PHP 8.4+

Author: codemasher

README.md

@@ -27,7 +27,7 @@ A generator for counter based ([RFC 4226](https://tools.ietf.org/html/rfc4226))
 
 # Documentation
 ## Requirements
-- PHP 8.2+
+- PHP 8.4+
   - [`ext-curl`](https://www.php.net/manual/book.curl) for Steam Guard server time synchronization
   - [`ext-sodium`](https://www.php.net/manual/book.sodium) for constant time implementations of base64 encode/decode and hex2bin/bin2hex
     ([`paragonie/constant_time_encoding`](https://github.com/paragonie/constant_time_encoding) is used as fallback)
@@ -41,7 +41,7 @@ via terminal: `composer require chillerlan/php-authenticator`
 ```json
 {
 	"require": {
-		"php": "^8.2",
+		"php": "^8.4",
 		"chillerlan/php-authenticator": "dev-main"
 	}
 }

composer.json

@@ -32,16 +32,16 @@
 	"prefer-stable": true,
 	"require": {
 		"php": "^8.4",
-		"chillerlan/php-settings-container": "^3.2.1",
+		"chillerlan/php-settings-container": "^4.0",
 		"paragonie/constant_time_encoding": "^3.0"
 	},
 	"require-dev": {
 		"ext-curl": "*",
 		"ext-json": "*",
 		"ext-sodium": "*",
-		"phan/phan": "^6.0.1",
+		"phan/phan": "^6.0.2",
 		"phpmd/phpmd": "^2.15",
-		"phpstan/phpstan": "^2.1.40",
+		"phpstan/phpstan": "^2.1.42",
 		"phpstan/phpstan-deprecation-rules": "^2.0.4",
 		"phpunit/phpunit": "^13.0",
 		"slevomat/coding-standard": "^8.28",

phpcs.xml.dist

@@ -36,7 +36,7 @@
 
 	<rule ref="SlevomatCodingStandard.Classes.ClassConstantVisibility"/>
 	<rule ref="SlevomatCodingStandard.Classes.DisallowConstructorPropertyPromotion"/>
-	<rule ref="SlevomatCodingStandard.Classes.ForbiddenPublicProperty"/>
+	<!--<rule ref="SlevomatCodingStandard.Classes.ForbiddenPublicProperty"/>-->
 	<rule ref="SlevomatCodingStandard.Classes.ModernClassNameReference"/>
 
 	<rule ref="SlevomatCodingStandard.Commenting.DeprecatedAnnotationDeclaration"/>
@@ -162,7 +162,7 @@
 	<rule ref="Generic.Strings.UnnecessaryStringConcat"/>
 	<!--<rule ref="Generic.WhiteSpace.DisallowSpaceIndent"/>-->
 	<rule ref="Generic.WhiteSpace.IncrementDecrementSpacing"/>
-	<rule ref="Generic.WhiteSpace.ScopeIndent"/>
+	<!--<rule ref="Generic.WhiteSpace.ScopeIndent"/>-->
 	<rule ref="Generic.WhiteSpace.SpreadOperatorSpacingAfter"/>
 
 	<rule ref="PSR2.ControlStructures.ElseIfDeclaration"/>
@@ -198,7 +198,7 @@
 	<rule ref="Squiz.PHP.InnerFunctions"/>
 	<rule ref="Squiz.PHP.LowercasePHPFunctions"/>
 	<rule ref="Squiz.PHP.NonExecutableCode"/>
-	<rule ref="Squiz.Scope.MemberVarScope"/>
+	<!--<rule ref="Squiz.Scope.MemberVarScope"/>-->
 	<rule ref="Squiz.Scope.MethodScope"/>
 	<rule ref="Squiz.Scope.StaticThisUsage"/>
 	<rule ref="Squiz.Strings.DoubleQuoteUsage"/>
@@ -270,7 +270,7 @@
 			<property name="ignoreNewlines" value="true" />
 		</properties>
 	</rule>
-
+<!--
 	<rule ref="Generic.WhiteSpace.ScopeIndent">
 		<properties>
 			<property name="tabIndent" value="true" />
@@ -280,7 +280,7 @@
 			</property>
 		</properties>
 	</rule>
-
+-->
 	<rule ref="PSR12.ControlStructures.BooleanOperatorPlacement">
 		<properties>
 			<property name="allowOnly" value="first" />

src/Authenticator.php

@@ -19,7 +19,7 @@
 /**
  * Yet another Google authenticator implementation!
  *
- * Note: This class has been reduced oover time to a front-end to the several authenticator classes
+ * Note: This class has been reduced over time to a front-end to the several authenticator classes
  *       (`HOTP`, `TOTP`, ...), which can be invoked on their own. `Authenticator` will remain for convenience.
