Authentication Action based on field in user table

[Ty120301]

I was wondering what would be the best way to alter the login authentication action depending on a column in the user table. That way a user could choose what type of 2FA could be used (null, email, sms, totp etc)

Normally you choose one or the other in Config/Auth (public array $actions = [ 'login' => \CodeIgniter\Shield\Authentication\Actions\Email2FA::class ]) or change it to Sms2FA::class. Works great, but how would you make this changeable ?

For example, if i have a column action_type that is either NULL, 'email', 'totp', 'voice' or 'sms' etc.
It would use that action for the login.

I thought extending the Session in startUpAction would be the way to go. But it seems to get overriden somewhere. Just can't find where. Could anyone point me in the right direction ?

[warcooft]

You can override the default actions using the setting package. For example:

 setting('Auth.actions', [
     'register' => \App\Authentication\Actions\EmailActivator::class, // default null
     'login'    => null, // replace with your custom actions
 ]);

This config applies globally.

If you want shield to perform actions based on user preferences, you should customize the $startUpAction.
To enable this, you can replace the following line

shield/src/Authentication/Authenticators/Session.php

Line 199 in 6726646

$actionClass = setting('Auth.actions')[$type] ?? null;

with

$actionClass = (service('settings')->get('Auth.actions', (string) $user->id) ?? setting('Auth.actions'))[$type] ?? null;

Then, store the login action based on user preferences with

service('settings')->set('Auth.actions', [
     'register' => \App\Authentication\Actions\EmailActivator::class, // default null
     'login'    => null, // replace with your custom actions
], user_id());

[Ty120301]

Thanks a lot ! That certainly looks way cleaner than what i tried :P
Little bit of puzzeling, but got it to work. Did have to modify Session setAuthAction() too.

change Session#476:

$authActions = setting('Auth.actions');

in:

$authActions = (service('settings')->get('Auth.actions', (string) $this->user->id) ?? setting('Auth.actions')) ?? null;

Not entirely sure if this is correct but it seems to work so far :)

Thank you

[grimpirate]

I would suggest that you only require the following to simplify your statement:
$authActions = service('settings')->get('Auth.actions', "user:{$this->user->id}");
You can read on Contextual Settings where it says that if the contextual setting isn't found it will use the general setting, and if a general setting is not found it will return null, so it automatically handles all your cases for you.