CakeDC Auth Objects is a refactor of the existing Auth objects present in the CakeDC Users Plugin, to let anyone else use them in their projects.

Overview

CakeDC Auth Plugin

Software License Build Status Coverage Status Total Downloads Latest Stable Version

CakeDC Auth Objects is a refactor of the existing Auth objects present in the CakeDC Users Plugin, to let anyone else use them in their projects.

It covers the following features:

  • RBAC
  • Remember me (Cookie)
  • ApiAuthenticate for simple token based login

Requirements

  • CakePHP 4.0.0+
  • PHP 7.2+

Versions and branches

CakePHP CakeDC Auth Plugin Tag Notes
^4.0 6.0 6.0.2 stable
^3.7 <4.0.0 5.0 5.0.0 stable

Documentation

For documentation, as well as tutorials, see the Docs directory of this repository.

Support

For bugs and feature requests, please use the issues section of this repository.

Commercial support is also available, contact us for more information.

Contributing

This repository follows the CakeDC Plugin Standard. If you'd like to contribute new features, enhancements or bug fixes to the plugin, please read our Contribution Guidelines for detailed instructions.

License

Copyright 2017 Cake Development Corporation (CakeDC). All rights reserved.

Licensed under the MIT License. Redistributions of the source code included in this repository must retain the copyright notice found in each file.

Comments
  • allow OPTIONS request without ApiKey

    allow OPTIONS request without ApiKey

    I use ApiKey authentication for a vuejs frontend application, haveing CakePHP at the backend. At first the user give his email and password to identify himself and in the response he gets his ApiKey, and all later requests happens by ApiKey authentication - currently as a query string parameter.

    I want to use it as a header instead of the query string.

    The problem is the following. When I send an ajax request to the backend it sends OPTIONS request without the ApiKey header. It is because by CORS policy it will send a preflight requests. Perhaps because the ApiKey header is missing the backend sends back a 302 response instead of the actual content.

    So what I would need is allowing OPTIONS requests to the application without the ApiKey.

    opened by rrd108 13
  • PHP Notice with last CakePHP version

    PHP Notice with last CakePHP version

    CakeDC/Users is breaking with the recently released CakePHP 3.6.12.

    Notice (1024): Undefined property: PagesController::$Cookie in /cakesandbox/vendor/cakedc/auth/src/Auth/RememberMeAuthenticate.php on line 42 [CORE/src/Controller/Controller.php, line 387]

    I'm using CakeDC/Users and this repo is a dependency.

    opened by viniciusbig 7
  • Issue/69 fix zend diactoros uri

    Issue/69 fix zend diactoros uri

    Replace Zend\Diactoros\Uri imports by Laminas\Diactoros\Uri to fix the following issues :

    https://github.com/CakeDC/auth/issues/69 https://github.com/CakeDC/users/issues/997

    Since CakePHP is using Laminas namespaces I don't see any drawbacks to use it as well in the plugin

    https://github.com/cakephp/cakephp/blob/4.x/composer.json#L31

    Moreover the Zend Diactoros repository is abandoned since the end of 2019.

    This is my first contribution, let me know if I've made something wrong.

    opened by Petrucheqa 6
  • How do I add permissions from another plugin?

    How do I add permissions from another plugin?

    I tried to create a permissions.php file in the plugins/SharpAgent/config directory, however it wasn't loaded...

    How can I add in my plugin bootstrap the following?

    return [
        'Users.SimpleRbac.permissions' => [
            [
                'role' => ['user', 'member', 'admin'],
                'plugin' => 'SharpAgent',
                'controller' => 'Agent',
                'action' => '*',
                'allowed' => true,
            ]
    ]];
    
    opened by jeffreyroberts 5
  • Zend\Diactoros\Uri not found in IsAuthorizedTrait.php

    Zend\Diactoros\Uri not found in IsAuthorizedTrait.php

    Hello, I'm struggling with this issue on production just after deployment.

