jasny / auth Goto Github PK
View Code? Open in Web Editor NEWAuthentication, authorization and access control for Slim and other micro-frameworks
Home Page: https://www.jasny.net/auth
auth's People
Contributors
Stargazers
Watchers
Forkers
turv retinainc minstel pemedina gymadarasz visonwang nvignola sm-alfariz keyfun sergeax jasongray varinderd mustafakarali hugorvazquez lookingdown devnull0111 eminmuhammadi osamaabdullah kawigraphics erdincgc yijiangwen ezeasorekene km1801 ildar-b mahameth hibbyoyotkggit royswale werstalshik luizh12380 sjaakp soluyanow francuz2000 raulrodes miferval paquette-codesauth's Issues
Auth class shouldn't be static
While it is typical there is only one authentication interface per application, this is not the way by definition. Additionally using static methods and properties make testing harder.
// Global Auth for an application
App::auth();
// Application instance for dependency injection
$app->getAuth();Incorrect third param in hash function in HashidsConfirmation.php
auth/src/Confirmation/HashidsConfirmation.php
Line 315 in d8d0b72
Third param in hash function generates outputs raw binary data which trigger warnings in Hashids. In constructor of Hashids salt is encoding but is as binary so \mb_detect_encoding($salt) return incorrect encoding type for \mb_convert_encoding($salt, 'UTF-8', \mb_detect_encoding($salt))
https://github.com/vinkla/hashids/blob/8cab111f78e0bd9c76953b082919fc9e251761be/src/Hashids.php#L95
Does jasny/auth use database?
Hi jasny, I got confused when I will use this library. Does jasny/auth use database? how I set up the jasny/auth?
Non-static method Jasny\Auth\Auth::user() should not be called statically
all of the mentioned methods in the documentation are called as static methods, but none of them is static so it gives an error
Auth::login(string $username, string $password)
Auth::loginAs(UserInterface $user)
Auth::logout() ...etc
Multi-factor authentication (MFA) support
The method of MFA shouldn't be important for this lib, though it would always include verifying some sort of code. Instead of requiring the use of wrapper, a callback that takes the user and code and returns a boolean should be all that's needed for the Auth class.
In addition to the context, add bool $mfa as argument for getAuthRole(). This will be set to true if the user is MFA authenticated. It's up to the User class to return a role like 'mfa-required' if needed. Methods like isLoggedIn() will still return true, even if the login is just partial.
To logic to setup MFA (like creating an OTP secret, sending an email, etc) is outside the scope of this library.
If MFA fails the user is automatically logged out.
class AuthController extends Jasny\Controller
{
public function run(...$args)
{
try {
return parent::run(...$args);
} catch (LoginException $exception) {
$this->session->flash('warning', $exception->getMessage());
$this->redirect('/login');
}
}
public function postLogin()
{
$this->auth->login(
$this->getQueryParam('username'),
$this->getQueryParam('password'),
);
$next = $this->auth->is('mfa-required') ? '/login/mfa' : '/admin';
$this->redirect($next);
}
public function postLoginMfa()
{
$this->auth->mfa($this->getQueryParam('code'));
$this->redirect('/admin');
}
}
class User
{
/** One time password secret for multi factor authentication (MFA) */
public ?string $otpSecret = null;
public getAuthRole(?ContextInterface $context, bool $mfa)
{
if ($this->otpSecret !== null && !$mfa) {
return 'mfa-required';
}
return $this->role;
}
}
$levels = new Authz\Levels([
-1 => 'mfa-required',
1 => 'user',
20 => 'admin',
]);
$auth = (new Auth($levels, ...))
->withMfa(static function(User $user, string $code): bool {
return TOPT::create($user->otpSecret)->verify($code);
});Storing the user object in a session?
Hello!
According to
Line 145 in 53536cf
I'd like to use this feature to get rid of extra sql query in Storage::fetchUserById() (i.e. get the User from the session instead of doing an extra sql query(-ies) to get the User from database by uid). But I couldn't find a way to force Jasny/Auth to put the User to the session instead of only putting uid there.
- Is there such a way?
- Is there actually such a feature, or did I misunderstand what that "$user instanceof User" is for?
Authorization should not be done in User class
We should create an Authz class rather than moving that into the User class. Moving all functionality to a model class is a 'God object' anti-pattern.
