jasny / auth Goto Github PK
View Code? Open in Web Editor NEWAuthentication, authorization and access control for Slim and other micro-frameworks
Home Page: https://www.jasny.net/auth
Authentication, authorization and access control for Slim and other micro-frameworks
Home Page: https://www.jasny.net/auth
all of the mentioned methods in the documentation are called as static methods, but none of them is static so it gives an error
Auth::login(string $username, string $password)
Auth::loginAs(UserInterface $user)
Auth::logout()
...etc
Hi, Trying to use the library I got such an error.Where am I doing wrong?
@jasny, @SergeAx, @Minstel
Fatal error: Uncaught Error: Typed property Veloster\App\Models\User::$hashedPassword must not be accessed before initialization in C:\xampp\htdocs\php\App\Models\User.php:32
Stack trace:
#0 C:\xampp\htdocs\php\vendor\jasny\auth\src\Auth.php(319): Veloster\App\Models\User->verifyPassword('12345678')
#1 C:\xampp\htdocs\php\App\Models\Accounts.php(46): Jasny\Auth\Auth->login('admin', '12345678')
#2 C:\xampp\htdocs\php\App\Controllers\Home.php(27): Veloster\App\Models\Accounts->authenticate('admin', '12345678')
#3 [internal function]: Veloster\App\Controllers\Home::login(
#4 C:\xampp\htdocs\php\Core\Route.php(74): call_user_func_array(Array, Array)
#5 C:\xampp\htdocs\php\index.php(24): Veloster\Core\Route::dispatch()
#6 {main}
thrown in C:\xampp\htdocs\php\App\Models\User.php on line 32
User.php:
<?php
namespace Veloster\App\Models;
use Jasny\Auth;
use Jasny\Auth\UserInterface;
class User implements UserInterface
{
public string $id;
public string $username;
public int $accessLevel = 0;
protected string $hashedPassword;
public function getAuthId(): string
{
return $this->id;
}
/**
* {@interal This method isn't required by the interface}}.
* @param string $password
*/
public function changePassword(string $password): void
{
$this->hashedPassword = password_hash($password, PASSWORD_BCRYPT);
}
public function verifyPassword(string $password): bool
{
return password_verify($password, $this->hashedPassword);
}
public function getAuthChecksum(): string
{
return hash('sha256', $this->id . $this->hashedPassword);
}
public function getAuthRole(Auth\ContextInterface $context = null): int
{
return $this->accessLevel;
}
public function requiresMfa(): bool
{
return false;
}
}
Funstion in Login_Controller.php:
public function authenticate(string $username,string $password)
{
$levels = new Authz\Levels(['user' => 1, 'moderator' => 10, 'admin' => 100]);
$auth = new Auth($levels, new AuthStorage());
session_start();
$auth->initialize();
$auth->login($username,$password);
}
AuthStroge.php:
<?php
namespace Veloster\App\Models;
use Jasny\Auth;
use Illuminate\Database\Capsule\Manager as DB;
use Jasny\Auth\StorageInterface;
class AuthStorage implements StorageInterface
{
/**
* Fetch a user by ID
* @param string $id
* @return Auth\UserInterface|null
*/
public function fetchUserById(string $id): ?Auth\UserInterface
{
DB::table('Accounts')
->Where('id','=', $id)
->get();
return new User();
}
/**
* Fetch a user by username
* @param string $username
* @return Auth\UserInterface|null
*/
public function fetchUserByUsername(string $username): ?Auth\UserInterface
{
DB::table('Accounts')->Where('username','=', $username)->get();
return new User;
}
/**
* Fetch the context by ID.
* @param string $id
* @return Auth\ContextInterface|null
*/
public function fetchContext(string $id) : ?Auth\ContextInterface
{
DB::table('Accounts')
->Where('id','=', $id)
->get();
return new Context();
}
/**
* Get the default context of the user.