    2022-05-20 16:40:25 error: [Error] Class "Zend\Diactoros\Uri" not found in /app/vendor/cakedc/auth/src/Traits/IsAuthorizedTrait.php on line 74
    Stack Trace:
    - /app/vendor/cakedc/auth/src/Traits/IsAuthorizedTrait.php:61
    - /app/vendor/cakedc/auth/src/Traits/IsAuthorizedTrait.php:37
    - /app/vendor/cakedc/users/src/View/Helper/AuthLinkHelper.php:49
    - /app/templates/element/global/navbar.php:27
    - /app/vendor/cakephp/cakephp/src/View/View.php:1181
    - /app/vendor/cakephp/cakephp/src/View/View.php:1138
    - /app/vendor/cakephp/cakephp/src/View/View.php:1673
    - /app/vendor/cakephp/cakephp/src/View/View.php:660
    - /app/templates/layout/default.php:10
    - /app/vendor/cakephp/cakephp/src/View/View.php:1181
    - /app/vendor/cakephp/cakephp/src/View/View.php:1138
    - /app/vendor/cakephp/cakephp/src/View/View.php:821
    - /app/vendor/cakephp/cakephp/src/View/View.php:780
    - /app/vendor/cakephp/cakephp/src/Controller/Controller.php:764
    - /app/src/Controller/PagesController.php:65
    - /app/vendor/cakephp/cakephp/src/Controller/Controller.php:539
    - /app/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php:140
    - /app/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php:115
    - /app/vendor/cakephp/cakephp/src/Http/BaseApplication.php:317
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:77
    - /app/vendor/cakephp/authorization/src/Middleware/RequestAuthorizationMiddleware.php:102
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/authorization/src/Middleware/AuthorizationMiddleware.php:129
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/authentication/src/Middleware/AuthenticationMiddleware.php:124
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:174
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/cakephp/src/Http/Middleware/BodyParserMiddleware.php:157
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:161
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php:68
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php:126
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:58
    - /app/vendor/cakephp/cakephp/src/Http/Server.php:90
    - /app/webroot/index.php:40
    

    Runtime PHP 8.1.6

    Composer.lock deps :

                "name": "cakedc/users",
                "version": "11.1.0",
                
                "name": "cakedc/auth",
                "version": "7.0.1",
    

    I don't understand what's wrong and why I have no problem in dev env.

    Tell me if you want more informations for trying to reproduce this strange behaviour

    opened by Petrucheqa 4
  • Permissions with empty value are ignored

    Permissions with empty value are ignored

    Hi,

    In the source code there a parameter to allow an empty field from request pass as valid, but that parameter are never read.

    I tried write a permission rule as below, to allow anyone access any action without a prefix:

    [
            'role' => '*',
            'prefix' => null,
            'extension' => '*',
            'plugin' => '*',
            'controller' => '*',
            'action' => '*',
    ]
    

    But the method _matchOrAsterisk fail because in_array(null, []) === false.

    opened by CauanCabral 3
  • Call to undefined method ArrayObject::toArray()

    Call to undefined method ArrayObject::toArray()

    Hello :wave:

    I get random Call to undefined method ArrayObject::toArray()

    2021-09-03 16:46:34 Error: [Error] Call to undefined method ArrayObject::toArray() in /var/www/html/vendor/cakedc/auth/src/Authentication/AuthenticationService.php on line 117
    Stack Trace:
    - /var/www/html/vendor/cakephp/authentication/src/Middleware/AuthenticationMiddleware.php:105
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Middleware/BodyParserMiddleware.php:159
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:77
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:169
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:58
    - /var/www/html/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:167
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /var/www/html/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php:68
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:58
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Server.php:90
    - /var/www/html/webroot/index.php:40
    

    I am not able to reproduce this always and I do not understand why this happen sometimes and not everytimes.

    When the error occurs, the app is blocked for all pages for the current logged in user.

