodekker/laravel-auth/compare/v0.1.0...HEAD)
+
+## [v0.1.0](https://github.com/claudiodekker/laravel-auth/releases/tag/v0.1.0) - 2022-11-30
+
+### Added
+
+- Initial release

packages/core/CONTRIBUTING.md

@@ -0,0 +1,55 @@
+# Contributing
+
+Contributions are **welcome** and will be fully **credited**.
+
+Please read and understand the contribution guide before creating an issue or pull request.
+
+## Etiquette
+
+This project is open source, and as such, the maintainers give their free time to build and maintain the source code
+held within. They make the code freely available in the hope that it will be of use to other developers. It would be
+extremely unfair for them to suffer abuse or anger for their hard work.
+
+Please be considerate towards maintainers when raising issues or presenting pull requests. Let's show the
+world that developers are civilized and selfless people.
+
+It's the duty of the maintainer to ensure that all submissions to the project are of sufficient
+quality to benefit the project. Many developers have different skillsets, strengths, and weaknesses. Respect the maintainer's decision, and do not be upset or abusive if your submission is not used.
+
+## Viability
+
+When requesting or submitting new features, first consider whether it might be useful to others. Open
+source projects are used by many developers, who may have entirely different needs to your own. Think about
+whether or not your feature is likely to be used by other users of the project.
+
+## Procedure
+
+Before filing an issue:
+
+- Attempt to replicate the problem, to ensure that it wasn't a coincidental incident.
+- Check to make sure your feature suggestion isn't already present within the project.
+- Check the pull requests tab to ensure that the bug doesn't have a fix in progress.
+- Check the pull requests tab to ensure that the feature isn't already in progress.
+
+Before submitting a pull request:
+
+- Check the codebase to ensure that your feature doesn't already exist.
+- Check the pull requests to ensure that another person hasn't already submitted the feature or fix.
+
+## Requirements
+
+If the project maintainer has any additional requirements, you will find them listed here.
+
+- **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](http://pear.php.net/package/PHP_CodeSniffer).
+
+- **Add tests!** - Your patch won't be accepted if it doesn't have tests.
+
+- **Document any change in behaviour** - Make sure the `README.md` and any other relevant documentation are kept up-to-date.
+
+- **Consider our release cycle** - We try to follow [SemVer v2.0.0](http://semver.org/). Randomly breaking public APIs is not an option.
+
+- **One pull request per feature** - If you want to do more than one thing, send multiple pull requests.
+
+- **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please [squash them](http://www.git-scm.com/book/en/v2/Git-Tools-Rewriting-History#Changing-Multiple-Commit-Messages) before submitting.
+
+**Happy coding**!

packages/core/LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Claudio Dekker
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

packages/core/README.md

@@ -0,0 +1,65 @@
+# Laravel Auth (Core)
+Rich authentication logic for your Laravel applications; not intended for direct use.
+
+[![Latest Version on Packagist](https://img.shields.io/packagist/v/claudiodekker/laravel-auth.svg?style=flat-square)](https://packagist.org/packages/claudiodekker/laravel-auth)
+[![GitHub App Tests Action Status](https://github.com/claudiodekker/laravel-auth/actions/workflows/app-tests.yml/badge.svg)](https://github.com/claudiodekker/laravel-auth/actions/workflows/app-tests.yml)
+[![Github Package Tests Action Status](https://github.com/claudiodekker/laravel-auth/actions/workflows/package-tests.yml/badge.svg)](https://github.com/claudiodekker/laravel-auth/actions/workflows/package-tests.yml)
+[![GitHub Code Style Action Status](https://img.shields.io/github/workflow/status/claudiodekker/laravel-auth/Check%20&%20fix%20styling?label=code%20style)](https://github.com/claudiodekker/laravel-auth/actions?query=workflow%3A"Check+%26+fix+styling"+branch%3Amaster)
+[![Code Quality Score](https://img.shields.io/scrutinizer/g/claudiodekker/laravel-auth.svg?style=flat-square)](https://scrutinizer-ci.com/g/claudiodekker/laravel-auth)
+[![Total Downloads](https://img.shields.io/packagist/dt/claudiodekker/laravel-auth.svg?style=flat-square)](https://packagist.org/packages/claudiodekker/laravel-auth)
+
+These days, most (web)applications no longer have just a simple username-password login form; they require you to think about password strength, two-factor authentication,
+the ability to recover your account with all of this set up, and as of more recently even the ability to log in without any password at all, using Passkeys.
+It goes without saying, that it takes a lot of effort to implement authentication yourself, and especially so if you want to do it in a way that is secure and easy to maintain.
+
+### What in the box?
+
+This package holds all the core authentication logic that's [used by adapter packages](#adapters--usage),
+with the exception of the scaffolding that ends up getting installed into your application:
+
+- Basic email-password or username-password based authentication.
+- Passkey-based ("passwordless") authentication.
+- Two factor authentication for password-based users (TOTP, Security Keys).
+- Email verification, either directly after registration or manually.
+- Sudo-mode, allowing the user to temporarily elevate their privileges and perform sensitive actions.
+- Account recovery (requires the generation of recovery codes).
+- A rich set of authentication events, such as `MultiFactorChallenged`, `AccountRecoveryFailed`, etc.
+
+## Adapters & Usage
+
+To use this authentication library, you'll want to install an adapter package instead, which all use this library as an internal dependency.
+Here are some of the available adapters:
+
+- [Laravel Auth Bladebones](https://github.com/claudiodekker/laravel-auth-bladebones)
+- Laravel Auth Blade (coming soon, includes Tailwind themed views)
+- Laravel Auth Inertia (coming soon, includes Tailwind themed views)
+
+### Creating your own adapter package
+
+If you're looking to develop your own adapter, we recommend using the [Bladebones adapter (template)](https://github.com/claudiodekker/laravel-auth-bladebones)
+repository as a starting point, as it already contains all the necessary scaffolding in it's most barebones form (hence the name).
+
+## Testing
+
+``` bash
+composer test
+```
+
+## Changelog
+
+Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently.
+
+## Contributing
+
+Please see [CONTRIBUTING](CONTRIBUTING.md) for details.
+
+## Security
+
+If you discover any security related issues, please email claudio@ubient.net instead of using the issue tracker.
+
+This way, we can safely discuss and resolve the issue (within a reasonable timeframe), without exposing users to the unnecessary additional risk.
+Once the issue is fixed and a new version is released, we'll make sure to credit you for your contribution (unless you wish to remain anonymous).
+
+## License
+
+The MIT License (MIT). Please see [License File](LICENSE.md) for more information.