Issue #344: Major refactoring

.gitattributes

@@ -4,5 +4,6 @@
 *.jpeg binary
 *.svg binary
 *.md diff=markdown
+*.ttf export-ignore
 *.woff export-ignore
 *.woff2 export-ignore

README.md

@@ -31,8 +31,8 @@ Documentation is available at: https://docs.dotkernel.org/admin-documentation/
 
 ## Tools
 
-Dotkernel can be installed through a single command that utilizes [Composer](https://getcomposer.org/). Because of that,
-Composer is required to install Dotkernel `admin`.
+Dotkernel can be installed through a single command that utilizes [Composer](https://getcomposer.org/).
+Because of that, Composer is required to install Dotkernel Admin.
 
 ### Composer
 
@@ -41,24 +41,23 @@ Installation instructions:
 - [Composer Installation - Linux/Unix/OSX](https://getcomposer.org/doc/00-intro.md#installation-linux-unix-osx)
 - [Composer Installation - Windows](https://getcomposer.org/doc/00-intro.md#installation-windows)
 
->If you have never used composer before make sure you read
->the [`Composer Basic Usage`](https://getcomposer.org/doc/01-basic-usage.md) section in Composer's documentation
+> If you have never used composer before make sure you read the [`Composer Basic Usage`](https://getcomposer.org/doc/01-basic-usage.md) section in Composer's documentation.
 
-## Choosing an installation path for Dotkernel `admin`
+## Choosing an installation path for Dotkernel Admin
 
 Example:
 
 - absolute path `/var/www/dk-admin`
 - or relative path `dk-admin` (equivalent with `./dk-admin`)
 
-## Installing Dotkernel `admin`
+## Installing Dotkernel Admin
 
 After choosing the path for Dotkernel (`dk-admin` will be used for the remainder of this example) it must be installed.
 There are two installation methods.
 
-### I. Installing Dotkernel `admin` using composer
+### I. Installing Dotkernel Admin using Composer
 
->please use the below CLI commands in terminal, do NOT use the PhpStorm buttons
+> please use the below CLI commands in terminal, do NOT use the PhpStorm buttons
 
 The advantage of using this command is that it runs through the whole installation process. Run the following command:
 
@@ -72,23 +71,24 @@ The setup script prompts for some configuration settings, for example the lines
 
 ```text
 Please select which config file you wish to inject 'Laminas\Diactoros\ConfigProvider' into:
-      [0] Do not inject
-      [1] config/config.php
-      Make your selection (default is 1):
+  [0] Do not inject
+  [1] config/config.php
+  Make your selection (default is 1):
 ```
 
-Simply select `[0] Do not inject`, because Dotkernel includes its own configProvider which already contains the prompted
-configurations.
+Simply select `[0] Do not inject`, because Dotkernel includes its own configProvider which already contains the prompted configurations.
 
-If you choose `[1] config/config.php` Laminas's `ConfigProvider` from `session` will be injected.
+If you choose `[1] config/config.php` Laminas' `ConfigProvider` from `session` will be injected.
 
 The next question is:
 
-`Remember this option for other packages of the same type? (y/N)`
+```shell
+Remember this option for other packages of the same type? (y/N)
+```
 
-Type `y` here, and hit `enter`
+Type `y` here, and hit `Enter`.
 
-### II. Installing Dotkernel `admin` using git clone
+### II. Installing Dotkernel Admin using git clone
 
 This method requires more manual input, but it ensures that the default branch is installed, even if it is not released.
 Run the following command:
@@ -103,85 +103,83 @@ The dependencies have to be installed separately, by running this command
 composer install
 ```
 
-Just like for `II Installing Dotkernel admin using composer` (see above), the setup asks for configuration settings
-regarding injections (type `0` and hit `enter`) and a confirmation to use this setting for other packages (type `y` and
-hit `enter`)
+Just like when [Installing Dotkernel admin using Composer](#i-installing-dotkernel-admin-using-composer), the setup asks for configuration settings regarding injections (type `0` and hit `enter`) and the confirmation to use this setting for other packages (type `y` and hit `Enter`).
 
 ## Configuration - First Run
 
 - Remove the `.dist` extension from the files `config/autoload/local.php.dist`
 - Edit `config/autoload/local.php` according to your dev machine and fill in the `database` configuration
 
+> Charset recommendation: utf8mb4_general_ci
+
 Run the migrations and seeds with these commands:
 
 ```shell
-php bin/doctrine-migrations migrate
+php ./bin/doctrine-migrations migrate
 ```
 
