diff --git a/LICENSE.md b/LICENSE.md index bc5674f..6a920d6 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,17 +1,17 @@ -Copyright © 2008 by Yii Software (https://www.yiiframework.com/) +Copyright © 2008 by Yii Software () All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright +* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright +* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Yii Software nor the names of its +* Neither the name of Yii Software nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. diff --git a/README.md b/README.md index 78587be..875f13f 100644 --- a/README.md +++ b/README.md @@ -18,9 +18,9 @@ The package provides [PSR-15](https://www.php-fig.org/psr/psr-15/) middleware for CSRF protection: - It supports two algorithms out of the box: - - Synchronizer CSRF token with customizable token generation and storage. By default, it uses random data and + - Synchronizer CSRF token with customizable token generation and storage. By default, it uses random data and session. - - HMAC based token with customizable identity generation. Uses session by default. + - HMAC based token with customizable identity generation. Uses session by default. - It has ability to apply masking to CSRF token string to make [BREACH attack](https://breachattack.com/) impossible. ## Requirements @@ -159,39 +159,14 @@ the next request either as a hidden form field or via JavaScript async request. It is recommended to always use this decorator. -## Testing +## Documentation -### Unit testing +- [Internals](docs/internals.md) -The package is tested with [PHPUnit](https://phpunit.de/). To run tests: +## Support -```shell -./vendor/bin/phpunit -``` - -### Mutation testing - -The package tests are checked with [Infection](https://infection.github.io/) mutation framework with -[Infection Static Analysis Plugin](https://github.com/Roave/infection-static-analysis-plugin). To run it: - -```shell -./vendor/bin/roave-infection-static-analysis-plugin -``` - -### Static analysis - -The code is statically analyzed with [Psalm](https://psalm.dev/). To run static analysis: - -```shell -./vendor/bin/psalm -``` - -## License - -The Yii CSRF Protection Library is free software. It is released under the terms of the BSD License. Please -see [`LICENSE`](./LICENSE.md) for more information. - -Maintained by [Yii Software](https://www.yiiframework.com/). +If you need help or have a question, the [Yii Forum](https://forum.yiiframework.com/c/yii-3-0/63) is a good place for that. +You may also check out other [Yii Community Resources](https://www.yiiframework.com/community). ## Support the project @@ -204,3 +179,10 @@ Maintained by [Yii Software](https://www.yiiframework.com/). [![Telegram](https://img.shields.io/badge/telegram-join-1DA1F2?style=flat&logo=telegram)](https://t.me/yii3en) [![Facebook](https://img.shields.io/badge/facebook-join-1DA1F2?style=flat&logo=facebook&logoColor=ffffff)](https://www.facebook.com/groups/yiitalk) [![Slack](https://img.shields.io/badge/slack-join-1DA1F2?style=flat&logo=slack)](https://yiiframework.com/go/slack) + +## License + +The Yii CSRF Protection Library is free software. It is released under the terms of the BSD License. +Please see [`LICENSE`](./LICENSE.md) for more information. + +Maintained by [Yii Software](https://www.yiiframework.com/). diff --git a/composer.json b/composer.json index dac960d..902d568 100644 --- a/composer.json +++ b/composer.json @@ -17,7 +17,7 @@ "issues": "https://github.com/yiisoft/csrf/issues?state=open", "forum": "https://www.yiiframework.com/forum/", "wiki": "https://www.yiiframework.com/wiki/", - "irc": "irc://irc.freenode.net/yii", + "irc": "ircs://irc.libera.chat:6697/yii", "chat": "https://t.me/yii3en", "source": "https://github.com/yiisoft/csrf" }, diff --git a/docs/internals.md b/docs/internals.md new file mode 100644 index 0000000..8dc4049 --- /dev/null +++ b/docs/internals.md @@ -0,0 +1,45 @@ +# Internals + +## Unit testing + +The package is tested with [PHPUnit](https://phpunit.de/). To run tests: + +```shell +./vendor/bin/phpunit +``` + +## Mutation testing + +The package tests are checked with [Infection](https://infection.github.io/) mutation framework with +[Infection Static Analysis Plugin](https://github.com/Roave/infection-static-analysis-plugin). To run it: + +```shell +./vendor/bin/roave-infection-static-analysis-plugin +``` + +## Static analysis + +The code is statically analyzed with [Psalm](https://psalm.dev/). To run static analysis: + +```shell +./vendor/bin/psalm +``` + +## Rector + +Use [Rector](https://github.com/rectorphp/rector) to make codebase follow some specific rules or +use either newest or any specific version of PHP: + +```shell +./vendor/bin/rector +``` + +## Composer require checker + +This package uses [composer-require-checker](https://github.com/maglnet/ComposerRequireChecker) to check if all dependencies are correctly defined in `composer.json`. + +To run the checker, execute the following command: + +```shell +./vendor/bin/composer-require-checker +```