chore(*): add modules and system

Author: Tinsh

modules/auth/.travis.yml

@@ -0,0 +1,37 @@
+sudo: false
+
+language: php
+
+# Only build the main develop/master branches - feature branches will be covered by PRs
+branches:
+  only:
+    - /^[0-9\.]+\/(develop|master)$/
+
+cache:
+  directories:
+    - $HOME/.composer/cache/files
+
+php:
+  - 5.3
+  - 5.4
+  - 5.5
+  - 5.6
+  - 7.0
+  - hhvm
+
+matrix:
+  include:
+    - php: 5.3
+      env: 'COMPOSER_PHPUNIT="lowest"'
+
+before_script:
+  - composer self-update
+  - composer install --prefer-dist --no-interaction
+  - if [ "$COMPOSER_PHPUNIT" = "lowest" ]; then composer update --prefer-lowest --with-dependencies --prefer-dist --no-interaction phpunit/phpunit; fi;
+  - vendor/bin/koharness
+
+script:
+  - cd /tmp/koharness && ./vendor/bin/phpunit --bootstrap=modules/unittest/bootstrap.php modules/unittest/tests.php
+
+notifications:
+  email: false

modules/auth/README.md

@@ -0,0 +1,17 @@
+Kohana auth module
+---
+| ver   | Stable                                                                                                                       | Develop                                                                                                                        |
+|-------|------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|
+| 3.3.x | [![Build Status - 3.3/master](https://travis-ci.org/kohana/auth.svg?branch=3.3%2Fmaster)](https://travis-ci.org/kohana/auth) | [![Build Status - 3.3/develop](https://travis-ci.org/kohana/auth.svg?branch=3.3%2Fdevelop)](https://travis-ci.org/kohana/auth) |
+| 3.4.x | [![Build Status - 3.4/master](https://travis-ci.org/kohana/auth.svg?branch=3.4%2Fmaster)](https://travis-ci.org/kohana/auth) | [![Build Status - 3.4/develop](https://travis-ci.org/kohana/auth.svg?branch=3.4%2Fdevelop)](https://travis-ci.org/kohana/auth) |
+
+I've forked the main Auth module because there were some fundamental flaws with it:
+
+ 1. It's trivial to [bruteforce](http://dev.kohanaframework.org/issues/3163) publicly hidden salt hashes.
+    - I've fixed this by switching the password hashing algorithm to the more secure secret-key based hash_hmac method.
+ 2. ORM drivers were included.
+    - I've fixed this by simply removing them. They cause confusion with new users because they think that Auth requires ORM. The only driver currently provided by default is the file driver.
+ 3. Auth::get_user()'s api is inconsistent because it returns different data types.
+    - I've fixed this by returning an empty user model by default. You can override what gets returned (if you've changed your user model class name for instance) by overloading the get_user() method in your application.
+
+These changes should be merged into the mainline branch eventually, but they completely break the API, so likely won't be done until 3.1.

modules/auth/classes/Auth.php

@@ -0,0 +1,3 @@
+<?php defined('SYSPATH') OR die('No direct access allowed.');
+
+abstract class Auth extends Kohana_Auth { }

modules/auth/classes/Auth/File.php

@@ -0,0 +1,3 @@
+<?php defined('SYSPATH') OR die('No direct access allowed.');
+
+class Auth_File extends Kohana_Auth_File { }

