Should we make the visibility of the following functions setAuthAction(), recordLoginAttempt() and issueRememberMeToken() from private to protected?

[warcooft]

i created a new class Session that modified and extended to the parent class Session in Authenticators.

The question is should we make the following functions:

• setAuthAction()
• recordLoginAttempt()
• issueRememberMeToken()

private visibility changed to protected?

i have use case to add isDeleted() check to attemp() method but, it is currently not possible because the above method is not accessible.

public function attempt(array $credentials): Result
    {
        /** @var IncomingRequest $request */
        $request = service('request');

        $ipAddress = $request->getIPAddress();
        $userAgent = (string) $request->getUserAgent();

        $result = $this->check($credentials);

        // Credentials mismatch.
        if (! $result->isOK()) {
            // Always record a login attempt, whether success or not.
            $this->recordLoginAttempt($credentials, false, $ipAddress, $userAgent);

            $this->user = null;

            // Fire an event on failure so devs have the chance to
            // let them know someone attempted to login to their account
            unset($credentials['password']);
            Events::trigger('failedLogin', $credentials);

            return $result;
        }

        /** @var User $user */
        $user = $result->extraInfo();

        if ($user->isBanned()) {
            $this->user = null;

            return new Result([
                'success' => false,
                'reason'  => $user->getBanMessage() ?? lang('Auth.bannedUser'),
            ]);
        }

        if ($user->isDeleted()) {
            $this->user = null;

            return new Result([
                'success' => false,
                'reason'  => $user->getDelMessage() ?? lang('Auth.deletedUser'),
            ]);
        }

        $this->user = $user;

        // Update the user's last used date on their password identity.
        $user->touchIdentity($user->getEmailIdentity());

        // Set auth action from database.
        $this->setAuthAction();

        // If an action has been defined for login, start it up.
        $this->startUpAction('login', $user);

        $this->startLogin($user);

        $this->recordLoginAttempt($credentials, true, $ipAddress, $userAgent, $user->id);

        $this->issueRememberMeToken();

        if (! $this->hasAction()) {
            $this->completeLogin($user);
        }

        return $result;
    }

[warcooft]

if this is acceptable some things also need to be updated such as authenticators in some files are still hardcoded, it seems it would be better if we take it from the config settings.

So, if we extend Session class and put another handler in $defaultAuthenticator then it will be used by default.

shield/src/Controllers/LoginController.php

Lines 67 to 70 in 4170cdf

	/** @var Session $authenticator */
	$authenticator = auth('session')->getAuthenticator();
	// Attempt to login