Static function Jasny\Auth::fetchUserById() should not be abstract
While trying to implement the example in the README, I keep getting this error, I am using Slim and I am auto loading the example Auth class using composer's psr-0 like this "psr-0": { "": "auth/" }, is this probably because PHP doesn't support abstract static functions or am I doing things wrong?
Fatal error when trying to implement level based auth follow by example in README.md
Fatal error: gymadarasz\Auth\Auth and Jasny\Authz\byLevel define the same property ($levels) in the composition of gymadarasz\Auth\Auth. However, the definition differs and is considered incompatible. Class was composed in C:\xampp\htdocs\testauth\src\Auth\Auth.php on line 97
My suugestion, just remove the line protected static $levels; from trait byLevel in file byLevel.php at line ~37
SOLID - dependency injection
Use dependency injection rather than traits.
ERROR : $hashedPassword must not be accessed before initialization in
Hi, Trying to use the library I got such an error.Where am I doing wrong?
@jasny, @SergeAx, @Minstel
Fatal error: Uncaught Error: Typed property Veloster\App\Models\User::$hashedPassword must not be accessed before initialization in C:\xampp\htdocs\php\App\Models\User.php:32
Stack trace:
#0 C:\xampp\htdocs\php\vendor\jasny\auth\src\Auth.php(319): Veloster\App\Models\User->verifyPassword('12345678')
#1 C:\xampp\htdocs\php\App\Models\Accounts.php(46): Jasny\Auth\Auth->login('admin', '12345678')
#2 C:\xampp\htdocs\php\App\Controllers\Home.php(27): Veloster\App\Models\Accounts->authenticate('admin', '12345678')
#3 [internal function]: Veloster\App\Controllers\Home::login(
#4 C:\xampp\htdocs\php\Core\Route.php(74): call_user_func_array(Array, Array)
#5 C:\xampp\htdocs\php\index.php(24): Veloster\Core\Route::dispatch()
#6 {main}
thrown in C:\xampp\htdocs\php\App\Models\User.php on line 32
User.php:
<?php
namespace Veloster\App\Models;
use Jasny\Auth;
use Jasny\Auth\UserInterface;
class User implements UserInterface
{
public string $id;
public string $username;
public int $accessLevel = 0;
protected string $hashedPassword;
public function getAuthId(): string
{
return $this->id;
}
/**
* {@interal This method isn't required by the interface}}.
* @param string $password
*/
public function changePassword(string $password): void
{
$this->hashedPassword = password_hash($password, PASSWORD_BCRYPT);
}
public function verifyPassword(string $password): bool
{
return password_verify($password, $this->hashedPassword);
}
public function getAuthChecksum(): string
{
return hash('sha256', $this->id . $this->hashedPassword);
}
public function getAuthRole(Auth\ContextInterface $context = null): int
{
return $this->accessLevel;
}
public function requiresMfa(): bool
{
return false;
}
}
Funstion in Login_Controller.php:
public function authenticate(string $username,string $password)
{
$levels = new Authz\Levels(['user' => 1, 'moderator' => 10, 'admin' => 100]);
$auth = new Auth($levels, new AuthStorage());
session_start();
$auth->initialize();
$auth->login($username,$password);
}
AuthStroge.php:
<?php
namespace Veloster\App\Models;
use Jasny\Auth;
use Illuminate\Database\Capsule\Manager as DB;
use Jasny\Auth\StorageInterface;
class AuthStorage implements StorageInterface
{
/**
* Fetch a user by ID
* @param string $id
* @return Auth\UserInterface|null
*/
public function fetchUserById(string $id): ?Auth\UserInterface
{
DB::table('Accounts')
->Where('id','=', $id)
->get();
return new User();
}
/**
* Fetch a user by username
* @param string $username
* @return Auth\UserInterface|null
*/
public function fetchUserByUsername(string $username): ?Auth\UserInterface
{
DB::table('Accounts')->Where('username','=', $username)->get();
return new User;
}
/**
* Fetch the context by ID.
* @param string $id
* @return Auth\ContextInterface|null
*/
public function fetchContext(string $id) : ?Auth\ContextInterface
{
DB::table('Accounts')
->Where('id','=', $id)
->get();
return new Context();
}
/**
* Get the default context of the user.
* @param Auth\UserInterface $user
* @return Auth\ContextInterface|null
*/
public function getContextForUser(Auth\UserInterface $user) : ?Auth\ContextInterface
{
return null;
}
}
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.