modules/auth/classes/Kohana/Auth.php

@@ -0,0 +1,171 @@
+<?php defined('SYSPATH') OR die('No direct access allowed.');
+/**
+ * User authorization library. Handles user login and logout, as well as secure
+ * password hashing.
+ *
+ * @package    Kohana/Auth
+ * @author     Kohana Team
+ * @copyright  (c) 2007-2012 Kohana Team
+ * @license    http://kohanaframework.org/license
+ */
+abstract class Kohana_Auth {
+
+	// Auth instances
+	protected static $_instance;
+
+	/**
+	 * Singleton pattern
+	 *
+	 * @return Auth
+	 */
+	public static function instance()
+	{
+		if ( ! isset(Auth::$_instance))
+		{
+			// Load the configuration for this type
+			$config = Kohana::$config->load('auth');
+
+			if ( ! $type = $config->get('driver'))
+			{
+				$type = 'file';
+			}
+
+			// Set the session class name
+			$class = 'Auth_'.ucfirst($type);
+
+			// Create a new session instance
+			Auth::$_instance = new $class($config);
+		}
+
+		return Auth::$_instance;
+	}
+
+	protected $_session;
+
+	protected $_config;
+
+	/**
+	 * Loads Session and configuration options.
+	 *
+	 * @param   array  $config  Config Options
+	 * @return  void
+	 */
+	public function __construct($config = array())
+	{
+		// Save the config in the object
+		$this->_config = $config;
+
+		$this->_session = Session::instance($this->_config['session_type']);
+	}
+
+	abstract protected function _login($username, $password, $remember);
+
+	abstract public function password($username);
+
+	abstract public function check_password($password);
+
+	/**
+	 * Gets the currently logged in user from the session.
+	 * Returns NULL if no user is currently logged in.
+	 *
+	 * @param   mixed  $default  Default value to return if the user is currently not logged in.
+	 * @return  mixed
+	 */
+	public function get_user($default = NULL)
+	{
+		return $this->_session->get($this->_config['session_key'], $default);
+	}
+
+	/**
+	 * Attempt to log in a user by using an ORM object and plain-text password.
+	 *
+	 * @param   string   $username  Username to log in
+	 * @param   string   $password  Password to check against
+	 * @param   boolean  $remember  Enable autologin
+	 * @return  boolean
+	 */
+	public function login($username, $password, $remember = FALSE)
+	{
+		if (empty($password))
+			return FALSE;
+
+		return $this->_login($username, $password, $remember);
+	}
+
+	/**
+	 * Log out a user by removing the related session variables.
+	 *
+	 * @param   boolean  $destroy     Completely destroy the session
+	 * @param   boolean  $logout_all  Remove all tokens for user
+	 * @return  boolean
+	 */
+	public function logout($destroy = FALSE, $logout_all = FALSE)
+	{
+		if ($destroy === TRUE)
+		{
+			// Destroy the session completely
+			$this->_session->destroy();
+		}
+		else
+		{
+			// Remove the user from the session
+			$this->_session->delete($this->_config['session_key']);
+
+			// Regenerate session_id
+			$this->_session->regenerate();
+		}
+
+		// Double check
+		return ! $this->logged_in();
+	}
+
+	/**
+	 * Check if there is an active session. Optionally allows checking for a
+	 * specific role.
+	 *
+	 * @param   string  $role  role name
+	 * @return  mixed
+	 */
+	public function logged_in($role = NULL)
+	{
+		return ($this->get_user() !== NULL);
+	}
+
+	/**
+	 * Creates a hashed hmac password from a plaintext password. This
+	 * method is deprecated, [Auth::hash] should be used instead.
+	 *
+	 * @deprecated
+	 * @param  string  $password Plaintext password
+	 */
+	public function hash_password($password)
+	{
+		return $this->hash($password);
+	}
+
+	/**
+	 * Perform a hmac hash, using the configured method.
+	 *
+	 * @param   string  $str  string to hash
+	 * @return  string
+	 */
+	public function hash($str)
+	{
+		if ( ! $this->_config['hash_key'])
+			throw new Kohana_Exception('A valid hash key must be set in your auth config.');
+
+		return hash_hmac($this->_config['hash_method'], $str, $this->_config['hash_key']);
+	}
+
+	protected function complete_login($user)
+	{
+		// Regenerate session_id
+		$this->_session->regenerate();
+
+		// Store username in session
+		$this->_session->set($this->_config['session_key'], $user);
+
+		return TRUE;
+	}
+
+} // End Auth

