CakeDC Auth Objects is a refactor of the existing Auth objects present in the CakeDC Users Plugin, to let anyone else use them in their projects.

Last update: Mar 28, 2022

CakeDC Auth Plugin

Software License Build Status Coverage Status Total Downloads Latest Stable Version

CakeDC Auth Objects is a refactor of the existing Auth objects present in the CakeDC Users Plugin, to let anyone else use them in their projects.

It covers the following features:

  • RBAC
  • Remember me (Cookie)
  • ApiAuthenticate for simple token based login

Requirements

  • CakePHP 4.0.0+
  • PHP 7.2+

Versions and branches

CakePHP CakeDC Auth Plugin Tag Notes
^4.0 6.0 6.0.2 stable
^3.7 <4.0.0 5.0 5.0.0 stable

Documentation

For documentation, as well as tutorials, see the Docs directory of this repository.

Support

For bugs and feature requests, please use the issues section of this repository.

Commercial support is also available, contact us for more information.

Contributing

This repository follows the CakeDC Plugin Standard. If you'd like to contribute new features, enhancements or bug fixes to the plugin, please read our Contribution Guidelines for detailed instructions.

License

Copyright 2017 Cake Development Corporation (CakeDC). All rights reserved.

Licensed under the MIT License. Redistributions of the source code included in this repository must retain the copyright notice found in each file.

GitHub

https://github.com/cakedc/auth
Comments
  • 1. allow OPTIONS request without ApiKey

    I use ApiKey authentication for a vuejs frontend application, haveing CakePHP at the backend. At first the user give his email and password to identify himself and in the response he gets his ApiKey, and all later requests happens by ApiKey authentication - currently as a query string parameter.

    I want to use it as a header instead of the query string.

    The problem is the following. When I send an ajax request to the backend it sends OPTIONS request without the ApiKey header. It is because by CORS policy it will send a preflight requests. Perhaps because the ApiKey header is missing the backend sends back a 302 response instead of the actual content.

    So what I would need is allowing OPTIONS requests to the application without the ApiKey.

    Reviewed by rrd108 at 2019-12-09 14:22
  • 2. PHP Notice with last CakePHP version

    CakeDC/Users is breaking with the recently released CakePHP 3.6.12.

    Notice (1024): Undefined property: PagesController::$Cookie in /cakesandbox/vendor/cakedc/auth/src/Auth/RememberMeAuthenticate.php on line 42 [CORE/src/Controller/Controller.php, line 387]

    I'm using CakeDC/Users and this repo is a dependency.

    Reviewed by viniciusbig at 2018-10-03 01:32
  • 3. Issue/69 fix zend diactoros uri

    Replace Zend\Diactoros\Uri imports by Laminas\Diactoros\Uri to fix the following issues :

    https://github.com/CakeDC/auth/issues/69 https://github.com/CakeDC/users/issues/997

    Since CakePHP is using Laminas namespaces I don't see any drawbacks to use it as well in the plugin

    https://github.com/cakephp/cakephp/blob/4.x/composer.json#L31

    Moreover the Zend Diactoros repository is abandoned since the end of 2019.

    This is my first contribution, let me know if I've made something wrong.

    Reviewed by Petrucheqa at 2022-05-25 10:15
  • 4. How do I add permissions from another plugin?

    I tried to create a permissions.php file in the plugins/SharpAgent/config directory, however it wasn't loaded...

    How can I add in my plugin bootstrap the following?

    return [
        'Users.SimpleRbac.permissions' => [
            [
                'role' => ['user', 'member', 'admin'],
                'plugin' => 'SharpAgent',
                'controller' => 'Agent',
                'action' => '*',
                'allowed' => true,
            ]
    ]];
    
    Reviewed by jeffreyroberts at 2017-08-29 15:40
  • 5. Zend\Diactoros\Uri not found in IsAuthorizedTrait.php

    Hello, I'm struggling with this issue on production just after deployment.

    2022-05-20 16:40:25 error: [Error] Class "Zend\Diactoros\Uri" not found in /app/vendor/cakedc/auth/src/Traits/IsAuthorizedTrait.php on line 74
    Stack Trace:
    - /app/vendor/cakedc/auth/src/Traits/IsAuthorizedTrait.php:61
    - /app/vendor/cakedc/auth/src/Traits/IsAuthorizedTrait.php:37
    - /app/vendor/cakedc/users/src/View/Helper/AuthLinkHelper.php:49
    - /app/templates/element/global/navbar.php:27
    - /app/vendor/cakephp/cakephp/src/View/View.php:1181
    - /app/vendor/cakephp/cakephp/src/View/View.php:1138
    - /app/vendor/cakephp/cakephp/src/View/View.php:1673
    - /app/vendor/cakephp/cakephp/src/View/View.php:660
    - /app/templates/layout/default.php:10
    - /app/vendor/cakephp/cakephp/src/View/View.php:1181
    - /app/vendor/cakephp/cakephp/src/View/View.php:1138
    - /app/vendor/cakephp/cakephp/src/View/View.php:821
    - /app/vendor/cakephp/cakephp/src/View/View.php:780
    - /app/vendor/cakephp/cakephp/src/Controller/Controller.php:764
    - /app/src/Controller/PagesController.php:65
    - /app/vendor/cakephp/cakephp/src/Controller/Controller.php:539
    - /app/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php:140
    - /app/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php:115
    - /app/vendor/cakephp/cakephp/src/Http/BaseApplication.php:317
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:77
    - /app/vendor/cakephp/authorization/src/Middleware/RequestAuthorizationMiddleware.php:102
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/authorization/src/Middleware/AuthorizationMiddleware.php:129
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/authentication/src/Middleware/AuthenticationMiddleware.php:124
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:174
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/cakephp/src/Http/Middleware/BodyParserMiddleware.php:157
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:161
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php:68
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php:126
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /app/vendor/cakephp/cakephp/src/Http/Runner.php:58
    - /app/vendor/cakephp/cakephp/src/Http/Server.php:90
    - /app/webroot/index.php:40
    

