Unable to install Bonfire2 in CI appstarter project

I'm trying to create a base project from which I can compare any updates to CI4 and BF2 going forward, but I can no longer run the documented procedure for installing Bonfire 2.  The appstarter project is created but trying to add Bonfire 2 results in the following:

Code:

PS K:\sites\_CI4_BASE> composer require lonnieezell/bonfire:dev-develop
./composer.json has been created
Running composer update lonnieezell/bonfire
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires lonnieezell/bonfire dev-develop -> satisfiable by lonnieezell/bonfire[dev-develop].
    - lonnieezell/bonfire dev-develop requires roave/security-advisories dev-latest -> found roave/security-advisories[dev-latest] but it does not match your minimum-stability.

It looks like the BF2 requirement for 'roave/security-advisories dev-latest' conflicts with its own stability level.  I tried to change the "minimum-stability" in composer.json, but that did not help.

It also appears that having set the stability requirements to get Bonfire 2 installed, any updates to my primary project pulls in the dev versions of Shield.  While I'm not opposed to trying them out, the latest upgrade for Beta 6 wanted to revert overrides in app\Config\Auth.php set by Bonfire2.  I tried to triage those changes, keeping the Bonfire classes, but now I am no longer sure I have a valid Bonfire2 installation.

I would like to establish a workable process with which I can keep Bonfire2 up to date as the Beta version improves.

Thanks for any suggestions.

I'm trying to create a base project from which I can compare any updates to CI4 and BF2 going forward, but I can no longer run the documented procedure for installing Bonfire 2.  The appstarter project is created but trying to add Bonfire 2 results in the following <...>

You have missed the install instructions part in Bonfire2 documentation:

You need to add the following setting to composer.json:

Code:

"minimum-stability": "dev",
"prefer-stable": true

I have just checked that I get the install error described by you without these changes, but with these changes install goes fine.

==

Donatas G.

Both CI4 and shield as well as BF2 have moved ahead since I last tried working on this project, so I have again created an out-of-the-box install following instructions in Bonfire2/docs/installation.md, and the Bonfire dashboard fails to render correctly. Here's what I did:

> composer create-project codeigniter4/appstarter my-app
- Add:
"minimum-stability": "dev",
"prefer-stable": true
- Change per CodeIgniter4 Initial Configuration:
app/Config/App.php
$baseURL ==> https://ci4bonfire
$indexPage ==> ''
- Set database credentials

> php spark bf:install

> php spark bf:install --continue

Following instructions in codeigniter4/shield/UPGRADING.md for upgrade to 1.0.0-beta.8

> php spark shieldetup
- verify changes for 'Helper Autoloading' and 'Config\Auth'

- ignored (no custom filters)

- Fix to HMAC Secret Key Encryption
Not sure what to do here.
Is using HMAC now the system default?
Do I need to replace the encryption.key generated in .env?
There is no key set in Config/AuthToken.php, is this correct?
Do we need both k1 and k2 out-of-the-box?
Why does the installation process not create/use a correct key?
Should the secret column in auth_identities be an encrypted value?

----
The home page renders fine.
Trying to login as superadmin results in :
Call to undefined method CodeIgniter\Shield\Entities\User::renderAvatar()
from: ROOTPATH\themes\Admin\_header.php at line 22
----

If I replace the offending line with a simple string, I can access the page /admin/users/1, and the expected avatar is rendered in the edit form as expected. So it seems that the user returned by auth()->user() in the view is invalid, since the $user variable on that page can do renderAvatar().

I assume the following:
'By default, the Encryption Library uses the OpenSSL handler. That handler encrypts using the AES-256-CTR algorithm, your configured key, and SHA512 HMAC authentication.'
means that the current encryption.key must be updated, so I suspect this might be related to the problem.

I tried updating shield to the master version 1.0.0.
I tried clearing the auth_identities and users tables and running the 2 bonfire installation scripts again.

Thanks for any help.

- Fix to HMAC Secret Key Encryption
Not sure what to do here.
Is using HMAC now the system default?

No.
Probably Bonfire does not use HMAC Token Auth.

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper

- Fix to HMAC Secret Key Encryption
Not sure what to do here.
Is using HMAC now the system default?

No.
Probably Bonfire does not use HMAC Token Auth.

---

OK, thanks, so I probably don't need to do anything to update the encryption key.
But that still leaves the problem with the view not being able to use auth()->user() to get an object that implements renderAvatar(), so the page header works again.
Simply replacing the render code with an arbitrary string is just a patch to get past the error which keeps any admin dashboard page from displaying. Is this a bug in Bonfire's view code, or possibly the UserModel code, or is there still something else I need to do to get the Admin/_header.php code to render the user's correct avatar at the top of the page?

The issue here is a conflict between the app/Config/ files installed by bf:install and those installed for the mandatory updating required by shield version 1.0.0-beta.8 which is installed by Bonfire2.  Running shield:setup again after bf:install, as instructed in codeigniter4/shield/UPGRADING.md, reverts important changes required for the current dev-develop version of Bonfire2.

Here are the necessary steps for a viable installation of the current Bonfire2 into codeigniter4/appstarter.
Follow the directions indicated on the console, and answer 'yes' to overwrite any existing files.

+ Create codeigniter4/appstarter project
> composer create-project codeigniter4/appstarter CI4Bonfire
+ Add to composer.json
  "minimum-stability": "dev",
  "prefer-stable": true,

+ Install Bonfire2
> composer require lonnieezell/bonfire:dev-develop
  (codeigniter4/shield version 1.0.0-beta.8 is installed)
> php spark bf:install
  (some files in app/Config are overwritten with old code)

+ Restore codeigniter4/shield code per UPGRADING.md
> php spark shield:setup

+ Cherry-pick what to revert back to the required Bonfire2 code
  (I like using a good GUI comparison app to do this.)

In app/Config/ -
Keep the following shield versions:
  AuthToken.php
  Autoload.php
 
Revert the following to its Bonfire2 version:
  Routes.php
 
Both of the following require merging changes from both versions:
  Auth.php
  AuthGroups.php
(I have a GIT patch file for these, but I do not see a way to upload it here.)

+ Complete the Bonfire2 installation
> php spark bf:install --continue

+ Login as superadmin

Hope this helps someone else trying to do the same thing.