 ```shell
-php bin/doctrine fixtures:execute
+php ./bin/doctrine fixtures:execute
 ```
 
-- If you use `composer create-project`, the project will go into development mode automatically after installing. The
-  development mode status can be checked and toggled by using these composer commands:
+- If you use `composer create-project`, the project will go into development mode automatically after installing.
 
-You can check if you have development mode enabled by running:
+The development mode status can be checked and toggled by using the below Composer commands:
+
+Check development status by running:
 
 ```shell
 composer development-status
 ```
 
-You can enable development mode by running:
+Enable development mode by running:
 
 ```shell
 composer development-enable
 ```
 
-You can disable development mode by running:
+Disable development mode by running:
 
 ```shell
 composer development-disable
 ```
 
 - If not already done on installation, remove the `.dist` extension from `config/autoload/development.global.php.dist`.
-  This will enable dev mode by turning debug flag to `true` and turning configuration caching to `off`. It will also
-  make sure that any existing config cache is cleared.
 
-> Charset recommendation: utf8mb4_general_ci
+This will enable dev mode by turning debug flag to `true` and turning configuration caching to `off`.
+It will also make sure that any existing config cache is cleared.
 
 ## Manage GeoLite2 database
 
 You can download/update a specific GeoLite2 database, by running the following command:
 
 ```shell
-php bin/cli.php geoip:synchronize -d {DATABASE}
+php ./bin/cli.php geoip:synchronize -d {DATABASE}
 ```
 
 Where _{DATABASE}_ takes one of the following values: `asn`, `city`, `country`.
 
 You can download/update all GeoLite2 databases at once, by running the following command:
 
 ```shell
-php bin/cli.php geoip:synchronize
+php ./bin/cli.php geoip:synchronize
 ```
 
-The output should be similar to the below, displaying per
-row: `database identifier`: `previous build datetime` -> `current build datetime`.
+The output should be similar to the below, displaying per row:
 
-> asn: n/a -> 2021-07-01 02:09:34
->
-> city: n/a -> 2021-07-01 02:09:20
->
-> country: n/a -> 2021-07-01 02:05:12
+```shell
+asn: n/a -> 2015-10-21 04:29:00
+city: n/a -> 2015-10-21 04:29:00
+country: n/a -> 2015-10-21 04:29:00
+```
 
 Get help for this command by running:
 
 ```shell
-php bin/cli.php help geoip:synchronize
+php ./bin/cli.php help geoip:synchronize
 ```
 
-**Tip**: If you setup the synchronizer command as a cronjob, you can add the `-q|--quiet` option, and it will output
-data only if an error has occurred.
+> If you set up the synchronizer command as a cronjob, you can add the `-q|--quiet` option, and it will output data only if an error has occurred.
 
 ## NPM Commands
 
@@ -191,8 +189,8 @@ To install dependencies into the `node_modules` directory run this command.
 npm install
 ```
 
-If `npm install` fails, this could be caused by user permissions of npm. Recommendation is to install npm
-through `Node Version Manager`.
+If `npm install` fails, this could be caused by user permissions of npm.
+Recommendation is to install npm through `Node Version Manager`.
 
 The watch command compiles the components then watches the files and recompiles when one of them changes.
 
@@ -208,15 +206,12 @@ npm run prod
 
 ## Authorization Guards
 
-The packages responsible for restricting access to certain parts of the application
-are [dot-rbac-guard](https://github.com/dotkernel/dot-rbac-guard) and [dot-rbac](https://github.com/dotkernel/dot-rbac).
-These packages work together to create an infrastructure that is customizable and diversified to manage user access to
-the platform by specifying the type of role the user has.
+The packages responsible for restricting access to certain parts of the application are [dot-rbac-guard](https://github.com/dotkernel/dot-rbac-guard) and [dot-rbac](https://github.com/dotkernel/dot-rbac).
+These packages work together to create an infrastructure that is customizable and diversified to manage user access to the platform by specifying the type of role the user has.
 
-The `authorization.global.php` file provides multiple configurations specifying multiple roles as well as the types of
-permissions to which these roles have access.
+The `authorization.global.php` file provides multiple configurations specifying multiple roles as well as the types of permissions to which these roles have access.
 
