From c20068fdcade78ec3620334e4ef5ce2945a90cfa Mon Sep 17 00:00:00 2001 From: Luiz Marin <67489841+luizcmarin@users.noreply.github.com> Date: Mon, 15 Apr 2024 09:17:38 -0300 Subject: [PATCH 1/7] Docs folder standardization and other fixes --- docs/internals.md | 40 ++++++++++++++++++++++++++++++++++++++++ psalm.xml | 2 +- psalm74-80.xml | 2 +- 3 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 docs/internals.md diff --git a/docs/internals.md b/docs/internals.md new file mode 100644 index 0000000..6ef50da --- /dev/null +++ b/docs/internals.md @@ -0,0 +1,40 @@ +# Internals + +## Unit testing + +The package is tested with [PHPUnit](https://phpunit.de/). To run tests: + +```shell +./vendor/bin/phpunit +``` + +## Mutation testing + +The package tests are checked with [Infection](https://infection.github.io/) mutation framework with +[Infection Static Analysis Plugin](https://github.com/Roave/infection-static-analysis-plugin). To run it: + +```shell +./vendor/bin/roave-infection-static-analysis-plugin +``` + +## Static analysis + +The code is statically analyzed with [Psalm](https://psalm.dev/). To run static analysis: + +```shell +./vendor/bin/psalm +``` + +## Code style + +Use [Rector](https://github.com/rectorphp/rector) to make codebase follow some specific rules or +use either newest or any specific version of PHP: + +```shell +./vendor/bin/rector +``` + +## Dependencies + +Use [ComposerRequireChecker](https://github.com/maglnet/ComposerRequireChecker) to detect transitive +[Composer](https://getcomposer.org/) dependencies. diff --git a/psalm.xml b/psalm.xml index b48c894..c338142 100644 --- a/psalm.xml +++ b/psalm.xml @@ -3,7 +3,7 @@ errorLevel="1" findUnusedBaselineEntry="true" findUnusedCode="false" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="https://getpsalm.org/schema/config" xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd" > diff --git a/psalm74-80.xml b/psalm74-80.xml index d091d59..2c7c1f8 100644 --- a/psalm74-80.xml +++ b/psalm74-80.xml @@ -3,7 +3,7 @@ errorLevel="1" findUnusedBaselineEntry="true" findUnusedCode="false" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="https://getpsalm.org/schema/config" xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd" > From f4b1d885040b778e4ccfa76ff9495b221e7c1738 Mon Sep 17 00:00:00 2001 From: Luiz Marin <67489841+luizcmarin@users.noreply.github.com> Date: Mon, 15 Apr 2024 11:35:20 -0300 Subject: [PATCH 2/7] Update internals.md --- docs/internals.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/internals.md b/docs/internals.md index 6ef50da..9954ded 100644 --- a/docs/internals.md +++ b/docs/internals.md @@ -38,3 +38,9 @@ use either newest or any specific version of PHP: Use [ComposerRequireChecker](https://github.com/maglnet/ComposerRequireChecker) to detect transitive [Composer](https://getcomposer.org/) dependencies. + +To run the checker, execute the following command: + +```shell +./vendor/bin/composer-require-checker +``` From fa6e85069b6a2ebb3d956740331c133309c97601 Mon Sep 17 00:00:00 2001 From: Luiz Marin <67489841+luizcmarin@users.noreply.github.com> Date: Mon, 15 Apr 2024 11:55:52 -0300 Subject: [PATCH 3/7] Update internals.md --- docs/internals.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/internals.md b/docs/internals.md index 9954ded..b715d9f 100644 --- a/docs/internals.md +++ b/docs/internals.md @@ -25,7 +25,7 @@ The code is statically analyzed with [Psalm](https://psalm.dev/). To run static ./vendor/bin/psalm ``` -## Code style +## Rector Use [Rector](https://github.com/rectorphp/rector) to make codebase follow some specific rules or use either newest or any specific version of PHP: From 3b695b56764f1052ae7f28e916f764603830c8d4 Mon Sep 17 00:00:00 2001 From: Luiz Marin <67489841+luizcmarin@users.noreply.github.com> Date: Wed, 17 Apr 2024 10:06:57 -0300 Subject: [PATCH 4/7] IRC link fix --- composer.json | 2 +- psalm.xml | 2 +- psalm74-80.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index dac960d..902d568 100644 --- a/composer.json +++ b/composer.json @@ -17,7 +17,7 @@ "issues": "https://github.com/yiisoft/csrf/issues?state=open", "forum": "https://www.yiiframework.com/forum/", "wiki": "https://www.yiiframework.com/wiki/", - "irc": "irc://irc.freenode.net/yii", + "irc": "ircs://irc.libera.chat:6697/yii", "chat": "https://t.me/yii3en", "source": "https://github.com/yiisoft/csrf" }, diff --git a/psalm.xml b/psalm.xml index c338142..b48c894 100644 --- a/psalm.xml +++ b/psalm.xml @@ -3,7 +3,7 @@ errorLevel="1" findUnusedBaselineEntry="true" findUnusedCode="false" - xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://getpsalm.org/schema/config" xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd" > diff --git a/psalm74-80.xml b/psalm74-80.xml index 2c7c1f8..d091d59 100644 --- a/psalm74-80.xml +++ b/psalm74-80.xml @@ -3,7 +3,7 @@ errorLevel="1" findUnusedBaselineEntry="true" findUnusedCode="false" - xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://getpsalm.org/schema/config" xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd" > From 988803f2d763736b49b71ad34837ed95f76e1af5 Mon Sep 17 00:00:00 2001 From: Luiz Marin <67489841+luizcmarin@users.noreply.github.com> Date: Thu, 18 Apr 2024 19:44:27 -0300 Subject: [PATCH 5/7] Docs folder standardization and other fixes --- LICENSE.md | 8 ++++---- README.md | 46 ++++++++++++++-------------------------------- docs/internals.md | 5 ++--- 3 files changed, 20 insertions(+), 39 deletions(-) diff --git a/LICENSE.md b/LICENSE.md index bc5674f..6a920d6 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,17 +1,17 @@ -Copyright © 2008 by Yii Software (https://www.yiiframework.com/) +Copyright © 2008 by Yii Software () All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright +* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright +* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Yii Software nor the names of its +* Neither the name of Yii Software nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. diff --git a/README.md b/README.md index 78587be..8c1380e 100644 --- a/README.md +++ b/README.md @@ -18,9 +18,9 @@ The package provides [PSR-15](https://www.php-fig.org/psr/psr-15/) middleware for CSRF protection: - It supports two algorithms out of the box: - - Synchronizer CSRF token with customizable token generation and storage. By default, it uses random data and + - Synchronizer CSRF token with customizable token generation and storage. By default, it uses random data and session. - - HMAC based token with customizable identity generation. Uses session by default. + - HMAC based token with customizable identity generation. Uses session by default. - It has ability to apply masking to CSRF token string to make [BREACH attack](https://breachattack.com/) impossible. ## Requirements @@ -159,39 +159,14 @@ the next request either as a hidden form field or via JavaScript async request. It is recommended to always use this decorator. -## Testing +## Documentation -### Unit testing +- More information can be found in the [Internals.](docs/internals.md) -The package is tested with [PHPUnit](https://phpunit.de/). To run tests: +## Support -```shell -./vendor/bin/phpunit -``` - -### Mutation testing - -The package tests are checked with [Infection](https://infection.github.io/) mutation framework with -[Infection Static Analysis Plugin](https://github.com/Roave/infection-static-analysis-plugin). To run it: - -```shell -./vendor/bin/roave-infection-static-analysis-plugin -``` - -### Static analysis - -The code is statically analyzed with [Psalm](https://psalm.dev/). To run static analysis: - -```shell -./vendor/bin/psalm -``` - -## License - -The Yii CSRF Protection Library is free software. It is released under the terms of the BSD License. Please -see [`LICENSE`](./LICENSE.md) for more information. - -Maintained by [Yii Software](https://www.yiiframework.com/). +If you need help or have a question, the [Yii Forum](https://forum.yiiframework.com/c/yii-3-0/63) is a good place for that. +You may also check out other [Yii Community Resources](https://www.yiiframework.com/community). ## Support the project @@ -204,3 +179,10 @@ Maintained by [Yii Software](https://www.yiiframework.com/). [![Telegram](https://img.shields.io/badge/telegram-join-1DA1F2?style=flat&logo=telegram)](https://t.me/yii3en) [![Facebook](https://img.shields.io/badge/facebook-join-1DA1F2?style=flat&logo=facebook&logoColor=ffffff)](https://www.facebook.com/groups/yiitalk) [![Slack](https://img.shields.io/badge/slack-join-1DA1F2?style=flat&logo=slack)](https://yiiframework.com/go/slack) + +## License + +The Yii Access is free software. It is released under the terms of the BSD License. +Please see [`LICENSE`](./LICENSE.md) for more information. + +Maintained by [Yii Software](https://www.yiiframework.com/). diff --git a/docs/internals.md b/docs/internals.md index b715d9f..8dc4049 100644 --- a/docs/internals.md +++ b/docs/internals.md @@ -34,10 +34,9 @@ use either newest or any specific version of PHP: ./vendor/bin/rector ``` -## Dependencies +## Composer require checker -Use [ComposerRequireChecker](https://github.com/maglnet/ComposerRequireChecker) to detect transitive -[Composer](https://getcomposer.org/) dependencies. +This package uses [composer-require-checker](https://github.com/maglnet/ComposerRequireChecker) to check if all dependencies are correctly defined in `composer.json`. To run the checker, execute the following command: From 357496b2e1db27db785ae406bd18e6881e60faea Mon Sep 17 00:00:00 2001 From: Luiz Marin <67489841+luizcmarin@users.noreply.github.com> Date: Sat, 20 Apr 2024 06:44:58 -0300 Subject: [PATCH 6/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8c1380e..3f9898f 100644 --- a/README.md +++ b/README.md @@ -182,7 +182,7 @@ You may also check out other [Yii Community Resources](https://www.yiiframework. ## License -The Yii Access is free software. It is released under the terms of the BSD License. +The Yii CSRF Protection Library is free software. It is released under the terms of the BSD License. Please see [`LICENSE`](./LICENSE.md) for more information. Maintained by [Yii Software](https://www.yiiframework.com/). From 4e94e2cdd30bbe2c3afb4eac4284945c77f32d5a Mon Sep 17 00:00:00 2001 From: Luiz Marin <67489841+luizcmarin@users.noreply.github.com> Date: Sun, 21 Apr 2024 06:24:03 -0300 Subject: [PATCH 7/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3f9898f..875f13f 100644 --- a/README.md +++ b/README.md @@ -161,7 +161,7 @@ It is recommended to always use this decorator. ## Documentation -- More information can be found in the [Internals.](docs/internals.md) +- [Internals](docs/internals.md) ## Support