modules/auth/classes/Kohana/Auth/File.php

@@ -0,0 +1,94 @@
+<?php defined('SYSPATH') OR die('No direct access allowed.');
+/**
+ * File Auth driver.
+ * [!!] this Auth driver does not support roles nor autologin.
+ *
+ * @package    Kohana/Auth
+ * @author     Kohana Team
+ * @copyright  (c) 2007-2012 Kohana Team
+ * @license    http://kohanaframework.org/license
+ */
+class Kohana_Auth_File extends Auth {
+
+	// User list
+	protected $_users;
+
+	/**
+	 * Constructor loads the user list into the class.
+	 */
+	public function __construct($config = array())
+	{
+		parent::__construct($config);
+
+		// Load user list
+		$this->_users = Arr::get($config, 'users', array());
+	}
+
+	/**
+	 * Logs a user in.
+	 *
+	 * @param   string   $username  Username
+	 * @param   string   $password  Password
+	 * @param   boolean  $remember  Enable autologin (not supported)
+	 * @return  boolean
+	 */
+	protected function _login($username, $password, $remember)
+	{
+		if (is_string($password))
+		{
+			// Create a hashed password
+			$password = $this->hash($password);
+		}
+
+		if (isset($this->_users[$username]) AND $this->_users[$username] === $password)
+		{
+			// Complete the login
+			return $this->complete_login($username);
+		}
+
+		// Login failed
+		return FALSE;
+	}
+
+	/**
+	 * Forces a user to be logged in, without specifying a password.
+	 *
+	 * @param   mixed    $username  Username
+	 * @return  boolean
+	 */
+	public function force_login($username)
+	{
+		// Complete the login
+		return $this->complete_login($username);
+	}
+
+	/**
+	 * Get the stored password for a username.
+	 *
+	 * @param   mixed   $username  Username
+	 * @return  string
+	 */
+	public function password($username)
+	{
+		return Arr::get($this->_users, $username, FALSE);
+	}
+
+	/**
+	 * Compare password with original (plain text). Works for current (logged in) user
+	 *
+	 * @param   string   $password  Password
+	 * @return  boolean
+	 */
+	public function check_password($password)
+	{
+		$username = $this->get_user();
+
+		if ($username === FALSE)
+		{
+			return FALSE;
+		}
+
+		return ($password === $this->password($username));
+	}
+
+} // End Auth File

modules/auth/composer.json

@@ -0,0 +1,41 @@
+{
+	"name":        "kohana/auth",
+	"type":        "kohana-module",
+	"description": "The official Kohana auth module",
+	"homepage":    "http://kohanaframework.org",
+	"license":     "BSD-3-Clause",
+	"keywords":    ["kohana", "framework", "authentication"],
+	"authors": [
+		{
+			"name":     "Kohana Team",
+			"email":    "team@kohanaframework.org",
+			"homepage": "http://kohanaframework.org/team",
+			"role":     "developer"
+		}
+	],
+	"support": {
+		"issues":   "http://dev.kohanaframework.org",
+		"forum":    "http://forum.kohanaframework.org",
+		"irc":      "irc://irc.freenode.net/kohana",
+		"source":   "http://github.com/kohana/core"
+	},
+	"require": {
+		"composer/installers": "~1.0",
+		"kohana/core":         ">=3.3",
+		"php":                 ">=5.3.3"
+	},
+	"require-dev": {
+		"kohana/core":         "3.3.*@dev",
+		"kohana/unittest":     "3.3.*@dev",
+		"kohana/koharness":    "*@dev"
+	},
+	"extra": {
+		"branch-alias": {
+			"dev-3.3/develop": "3.3.x-dev",
+			"dev-3.4/develop": "3.4.x-dev"
+		},
+		"installer-paths": {
+			"vendor/{$vendor}/{$name}": ["type:kohana-module"]
+		}
+	}
+}

modules/auth/config/auth.php

@@ -0,0 +1,17 @@
+<?php defined('SYSPATH') OR die('No direct access allowed.');
+
+return array(
+
+	'driver'       => 'File',
+	'hash_method'  => 'sha256',
+	'hash_key'     => NULL,
+	'lifetime'     => 1209600,
+	'session_type' => Session::$default,
+	'session_key'  => 'auth_user',
+
+	// Username/password combinations for the Auth File driver
+	'users' => array(
+		// 'admin' => 'b3154acf3a344170077d11bdb5fff31532f679a1919e716a02',
+	),
+
+);