    Runtime PHP 8.1.6

    Composer.lock deps :

                "name": "cakedc/users",
                "version": "11.1.0",
                
                "name": "cakedc/auth",
                "version": "7.0.1",
    

    I don't understand what's wrong and why I have no problem in dev env.

    Tell me if you want more informations for trying to reproduce this strange behaviour

    Reviewed by Petrucheqa at 2022-05-20 16:48
  • 6. Permissions with empty value are ignored

    Hi,

    In the source code there a parameter to allow an empty field from request pass as valid, but that parameter are never read.

    I tried write a permission rule as below, to allow anyone access any action without a prefix:

    [
            'role' => '*',
            'prefix' => null,
            'extension' => '*',
            'plugin' => '*',
            'controller' => '*',
            'action' => '*',
    ]
    

    But the method _matchOrAsterisk fail because in_array(null, []) === false.

    Reviewed by CauanCabral at 2018-02-07 14:36
  • 7. Call to undefined method ArrayObject::toArray()

    Hello :wave:

    I get random Call to undefined method ArrayObject::toArray()

    2021-09-03 16:46:34 Error: [Error] Call to undefined method ArrayObject::toArray() in /var/www/html/vendor/cakedc/auth/src/Authentication/AuthenticationService.php on line 117
    Stack Trace:
    - /var/www/html/vendor/cakephp/authentication/src/Middleware/AuthenticationMiddleware.php:105
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Middleware/BodyParserMiddleware.php:159
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:77
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:169
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:58
    - /var/www/html/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:167
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /var/www/html/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php:68
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:58
    - /var/www/html/vendor/cakephp/cakephp/src/Http/Server.php:90
    - /var/www/html/webroot/index.php:40
    

    I am not able to reproduce this always and I do not understand why this happen sometimes and not everytimes.

    When the error occurs, the app is blocked for all pages for the current logged in user.

    Clearing CakePHP cache with bin/cake cache clear_all or clearing the cookies for the app (thus destroying the session) solves the problem until next time.

    cakedc/auth version is 6.1.0  ; CakePHP version is 4.2.6

    Have you any idea ?

    Reviewed by jtraulle at 2021-09-03 17:01
  • 8. Add option to use array for autoloading permissions

    Example usage in users.php in the Users plugin:

    'Auth' => [
    	'RbacPolicy' => [
    		'adapter' => [
    			'autoload_config' => [
    				'MyPlugin.permissions',
    				'MyOtherPlugin.permissions',
    				'permissions',
    			],
    		],
    	],
    ],
    

    Since the array is optional, it should not break existing implementations

    Reviewed by groovenectar at 2020-01-10 19:22
  • 9. Update ApiKeyAuthenticate.md

    Updating the documentation for ApiKeyAuthenticate to detail about how underscores in headers are dropped by Ngnix and Apache 2.4.x

    Ngnix https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/?highlight=disappearing%20http%20headers#missing-disappearing-http-headers If you do not explicitly set underscores_in_headers on;, NGINX will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables as both dashes and underscores are mapped to underscores during that process.

    Apache https://httpd.apache.org/docs/trunk/new_features_2_4.html Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped. Environment Variables in Apache has some pointers on how to work around broken legacy clients which require such headers. (This affects all modules which use these environment variables.)

    Reviewed by challgren at 2018-12-31 10:36
  • 10. RFC - Convert SimpleRbacAuthorize into a standalone class.

    Currently SimpleRbacAuthorize can only be used as an authorize adapter for the AuthComponent. It would be nice if it was converted into a standalone lib which could then be used through a middleware.