    Clearing CakePHP cache with bin/cake cache clear_all or clearing the cookies for the app (thus destroying the session) solves the problem until next time.

    cakedc/auth version is 6.1.0  ; CakePHP version is 4.2.6

    Have you any idea ?

    opened by jtraulle 2
  • Add option to use array for autoloading permissions

    Add option to use array for autoloading permissions

    Example usage in users.php in the Users plugin:

    'Auth' => [
    	'RbacPolicy' => [
    		'adapter' => [
    			'autoload_config' => [
    				'MyPlugin.permissions',
    				'MyOtherPlugin.permissions',
    				'permissions',
    			],
    		],
    	],
    ],
    

    Since the array is optional, it should not break existing implementations

    opened by groovenectar 2
  • Update ApiKeyAuthenticate.md

    Update ApiKeyAuthenticate.md

    Updating the documentation for ApiKeyAuthenticate to detail about how underscores in headers are dropped by Ngnix and Apache 2.4.x

    Ngnix https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/?highlight=disappearing%20http%20headers#missing-disappearing-http-headers If you do not explicitly set underscores_in_headers on;, NGINX will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables as both dashes and underscores are mapped to underscores during that process.

    Apache https://httpd.apache.org/docs/trunk/new_features_2_4.html Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped. Environment Variables in Apache has some pointers on how to work around broken legacy clients which require such headers. (This affects all modules which use these environment variables.)

    opened by challgren 2
  • RFC - Convert SimpleRbacAuthorize into a standalone class.

    RFC - Convert SimpleRbacAuthorize into a standalone class.

    Currently SimpleRbacAuthorize can only be used as an authorize adapter for the AuthComponent. It would be nice if it was converted into a standalone lib which could then be used through a middleware.

    enhancement 
    opened by ADmad 2
  • is_callable() invoked on system functions

    is_callable() invoked on system functions

    I have a plugin named Ord. When using 'plugin' => 'Ord' in my permissions array, the _matchPermission() method evaluates is_callable('Ord') as true and attempts to call_user_func().

    ord() is a built-in PHP function so is_callable() returns true. Additional checks on $value should be performed: if(!is_string($value) and is_callable($value))

    opened by kwumr 1
  • 8.next: Cake5 compatiblity

    8.next: Cake5 compatiblity

    This PR provides compatibility with the current Cake5 beta-1

    This also of course required the following base adjustments in the composer.json

        "require": {
            "php": ">=8.1.0",
            "cakephp/cakephp": "5.x-dev"
        },
        "require-dev": {
            "cakephp/authorization": "3.x-dev",
            "cakephp/cakephp-codesniffer": "^5.0",
            "cakephp/authentication": "3.x-dev",
        }
    

    This also updates PHPStan and Psalm to the latest versions as well as PHPUnit to 9.5

    I first tried to make CakeDC/Users Cake5 compatible but saw, that this plugin needs to be updated beforehand.

    Since the current main branch is 6.next-cake4 I first did all the adjustments based on that one. Unfortunately I realized pretty late that 8.next-cake4 was present as well.

    Therefore I just merged 8.next into mine and fixed all the merge conflicts afterwards.

    opened by LordSimal 2
  • Error after update from 6.1.0 to 6.2.0

    Error after update from 6.1.0 to 6.2.0

    I have just updated from 6.1.0 to 6.2.0 and I received this errors after login

    Warning (2): class_implements(): object or string expected [ROOT/vendor/cakedc/auth/src/Authentication/Webauthn2fAuthenticationCheckerFactory.php, line 32]

    I had to revert back to 6.1 to make my app work again

    Thank you

    Rudy

    opened by rudy1976s 1
Releases(7.2.0)
Owner
Cake Development Corporation
Cake Development Corporation
this is a semester project using Laravel, this app allow user to keep and shear their note with other users.

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Vichhagar Nhin 0 Dec 24, 2021
Multi Auth and admin auth in Laravel Project

Laravel Multi Auth For Complete Documentation, visit Here This package is just create admin side (multi auth), which is totaly isolated from your norm

Bitfumes 435 Dec 31, 2022
A PHP boilerplate based on Slim Framework, for start projects with Eloquent ORM, Validation, Auth (JWT), Repositories and Transformers ready

A PHP boilerplate based on Slim Framework, for start projects with Eloquent ORM, Validation, Auth (JWT), Repositories and Transformers ready.

