CakePHP TinyAuth plugin for an easy and fast user authentication and authorization. Single or multi role. DB or config file based.
MIT License
Add any role to any command and action:
bin/cake tiny_auth_add {Controller} {Action} {roles, comma separated}
It will skip if the roles are already present for this controller and action.
Use with -d -v
to just output the changes it would do to your ACL INI file.
Published by dereuromark 10 months ago
Fixed role reading/detection for role as backed enum.
The following would now work for a string field:
namespace App\Model\Enum;
use Cake\Database\Type\EnumLabelInterface;
use Cake\Utility\Inflector;
enum UserRole: string implements EnumLabelInterface {
case MAINTAINER = 'maintainer';
case ADMIN = 'admin';
/**
* @return string
*/
public function label(): string {
return Inflector::humanize(mb_strtolower($this->name));
}
}
Published by dereuromark 11 months ago
Enjoy!
Published by dereuromark about 1 year ago
Please test, once confirmed we can release stable.
Published by dereuromark about 1 year ago
Published by dereuromark over 2 years ago
Published by dereuromark about 3 years ago
Prepared for PHP 8 testing.
Published by dereuromark almost 4 years ago
Published by dereuromark almost 4 years ago
Published by dereuromark about 4 years ago
Fixed compatibility with plugins a bit more.
Published by dereuromark over 4 years ago
This release now contains two possible versions to be used
It manages access to controller actions the easy and DRY way using different strategies.
By default, it ships with simple INI files, but you can also add DB adapters or custom ones.
On top, it contains useful helpers around access checking in both controller and view level using components and helpers.
Published by dereuromark almost 5 years ago
Please help to finalize for stable release.
Published by dereuromark almost 5 years ago
Added TinyAuth RequestAuthorizationMiddleware to handle requests correctly that are already "public" through Authentication skipping, and thus should not throw an exception.
use Authorization\Middleware\AuthorizationMiddleware;
use TinyAuth\Middleware\RequestAuthorizationMiddleware;
$middlewareQueue->add(new AuthorizationMiddleware($this));
$middlewareQueue->add(new RequestAuthorizationMiddleware());
Published by dereuromark almost 5 years ago
After 5 years it is time for an upgrade: A shiny new major with shiny new features.
acl.ini
is now auth_acl.ini
, to be in sync with auth_allow.ini
.
You can use Configure to keep old names if you want to (or need it for BC).
TinyAuth, to really live up to its name, offers a few new quick setups.
If you have non-prefixed controllers that you want to make public and keep prefixed ones protected:
'allowNonPrefixed' => true,
If you want to allow certain prefixes on top, you can use:
'allowPrefixes' => [
'my_prefix',
'nested/prefix',
],
With this version a new AllowAdapterInterface has been added to complete an API for other libraries to provide data:
Both able to be used to connect this plugin to other libraries for providing allow/ACL input.
It continues to default to the internal INI adapters.
If other adapters - e.g. reading from DB - are used, it will still cache those internally to provide the same general speed it does with internal adapters.
One DB integration is now available as TinyAuthBackend plugin.
Support for the new Authentication and Authorization plugins has been added.
A RequestPolicy is now provided to connect the TinyAuth ACL input to request based authorization using this new plugin.
If you plan on using the new plugins, you must not use Auth
component anymore. They can't be mixed.
Cache can now be cleared from code side for each auth type.
There is now a convenience class TinyAuth in Utility namespace to quickly retrieve currently available roles.
With this release a few small BC breaks will have to be covered with configuration (if you didn't so before):
_authUser
data is now only handed down to the view layer from AuthUser component, not Auth anymore.Published by dereuromark almost 5 years ago
Fixed allowUser
config together with nested prefixes to work as expected.
Published by dereuromark almost 5 years ago
Asserted that accidentally reading global Configure data is not possible.
Published by dereuromark over 5 years ago
Fixed support for multiple slashes in prefix.
Published by dereuromark over 5 years ago
Support named routes.
$this->AuthUser->link('Change Password', ['_name' => 'admin:account:password'])
$this->AuthUserHelper->hasAccess(['_name' => 'Tags::edit'])
Thanks for this @lorro and @saeideng
Published by dereuromark almost 6 years ago
$this->Auth->deny()
can now be used inside Controller::beforeFilter()
Published by dereuromark about 6 years ago
hasAccess()
so far only included ACL data. Those links and access checks are meant to be used for logged in users.
It now can include also "allow" authentication-skipping data (publicly accessible actions), if includeAuthentication
is set to true.
But this only checks/uses the INI config, it can not work on controller authentication. So make sure
you transformed everything fully to the INI file here. Any custom ->allow()
call in controllers
can not be taken into account.
For this to work some of the (wrongly shared) configs had to be changed (while trying to keep BC):
ACL config:
cacheKey
is now aclCacheKey
file
is now aclFile
filePath
is now aclFilePath
Authentication config:
cacheKey
is now allowCacheKey
file
is now allowFile
filePath
is now allowFilePath
If you didnt modify any, you are BC here for sure.
If you used online runtime config on the classes (instead of Configure), you will also be fine.
Only if you used Configure (which technically was a bit wrong since they might affect both types due to the same key) you might have to do a small migration here.