solution10 / auth Goto Github PK

The method requests a list of all packages for a user and get an array of the package names. Those are then passed to the Collection for sorting. The problem here is that the Collection is supposed to sort by the package precedence, which it has no access to! Also, there is no way to get the precedence or permissions just from a package's name. I suggest to remove the package names completely and instead use their class names. This way we can initialize the needed package objects when needed and the system stays decentralized.

Tests are only useful during the development stage. Their namespaces shouldn't pollute the autoloader in production.

The method hasPackage() as used in the last example of the Managing the packages on a user section does not exist in the Auth class. I'd love to open a pull request with a fix, but I'd need to know if this is a mistake in the docs or simply a missing method.

The Auth::hashPassword method is using a hard coded PASSWORD_BCRYPT when calling password_hash. While the current versions of password_hash (5.5 thru 7.1) only support two valid values PASSWORD_DEFAULT and PASSWORD_BCRYPT, and they both have the same value, this is not an issue. Hopefully this will change in PHP 7.2 with the stronger cryptography being added. The php.net site indicates that PASSWORD_DEFAULT 'may' change with stronger cryptography, thus it should be the stronger/secure algorithm. I would suggest adding the 'algo' argument to $options as the 'cost' is. I can work on a pull request if you would like.