Feature: Banning Users (#650)

* Added migration file

* Added new feilds to the UserModel

* Added methods to modify the ban status of a user

* Added exception for banned users

* Added banned user checks on access tokens

* Added banned user checks on attempting to log in

* Added language translations for banned user

* Fixed coding standard fail

* cs fix

* Added user model to list of imported classes

* Removed extra whitespace

* ran composer cs-fix

* Added a bannable trait

* Completed banning logic

* Added docs for banning feature

* Fixed failing unit test

* Update docs/banning_users.md

Co-authored-by: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>

* Update src/Filters/SessionAuth.php

Co-authored-by: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>

* Update src/Language/fa/Auth.php

Co-authored-by: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>

* Update src/Language/ja/Auth.php

Thank you for your translation

Co-authored-by: kenjis <kenji.uui@gmail.com>

* Removed migration adding banned and banned_message fields

* Removed banned fields from user model

* Implemented ban and unban logic

* FIxed docs on banning users

* removed unneccessary (bool)

* Reverted redirect route for when a user is not activated

* Added test for getBanMessage()

* Removed unnecesary whitespaces from the docs

* Update docs/banning_users.md

Co-authored-by: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>

* Update docs/banning_users.md

Co-authored-by: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>

* Update docs/banning_users.md

Co-authored-by: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>

* Update docs/banning_users.md

Co-authored-by: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>

---------

Co-authored-by: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>
Co-authored-by: kenjis <kenji.uui@gmail.com>

Author: 3 people

docs/banning_users.md

@@ -0,0 +1,45 @@
+# Banning Users
+
+Shield provides a way to ban users from your application. This is useful if you need to prevent a user from logging in, or logging them out in the event that they breach your terms of service.
+
+- [Checking if the User is Banned](#check-if-a-user-is-banned)
+- [Banning a User](#banning-a-user)
+- [Unbanning a User](#unbanning-a-user)
+- [Getting the Reason for Ban ](#getting-the-reason-for-ban)
+
+### Check if a User is Banned  
+
+You can check if a user is banned using `isBanned()` method on the `User` entity. The method returns a boolean `true`/`false`. 
+
+```php
+if ($user->isBanned()) {
+    //...
+}
+```  
+
+### Banning a User
+
+To ban a user from the application, the `ban(?string $message = null)` method can be called on the `User` entity. The method takes an optional string as a parameter. The string acts as the reason for the ban.
+
+```php
+// banning a user without passing a message
+$user->ban();
+// banning a user with a message and reason for the ban passed.
+$user->ban('Your reason for banning the user here');
+```
+
+### Unbanning a User
+
+Unbanning a user can be done using the `unBan()` method on the `User` entity. This method will also reset the `status_message` property.   
+
+```php
+$user->unBan();
+```
+
+### Getting the Reason for Ban
+
+The reason for the ban can be obtained user the `getBanMessage()` method on the `User` entity.
+
+```php
+$user->getBanMessage();
+```

src/Authentication/AuthenticationException.php

@@ -29,6 +29,11 @@ public static function forInvalidUser(): self
         return new self(lang('Auth.invalidUser'));
     }
 
+    public static function forBannedUser(): self
+    {
+        return new self(lang('Auth.invalidUser'));
+    }
+
     public static function forNoEntityProvided(): self
     {
         return new self(lang('Auth.noUserEntity'), 500);

src/Authentication/Authenticators/AccessTokens.php

@@ -65,6 +65,15 @@ public function attempt(array $credentials): Result
 
         $user = $result->extraInfo();
 
+        if ($user->isBanned()) {
+            $this->user = null;
+
+            return new Result([
+                'success' => false,
+                'reason'  => $user->getBanMessage() ?? lang('Auth.bannedUser'),
+            ]);
+        }
+
         $user = $user->setAccessToken(
             $user->getAccessToken($this->getBearerToken())
         );

src/Authentication/Authenticators/Session.php

@@ -147,6 +147,15 @@ public function attempt(array $credentials): Result
         /** @var User $user */
         $user = $result->extraInfo();
 
+        if ($user->isBanned()) {
+            $this->user = null;
+
+            return new Result([
+                'success' => false,
+                'reason'  => $user->getBanMessage() ?? lang('Auth.bannedUser'),
+            ]);
+        }
+
         $this->user = $user;
 
         // Update the user's last used date on their password identity.