* @param Auth\UserInterface $user
* @return Auth\ContextInterface|null
*/
public function getContextForUser(Auth\UserInterface $user) : ?Auth\ContextInterface
{
return null;
}
}
Hi jasny, I got confused when I will use this library. Does jasny/auth use database? how I set up the jasny/auth?
auth/src/Confirmation/HashidsConfirmation.php
Line 315 in d8d0b72
Third param in hash function generates outputs raw binary data which trigger warnings in Hashids. In constructor of Hashids salt is encoding but is as binary so \mb_detect_encoding($salt)
return incorrect encoding type for \mb_convert_encoding($salt, 'UTF-8', \mb_detect_encoding($salt))
https://github.com/vinkla/hashids/blob/8cab111f78e0bd9c76953b082919fc9e251761be/src/Hashids.php#L95
Fatal error: gymadarasz\Auth\Auth and Jasny\Authz\byLevel define the same property ($levels) in the composition of gymadarasz\Auth\Auth. However, the definition differs and is considered incompatible. Class was composed in C:\xampp\htdocs\testauth\src\Auth\Auth.php on line 97
My suugestion, just remove the line protected static $levels;
from trait byLevel
in file byLevel.php
at line ~37
We should create an Authz
class rather than moving that into the User
class. Moving all functionality to a model class is a 'God object' anti-pattern.
Use dependency injection rather than traits.
The method of MFA shouldn't be important for this lib, though it would always include verifying some sort of code. Instead of requiring the use of wrapper, a callback that takes the user and code and returns a boolean should be all that's needed for the Auth
class.
In addition to the context, add bool $mfa
as argument for getAuthRole()
. This will be set to true
if the user is MFA authenticated. It's up to the User
class to return a role like 'mfa-required' if needed. Methods like isLoggedIn()
will still return true
, even if the login is just partial.
To logic to setup MFA (like creating an OTP secret, sending an email, etc) is outside the scope of this library.
If MFA fails the user is automatically logged out.
class AuthController extends Jasny\Controller
{
public function run(...$args)
{
try {
return parent::run(...$args);
} catch (LoginException $exception) {
$this->session->flash('warning', $exception->getMessage());
$this->redirect('/login');
}
}
public function postLogin()
{
$this->auth->login(
$this->getQueryParam('username'),
$this->getQueryParam('password'),
);
$next = $this->auth->is('mfa-required') ? '/login/mfa' : '/admin';
$this->redirect($next);
}
public function postLoginMfa()
{
$this->auth->mfa($this->getQueryParam('code'));
$this->redirect('/admin');
}
}
class User
{
/** One time password secret for multi factor authentication (MFA) */
public ?string $otpSecret = null;
public getAuthRole(?ContextInterface $context, bool $mfa)
{
if ($this->otpSecret !== null && !$mfa) {
return 'mfa-required';
}
return $this->role;
}
}
$levels = new Authz\Levels([
-1 => 'mfa-required',
1 => 'user',
20 => 'admin',
]);
$auth = (new Auth($levels, ...))
->withMfa(static function(User $user, string $code): bool {
return TOPT::create($user->otpSecret)->verify($code);
});
While trying to implement the example in the README, I keep getting this error, I am using Slim and I am auto loading the example Auth class using composer's psr-0 like this "psr-0": { "": "auth/" }, is this probably because PHP doesn't support abstract static functions or am I doing things wrong?
Hello!
According to
Line 145 in 53536cf
I'd like to use this feature to get rid of extra sql query in Storage::fetchUserById() (i.e. get the User from the session instead of doing an extra sql query(-ies) to get the User from database by uid). But I couldn't find a way to force Jasny/Auth to put the User to the session instead of only putting uid there.
While it is typical there is only one authentication interface per application, this is not the way by definition. Additionally using static methods and properties make testing harder.
// Global Auth for an application
App::auth();
// Application instance for dependency injection
$app->getAuth();
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.