-```text
+```php
   'roles' => [
       'superuser' => [
           'permissions' => [
@@ -235,11 +230,9 @@ permissions to which these roles have access.
   ]
 ```
 
-The `authorization-guards.global.php` file provides configuration to restrict access to certain actions based on the
-permissions defined in `authorization.global.php` so basically we have to add the permissions in the dot-rbac
-configuration file first to specify the action restriction permissions.
+The `authorization-guards.global.php` file provides configuration to restrict access to certain actions based on the permissions defined in `authorization.global.php` so basically we have to add the permissions in the dot-rbac configuration file first to specify the action restriction permissions.
 
-```text
+```php
   'rules' => [
     [
         'route' => 'account',
@@ -264,9 +257,9 @@ configuration file first to specify the action restriction permissions.
   ]
 ```
 
-## Testing (Running)
+## Testing (Running) the application
 
-Note: **Do not enable dev mode in production**
+> **Do not enable dev mode in production**
 
 - Run the following command in your project's directory to start PHPs built-in server:
 
@@ -280,31 +273,27 @@ php -S 0.0.0.0:8080 -t public
 `127.0.0.1` means that the server can only be accessed locally (localhost only)
 `8080` the port on which the server is started (the listening port for the server)
 
-**NOTE:**
-If you are still getting exceptions or errors regarding some missing services, try running the following command
+> If you are still getting exceptions or errors regarding some missing services, try running the following command:
 
 ```shell
-php bin/clear-config-cache.php
+php ./bin/clear-config-cache.php
 ```
 
-> If `config-cache.php` is present that config will be loaded regardless of the `ConfigAggregator::ENABLE_CACHE`
-> in `config/autoload/mezzio.global.php`
+> If `config-cache.php` is present that config will be loaded regardless of the `ConfigAggregator::ENABLE_CACHE` in `config/autoload/mezzio.global.php`
 
 - Open a web browser and visit `http://localhost:8080/`
 
 You should see the `Dotkernel admin` login page.
-
 If you ran the migrations you will have an admin user in the database with the following credentials:
 
 - **User**: `admin`
 - **Password**: `dotadmin`
 
-**NOTE:**
-
-- **Production only**: Make sure you modify the default admin credentials.
-- **Development only**: `session.cookie_secure` does not work locally so make sure you modify your `local.php`, as per the following:
+> **Production only**: Make sure you modify the default admin credentials.
+>
+> **Development only**: `session.cookie_secure` does not work locally so make sure you modify your `local.php`, as per the following:
 
-```text
+```php
     return [
       'session_config' => [
           'cookie_secure' => false,

SECURITY.md

@@ -2,14 +2,13 @@
 
 ## Supported Versions
 
-
-| Version | Supported          | PHP Version |
-| ------- | ------------------ |-------------|
-| 5.x     | :white_check_mark: |![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/admin/5.0.x-dev)|
-| 4.x     | :white_check_mark: |![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/admin/4.0.1)|
-| 3.x     | :x:                |![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/admin/3.0.x-dev)|
-| <= 2.0  | :x:                |             |
-
+| Version | Supported                     |
+|---------|-------------------------------|
+| 6.x     | :white_check_mark:            |
+| 5.x     | :white_check_mark:            |
+| 4.x     | :warning: (security-fix only) |
+| 3.x     | :x:                           |
+| <= 2.0  | :x:                           |
 
 ## Reporting Potential Security Issues
 
@@ -29,7 +28,6 @@ release prior to any public exposure; this helps protect the project's
 users, and provides them with a chance to upgrade and/or update in order to
 protect their applications.
 
-
 ## Policy
 
 If we verify a reported security vulnerability, our policy is:
@@ -39,4 +37,3 @@ If we verify a reported security vulnerability, our policy is:
 
 - After patching the release branches, we will immediately issue new security
   fix releases for each patched release branch.
-

composer.json

@@ -49,6 +49,7 @@
         "laminas/laminas-i18n": "^2.26.0",
         "laminas/laminas-math": "^3.7.0",
         "mezzio/mezzio": "^3.18.0",
+        "mezzio/mezzio-authentication-oauth2": "^2.11",
         "mezzio/mezzio-authorization-rbac": "^1.7.0",
         "mezzio/mezzio-cors": "^1.11.1",
         "mezzio/mezzio-fastroute": "^3.11.0",
@@ -70,13 +71,17 @@
     },
     "autoload": {
         "psr-4": {
-            "Admin\\App\\": "src/App/src/",
             "Admin\\Admin\\": "src/Admin/src/",
-            "Admin\\Page\\": "src/Page/src/",
+            "Admin\\App\\": "src/App/src/",
             "Admin\\Dashboard\\": "src/Dashboard/src/",
+            "Admin\\Page\\": "src/Page/src/",
             "Admin\\Setting\\": "src/Setting/src/",
+            "Admin\\User\\": "src/User/src/",
+            "Core\\Admin\\": "src/Core/src/Admin/src",
             "Core\\App\\": "src/Core/src/App/src",
-            "Core\\Admin\\": "src/Core/src/Admin/src"
+            "Core\\Security\\": "src/Core/src/Security/src",
+            "Core\\Setting\\": "src/Core/src/Setting/src",
+            "Core\\User\\": "src/Core/src/User/src"
         }
     },
     "autoload-dev": {