Damiano Petrungaro 58 Aug 10, 2022
A Simple method to create laravel authentication for an existing laravel project.

Laravel Simple Auth A Simple method to create laravel authentication for an existing laravel project. Indroduction Why I created this kind of package?

Dasun Tharanga 10 Dec 14, 2021
Use Permify in server-side PHP Projects.

Permify Php Library Use Permify in server-side PHP Projects. What is Permify? Permify is a plug-&-play authorization API that helps dev teams create g

Permify 7 Apr 22, 2022
Google Auth Library for PHP

This is Google's officially supported PHP client library for using OAuth 2.0 authorization and authentication with Google APIs.

Google APIs 1.2k Jan 4, 2023
Set up Laravel Auth guards using Eloquent in seconds

Nightguard Set up Auth guards using Eloquent in seconds. Introduction Laravel guards provide a super convenient way of authorizing different areas of

Luke Downing 10 Mar 18, 2021
Laravel starter kit with Livewire & Bootstrap 5 auth scaffolding.

Laravel Livewire Auth Laravel starter kit with Livewire & Bootstrap 5 auth scaffolding. Requirements NPM Installation Create a new Laravel app: larave

null 8 Sep 11, 2021
Sliding captcha for dcat-admin auth / dcat-admin登陆 滑动验证插件 多平台支持

dcat-admin登陆 滑动验证插件 多平台支持 dcat-admin登陆 滑动验证插件 多平台支持 另有 laravel-admin版 Demo演示 演示站点(暂时无,目前地址为laravel-admin版的演示地址) 支持(按照字母顺序) 顶象 ✔️ 极验 ✔️ hCaptcha(和谷歌Rec

塵世不再 38 Dec 17, 2022
HTTP Basic Auth Guard for Lumen 5.x

HTTP Basic Auth Guard HTTP Basic Auth Guard is a Lumen Package that lets you use basic as your driver for the authentication guard in your application

Christopher Lass 40 Nov 11, 2022
JWT auth for Laravel and Lumen

JWT Artisan Token auth for Laravel and Lumen web artisans JWT is a great solution for authenticating API requests between various services. This packa

⑅ Generation Tux ⑅ 141 Dec 21, 2022
Laravel Auth guard for FusionAuth JWT

Laravel FusionAuth JWT Implement an Auth guard for FusionAuth JWTs in Laravel. It ships with also a middleware to check against the user role. Install

Theraloss 7 Feb 21, 2022
Files Course Laravel Micro Auth and Authorization

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

EspecializaTi 8 Oct 22, 2022
Simple JWT Auth support for Laravel PHP Framework

Laravel JWT Simple JWT Auth for Laravel PHP Framework using Firebase JWT under the hood. Installation Standard Composer package installation: composer

Ricardo Čerljenko 34 Nov 21, 2022
Simple PASETO Auth support for Laravel PHP Framework

Laravel PASETO Simple PASETO Auth for Laravel PHP Framework using paragonie/paseto under the hood. Installation Standard Composer package installation

Ricardo Čerljenko 9 Jan 11, 2022
Light-weight role-based permissions system for Laravel 6+ built in Auth system.

Kodeine/Laravel-ACL Laravel ACL adds role based permissions to built in Auth System of Laravel 8.0+. ACL middleware protects routes and even crud cont

Kodeine 781 Dec 15, 2022
Configurable Basic Auth based on Pimcore Documents

CORS Property Basic Auth This bundles allows to add basic auth based on Properties on Pimcore Documents. Simply use these properties password_enabled

CORS GmbH 1 Nov 12, 2021
Laravel Auth is a Complete Build of Laravel 8 with Email Registration Verification, Social Authentication, User Roles and Permissions, User Profiles, and Admin restricted user management system.

Laravel Auth is a Complete Build of Laravel 8 with Email Registration Verification, Social Authentication, User Roles and Permissions, User Profiles, and Admin restricted user management system. Built on Bootstrap 4.

Jeremy Kenedy 2.8k Dec 31, 2022