  *
  * @link https://tools.ietf.org/html/rfc4226

src/AuthenticatorOptionsTrait.php

@@ -6,6 +6,9 @@
  * @author       smiley <smiley@chillerlan.net>
  * @copyright    2019 smiley
  * @license      MIT
+ *
+ * @see https://github.com/phan/phan/issues/5491
+ * @phan-file-suppress PhanUnreferencedUseNormal, PhanUnreferencedUseFunction, PhanPropertyHookWithDefaultValue
  */
 declare(strict_types=1);
 
@@ -17,36 +20,51 @@
 use function strtolower;
 use function strtoupper;
 
-/**
- * @property int    $digits
- * @property int    $period
- * @property int    $secret_length
- * @property string $algorithm
- * @property string $mode
- * @property int    $adjacent
- * @property int    $time_offset
- * @property bool   $useLocalTime
- * @property bool   $forceTimeRefresh
- * @property bool   $omitUriSettings
- */
 trait AuthenticatorOptionsTrait{
 
 	/**
 	 * Code length: either 6 or 8
 	 */
-	protected int $digits = 6;
+	public int $digits = 6 {
+		set{
+
+			if(!in_array($value, [6, 8], true)){
+				throw new InvalidArgumentException('Invalid code length: '.$value);
+			}
+
+			$this->digits = $value;
+		}
+	}
 
 	/**
 	 * Validation period (seconds): 15 - 60
 	 */
-	protected int $period = 30;
+	public int $period = 30 {
+		set{
+
+			if($value < 15 || $value > 60){
+				throw new InvalidArgumentException('Invalid period: '.$value);
+			}
+
+			$this->period = $value;
+		}
+	}
 
 	/**
 	 * Length of the secret phrase (bytes, unencoded binary)
 	 *
 	 * @see \random_bytes()
 	 */
-	protected int $secret_length = 20;
+	public int $secret_length = 20 {
+		set{
+
+			if($value < 16 || $value > 1024){
+				throw new InvalidArgumentException('Invalid secret length: '.$value);
+			}
+
+			$this->secret_length = $value;
+		}
+	}
 
 	/**
 	 * Hash algorithm:
@@ -55,7 +73,17 @@ trait AuthenticatorOptionsTrait{
 	 *   - `AuthenticatorInterface::ALGO_SHA256`
 	 *   - `AuthenticatorInterface::ALGO_SHA512`
 	 */
-	protected string $algorithm = AuthenticatorInterface::ALGO_SHA1;
+	public string $algorithm = AuthenticatorInterface::ALGO_SHA1 {
+		set{
+			$value = strtoupper($value);
+
+			if(!in_array($value, AuthenticatorInterface::HASH_ALGOS, true)){
+				throw new InvalidArgumentException('Invalid algorithm: '.$value);
+			}
+
+			$this->algorithm = $value;
+		}
+	}
 
 	/**
 	 * Authenticator mode:
@@ -64,19 +92,38 @@ trait AuthenticatorOptionsTrait{
 	 *   - `AuthenticatorInterface::TOTP`  = time based
 	 *   - `AuthenticatorInterface::STEAM` = time based (Steam Guard)
 	 */
-	protected string $mode = AuthenticatorInterface::TOTP;
+	public string $mode = AuthenticatorInterface::TOTP {
+		set{
+			$value = strtolower($value);
+
+			if(!isset(AuthenticatorInterface::MODES[$value])){
+				throw new InvalidArgumentException('Invalid mode: '.$value);
+			}
+
+			$this->mode = $value;
+		}
+	}
 
 	/**
 	 * Number of allowed adjacent codes
 	 */
-	protected int $adjacent = 1;
+	public int $adjacent = 1 {
+		set{
+			// limit to a sane amount
+			if($value < 0 || $value > 20){
+				throw new InvalidArgumentException('Invalid number of adjacent codes: '.$value);
+			}
+
+			$this->adjacent = $value;
+		}
+	}
 
 	/**
 	 * A fixed time offset that will be added to the current time value
 	 *
 	 * @see \chillerlan\Authenticator\Authenticators\AuthenticatorInterface::getCounter()
 	 */
-	protected int $time_offset = 0;
+	public int $time_offset = 0;
 
 	/**
 	 * Whether to use local time or request server time from the API
@@ -85,102 +132,18 @@ trait AuthenticatorOptionsTrait{
 	 *
 	 * note: API requests needs ext-curl installed
 	 */
-	protected bool $useLocalTime = true;
+	public bool $useLocalTime = true;
 
 	/**
 	 * Whether to force refreshing server time on each call or use the time returned from the last request
 	 */
-	protected bool $forceTimeRefresh = false;
+	public bool $forceTimeRefresh = false;
 
 	/**
 	 * Whether to omit the additional settings in the URI for an authenticator app (algo, digits, period)
 	 *
 	 * @link https://github.com/google/google-authenticator/wiki/Key-Uri-Format#parameters
 	 */
-	protected bool $omitUriSettings = true;
-
-	/**
-	 * Sets the code length to either 6 or 8
-	 *
-	 * @throws \InvalidArgumentException
-	 */
-	protected function set_digits(int $digits):void{
-
-		if(!in_array($digits, [6, 8], true)){
