Hello

I am using MySQL for password and user storage. Could you please tell me how to create new passwords using MySQL when I have a new username and role in mind? I don't see a clear way towards doing so, and looking through code so far has me confused. Thanks!

The CSRF is giving me an issue on mac os x, php 7.4.

"The form submitted did not originate from the expected site"

As far as I can tell, it is a problem with the session and how the csrf is stored. Somehow it looks as if it is recalculated after submitting.

From what I see, the only option there is to use it from the scratch. Can we not have the option of adding it in the ongoing project, like quite a few other packages?

Also, it is lacking the schema.sql which will be good to have.

Question - it seems that I can use authorization on a per-view-template level.

However, I have a use case to evaluate authorization on a more granular level.
For example, I have a module called Quote and in that module I have a quote view that shows a listing of sales items without their prices for customer view, but I want to show pricing for a sales person viewing the same quote view.

And so I am looking for a model where I can use something like this:

if ("logged in user" has permission to "view sales line item pricing")
    echo $price;
else
    echo "";

Where I can have multiple such statements on a single view.
It is not immediately clear if I can modify the app to use it in such a granular way.

Can I use mezzio-authentication-with-authorization for my use case? If so, how?
If I wanted to write a lot of such statements, how can I use (modify) this app?
Thanks!

I want to use native ACL inside templates.

For example, inside a view template, something like:

$auth->isAllowed($role, $resource));
$this->isAllowed($role, $resource));

Is there an easy way to modify this app to do so? How?

I've tried to install this package but this is what I got.

$ composer create-project samsonasik/mezzio-authentication-with-authorization -sdev
Creating a "samsonasik/mezzio-authentication-with-authorization" project at "./mezzio-authentication-with-authorization"
Installing samsonasik/mezzio-authentication-with-authorization (dev-master dcf300d89fa38248a21ca96266d50a847653e91e)
  - Syncing samsonasik/mezzio-authentication-with-authorization (dev-master dcf300d) into cache
  - Installing samsonasik/mezzio-authentication-with-authorization (dev-master dcf300d): Cloning dcf300d89f from cache
Created project in D:\laminas\mezzio-authentication-with-authorization
Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Your lock file does not contain a compatible set of packages. Please run composer update.

  Problem 1
    - laminas/laminas-component-installer is locked to version 2.1.2 and an update of this package was not requested.
    - laminas/laminas-component-installer 2.1.2 requires composer-plugin-api ^1.0 -> found composer-plugin-api[2.0.0] but it does not match the constraint.
  Problem 2
    - laminas/laminas-dependency-plugin is locked to version 0.2.0 and an update of this package was not requested.
    - laminas/laminas-dependency-plugin 0.2.0 requires composer-plugin-api ^1.1 -> found composer-plugin-api[2.0.0] but it does not match the constraint.
  Problem 3
    - dealerdirect/phpcodesniffer-composer-installer is locked to version v0.6.2 and an update of this package was not requested.
    - dealerdirect/phpcodesniffer-composer-installer v0.6.2 requires composer-plugin-api ^1.0 -> found composer-plugin-api[2.0.0] but it does not match the constraint.
  Problem 4
    - ocramius/package-versions is locked to version 1.4.2 and an update of this package was not requested.
    - ocramius/package-versions 1.4.2 requires composer-plugin-api ^1.0.0 -> found composer-plugin-api[2.0.0] but it does not match the constraint.
  Problem 5
    - laminas/laminas-component-installer 2.1.2 requires composer-plugin-api ^1.0 -> found composer-plugin-api[2.0.0] but it does not match the constraint.
    - mezzio/mezzio-tooling 1.3.0 requires laminas/laminas-component-installer ^2.0 -> satisfiable by laminas/laminas-component-installer[2.1.2].
    - mezzio/mezzio-tooling is locked to version 1.3.0 and an update of this package was not requested.

ocramius/package-versions only provides support for Composer 2 in 1.8+, which requires PHP 7.4.
If you can not upgrade PHP you can require composer/package-versions-deprecated to resolve this with PHP 7.0+.

You are using Composer 2, which some of your plugins seem to be incompatible with. Make sure you update your plugins or report a plugin-issue to ask them to support Composer 2.

I am experiencing an issue where I think the app may be behaving incorrectly, or maybe there is a special routing issue happening that I am not considering.

My belief is that if I hit a valid route, such as /login with the app, the pipeline should never go past DispatchMiddleware.php, and any middleware placed afterwards should not be executed. In my case, /login route goes past DispatchMiddleware.php, executing my custom middleware and I want to understand why.

To duplicate the behavior I am experiencing:

• Create src/App/Middleware/LegacyApplicationMiddleware.php with code below:

declare(strict_types = 1);
namespace App\Middleware;

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;

class LegacyApplicationMiddleware implements MiddlewareInterface
{
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        die("why do we get here?");
    }
}

• Place the new middleware after DispatchMiddleware:

$app->pipe(DispatchMiddleware::class);
$app->pipe(LegacyApplicationMiddleware::class);

• Place new middleware into config under 'factories' key:

LegacyApplicationMiddleware::class => InvokableFactory::class

• Run the app and attempt to log in using any valid username and password

Expectation
After logging in, you should be able to see the default "Welcome to mezzio" login page with the message on top stating "You are succesfully authenticated"

Actual behavior
After login attempt, instead of the welcome page, you see the message "why do we get here?", because LegacyApplicationMiddleware is being executed after the DispatchMiddleware, despite /login being a valid route. My understanding is that a legal route should be entirely serviced by the DispatchMiddleware and go no further than that in the execution of the pipeline.php

Why is my middleware being executed? The intent of my middleware is to only work when I try to load a route that has not been specified in my config, that normally would result in 404 Not Found error. In this case, /login route is found, and should not result in 404 error. I say 404 error, because normally NotFoundHandler will be executed after DispatchMiddleware. In my case, LegacyApplicationMiddleware is being executed first

Can you help explain what's going on? Is that a quirk of the /login route specifically? Is it a malfunction/discrepancy of the mezzio-authentication-with-authorization? Something else?