    Reviewed by ADmad at 2017-05-02 19:10
  • 11. is_callable() invoked on system functions

    I have a plugin named Ord. When using 'plugin' => 'Ord' in my permissions array, the _matchPermission() method evaluates is_callable('Ord') as true and attempts to call_user_func().

    ord() is a built-in PHP function so is_callable() returns true. Additional checks on $value should be performed: if(!is_string($value) and is_callable($value))

    Reviewed by kwumr at 2019-07-19 16:29
  • 12. Error after update from 6.1.0 to 6.2.0

    I have just updated from 6.1.0 to 6.2.0 and I received this errors after login

    Warning (2): class_implements(): object or string expected [ROOT/vendor/cakedc/auth/src/Authentication/Webauthn2fAuthenticationCheckerFactory.php, line 32]

    I had to revert back to 6.1 to make my app work again

    Thank you

    Rudy

    Reviewed by rudy1976s at 2021-12-22 15:13
Multi Auth and admin auth in Laravel Project

Laravel Multi Auth For Complete Documentation, visit Here This package is just create admin side (multi auth), which is totaly isolated from your norm

Jul 16, 2022
this is a semester project using Laravel, this app allow user to keep and shear their note with other users.

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Dec 24, 2021
A PHP boilerplate based on Slim Framework, for start projects with Eloquent ORM, Validation, Auth (JWT), Repositories and Transformers ready

A PHP boilerplate based on Slim Framework, for start projects with Eloquent ORM, Validation, Auth (JWT), Repositories and Transformers ready.

Aug 5, 2022
A Simple method to create laravel authentication for an existing laravel project.
A Simple method to create laravel authentication for an existing laravel project.

Laravel Simple Auth A Simple method to create laravel authentication for an existing laravel project. Indroduction Why I created this kind of package?

Dec 14, 2021
Use Permify in server-side PHP Projects.
Use Permify in server-side PHP Projects.

Permify Php Library Use Permify in server-side PHP Projects. What is Permify? Permify is a plug-&-play authorization API that helps dev teams create g

Apr 22, 2022
Google Auth Library for PHP

This is Google's officially supported PHP client library for using OAuth 2.0 authorization and authentication with Google APIs.

Aug 7, 2022
Set up Laravel Auth guards using Eloquent in seconds

Nightguard Set up Auth guards using Eloquent in seconds. Introduction Laravel guards provide a super convenient way of authorizing different areas of

Mar 18, 2021
Laravel starter kit with Livewire & Bootstrap 5 auth scaffolding.

Laravel Livewire Auth Laravel starter kit with Livewire & Bootstrap 5 auth scaffolding. Requirements NPM Installation Create a new Laravel app: larave

Sep 11, 2021
Sliding captcha for dcat-admin auth / dcat-admin登陆 滑动验证插件 多平台支持
Sliding captcha for dcat-admin auth / dcat-admin登陆 滑动验证插件 多平台支持

dcat-admin登陆 滑动验证插件 多平台支持 dcat-admin登陆 滑动验证插件 多平台支持 另有 laravel-admin版 Demo演示 演示站点(暂时无,目前地址为laravel-admin版的演示地址) 支持(按照字母顺序) 顶象 ✔️ 极验 ✔️ hCaptcha(和谷歌Rec

Aug 5, 2022
HTTP Basic Auth Guard for Lumen 5.x

HTTP Basic Auth Guard HTTP Basic Auth Guard is a Lumen Package that lets you use basic as your driver for the authentication guard in your application

Feb 14, 2022
JWT auth for Laravel and Lumen
JWT auth for Laravel and Lumen

JWT Artisan Token auth for Laravel and Lumen web artisans JWT is a great solution for authenticating API requests between various services. This packa

Aug 7, 2022
Laravel Auth guard for FusionAuth JWT

Laravel FusionAuth JWT Implement an Auth guard for FusionAuth JWTs in Laravel. It ships with also a middleware to check against the user role. Install

Feb 21, 2022
Files Course Laravel Micro Auth and Authorization

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Jul 16, 2022
Simple JWT Auth support for Laravel PHP Framework

Laravel JWT Simple JWT Auth for Laravel PHP Framework using Firebase JWT under the hood. Installation Standard Composer package installation: composer

Apr 28, 2022
Simple PASETO Auth support for Laravel PHP Framework

Laravel PASETO Simple PASETO Auth for Laravel PHP Framework using paragonie/paseto under the hood. Installation Standard Composer package installation

Jan 11, 2022
Light-weight role-based permissions system for Laravel 6+ built in Auth system.

Kodeine/Laravel-ACL Laravel ACL adds role based permissions to built in Auth System of Laravel 8.0+. ACL middleware protects routes and even crud cont

Aug 5, 2022
Configurable Basic Auth based on Pimcore Documents

CORS Property Basic Auth This bundles allows to add basic auth based on Properties on Pimcore Documents. Simply use these properties password_enabled

Nov 12, 2021
Laravel Auth is a Complete Build of Laravel 8 with Email Registration Verification, Social Authentication, User Roles and Permissions, User Profiles, and Admin restricted user management system.
Laravel Auth is a Complete Build of Laravel 8 with Email Registration Verification, Social Authentication, User Roles and Permissions, User Profiles, and Admin restricted user management system.

Laravel Auth is a Complete Build of Laravel 8 with Email Registration Verification, Social Authentication, User Roles and Permissions, User Profiles, and Admin restricted user management system. Built on Bootstrap 4.

Aug 13, 2022