-			throw new InvalidArgumentException('Invalid code length: '.$digits);
-		}
-
-		$this->digits = $digits;
-	}
-
-	/**
-	 * Sets the period to a value between 15 and 60 seconds
-	 *
-	 * @throws \InvalidArgumentException
-	 */
-	protected function set_period(int $period):void{
-
-		if($period < 15 || $period > 60){
-			throw new InvalidArgumentException('Invalid period: '.$period);
-		}
-
-		$this->period = $period;
-	}
-
-	/**
-	 * Sets the hash algorithm
-	 *
-	 * @throws \InvalidArgumentException
-	 */
-	protected function set_algorithm(string $algorithm):void{
-		$algorithm = strtoupper($algorithm);
-
-		if(!in_array($algorithm, AuthenticatorInterface::HASH_ALGOS, true)){
-			throw new InvalidArgumentException('Invalid algorithm: '.$algorithm);
-		}
-
-		$this->algorithm = $algorithm;
-	}
-
-	/**
-	 * Sets the authenticator mode
-	 *
-	 * @throws \InvalidArgumentException
-	 */
-	protected function set_mode(string $mode):void{
-		$mode = strtolower($mode);
-
-		if(!isset(AuthenticatorInterface::MODES[$mode])){
-			throw new InvalidArgumentException('Invalid mode: '.$mode);
-		}
-
-		$this->mode = $mode;
-	}
-
-	/**
-	 * Sets the adjacent amount
-	 *
-	 * @throws \InvalidArgumentException
-	 */
-	protected function set_adjacent(int $adjacent):void{
-		// limit to a sane amount
-		if($adjacent < 0 || $adjacent > 20){
-			throw new InvalidArgumentException('Invalid number of adjacent codes: '.$adjacent);
-		}
-
-		$this->adjacent = $adjacent;
-	}
-
-	/**
-	 * @throws \InvalidArgumentException
-	 */
-	protected function set_secret_length(int $secret_length):void{
-
-		if($secret_length < 16 || $secret_length > 1024){
-			throw new InvalidArgumentException('Invalid secret length: '.$secret_length);
-		}
-
-		$this->secret_length = $secret_length;
-	}
+	public bool $omitUriSettings = true;
 
 }

src/Authenticators/AuthenticatorAbstract.php

@@ -28,7 +28,7 @@
 
 abstract class AuthenticatorAbstract implements AuthenticatorInterface{
 
-	protected const string userAgent = 'chillerlanAuthenticator/5.0 +https://github.com/chillerlan/php-authenticator';
+	protected const string userAgent = 'chillerlanAuthenticator/6.0 +https://github.com/chillerlan/php-authenticator';
 
 	protected SettingsContainerInterface|AuthenticatorOptions $options;
 	protected string|null                                     $secret          = null;
@@ -88,7 +88,6 @@ public function getRawSecret():string{
 		return $this->secret;
 	}
 
-
 	public function createSecret(int|null $length = null):string{
 		$length ??= $this->options->secret_length;
 

src/Authenticators/AuthenticatorInterface.php

@@ -16,13 +16,13 @@
 
 interface AuthenticatorInterface{
 
-	public const string TOTP        = 'totp';
-	public const string HOTP        = 'hotp';
-	public const string STEAM_GUARD = 'steam';
+	final public const string TOTP        = 'totp';
+	final public const string HOTP        = 'hotp';
+	final public const string STEAM_GUARD = 'steam';
 
-	public const string ALGO_SHA1   = 'SHA1';
-	public const string ALGO_SHA256 = 'SHA256';
-	public const string ALGO_SHA512 = 'SHA512';
+	final public const string ALGO_SHA1   = 'SHA1';
+	final public const string ALGO_SHA256 = 'SHA256';
+	final public const string ALGO_SHA512 = 'SHA512';
 
 	public const array MODES = [
 		self::HOTP        => HOTP::class,

src/Common/Base64.php

@@ -19,7 +19,7 @@
 /**
  * Class to provide base64 encoding/decoding of strings using constant time functions
  */
-class Base64 implements EncoderInterface{
+final class Base64 implements EncoderInterface{
 
 	/**
 	 * The Base64 character set as defined by RFC3548

src/Common/Hex.php

@@ -21,7 +21,7 @@
  *
  * (class is currently unused)
  */
-class Hex implements EncoderInterface{
+final class Hex implements EncoderInterface{
 
 	public const string CHARSET = '1234567890ABCDEFabcdef';
 

tests/Authenticators/HOTPTest.php

@@ -22,7 +22,7 @@ class HOTPTest extends AuthenticatorInterfaceTestAbstract{
 	/**
 	 * @see https://tools.ietf.org/html/rfc4226#page-32
 	 */
-	protected const array rfc4226Vectors = [
+	final protected const array rfc4226Vectors = [
 		[0, 'cc93cf18508d94934c64b65d8ba7667fb7cde4b0', 1284755224, '755224'],
 		[1, '75a48a19d4cbe100644e8ac1397eea747a2d33ab', 1094287082, '287082'],
 		[2, '0bacb7fa082fef30782211938bc1c5e70416ff44',  137359152, '359152'],