src/Entities/User.php

@@ -12,6 +12,7 @@
 use CodeIgniter\Shield\Models\LoginModel;
 use CodeIgniter\Shield\Models\UserIdentityModel;
 use CodeIgniter\Shield\Traits\Activatable;
+use CodeIgniter\Shield\Traits\Bannable;
 use CodeIgniter\Shield\Traits\Resettable;
 
 /**
@@ -29,6 +30,7 @@ class User extends Entity
     use HasAccessTokens;
     use Resettable;
     use Activatable;
+    use Bannable;
 
     /**
      * @var UserIdentity[]|null

src/Filters/SessionAuth.php

@@ -51,6 +51,15 @@ public function before(RequestInterface $request, $arguments = null)
 
             // Block inactive users when Email Activation is enabled
             $user = $authenticator->getUser();
+
+            if ($user->isBanned()) {
+                $error = $user->getBanMessage() ?? lang('Auth.logOutBannedUser');
+                $authenticator->logout();
+
+                return redirect()->to(config('Auth')->logoutRedirect())
+                    ->with('error', $error);
+            }
+
             if ($user !== null && ! $user->isActivated()) {
                 $authenticator->logout();
 

src/Language/de/Auth.php

@@ -7,6 +7,8 @@
     'unknownAuthenticator'  => '{0} ist kein gültiger Authentifikator.',
     'unknownUserProvider'   => 'Der zu verwendende User Provider konnte nicht ermittelt werden.',
     'invalidUser'           => 'Der angegebene Benutzer kann nicht gefunden werden.',
+    'bannedUser'            => '(To be translated) Can not log you in as you are currently banned.',
+    'logOutBannedUser'      => '(To be translated) You have been logged out because you have been banned.',
     'badAttempt'            => 'Sie konnten nicht angemeldet werden. Bitte überprüfen Sie Ihre Anmeldedaten.',
     'noPassword'            => 'Kann einen Benutzer ohne Passwort nicht validieren.',
     'invalidPassword'       => 'Sie können nicht angemeldet werden. Bitte überprüfen Sie Ihr Passwort.',

src/Language/en/Auth.php

@@ -7,6 +7,8 @@
     'unknownAuthenticator'  => '{0} is not a valid authenticator.',
     'unknownUserProvider'   => 'Unable to determine the User Provider to use.',
     'invalidUser'           => 'Unable to locate the specified user.',
+    'bannedUser'            => 'Can not log you in as you are currently banned.',
+    'logOutBannedUser'      => 'You have been logged out because you have been banned.',
     'badAttempt'            => 'Unable to log you in. Please check your credentials.',
     'noPassword'            => 'Cannot validate a user without a password.',
     'invalidPassword'       => 'Unable to log you in. Please check your password.',

src/Language/es/Auth.php

@@ -7,6 +7,8 @@
     'unknownAuthenticator'  => '{0} no es un handler válido.',
     'unknownUserProvider'   => 'No podemos determinar que Proveedor de Usuarios usar.',
     'invalidUser'           => 'No podemos localizar este usuario.',
+    'bannedUser'            => '(To be translated) Can not log you in as you are currently banned.',
+    'logOutBannedUser'      => '(To be translated) You have been logged out because you have been banned.',
     'badAttempt'            => 'No puedes entrar. Por favor, comprueba tus creenciales.',
     'noPassword'            => 'No se puede validar un usuario sin una contraseña.',
     'invalidPassword'       => 'No uedes entrar. Por favor, comprueba tu contraseña.',

src/Language/fa/Auth.php

@@ -7,6 +7,8 @@
     'unknownAuthenticator'  => '{0} احراز هویت معتبری نمی باشد.',
     'unknownUserProvider'   => 'قادر به تعیین ارائه دهنده کاربر برای استفاده نیست.',
     'invalidUser'           => 'قادر به پیداکردن کاربر مشخص شده نیست',
+    'bannedUser'            => 'در حال حاضر نمی توانید وارد شوید، چون مسدود شده اید.',
+    'logOutBannedUser'      => 'شما به دلیل مسدود شدن، از سیستم خارج شده اید.',
     'badAttempt'            => 'امکان ورود به سیستم نیست. لطفا اعتبارنامه خود را بررسی کنید.',
     'noPassword'            => 'تایید کاربر بدون رمز عبور ممکن نیست.',
     'invalidPassword'       => 'ناتوان در ورود به سیستم. لطفا رمز عبور خود را بررسی کنید.',