Download the PHP package matthewslouismarie/auth-abstractor without Composer

On this page you can find all versions of the php package matthewslouismarie/auth-abstractor. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of matthewslouismarie/auth-abstractor

Informations about the package auth-abstractor

auth-abstractor

Build Status codecov Mutation Score Scrutinizer Code Quality Code Intelligence Status

composer require matthewslouismarie/auth-abstractor

A PHP library which aims to completely abstract the authentication logic from your PHP web application. You won't even have to create the views!

It does so by acting as a middleware. Simply pass it the HTTP request and you will get back an HTTP response along with an object of the class AuthenticationProcess.

Documentation

You can browse auth-abstractor's API documentation here.

Features

How to use it

Overview

To use it, you first need to create an AuthenticationKernel object. This object can be shared among your entire web application (and can be registered as a service). Now, when the user arrives on a page, let's say a login page, you need to create a new AuthenticationProcess object. You then pass this object, along with the HTTP request, to the AuthenticationKernel object you created earlier. The AuthenticationKernel returns an HTTP response and a new AuthenticationProcess. You store the AuthenticationProcess somehow (e.g. in session), and you send back to the user the HTTP response.

Note: in auth-abstractor, by authentication, I mean authentication and registration.

security-comparator is a web application that makes use of auth-abstractor to abstract the entirety of the registration and the authentication process.

You can even view a one page example demonstrating the use of auth-abstractor with Symfony.

Creating an AuthenticationKernel object

You need to construct an AuthenticationKernel by passing an implementation of IApplicationConfiguration to its constructor. You are not obliged to define your own implementation of IApplicationConfiguration however. Instead, you can also simply pass it a ApplicationConfiguration object.

IMember is an interface for members (users with an account) of your application. If you already have a class that represents your members, you can simply make it implements IMember as well. Otherwise, you can also use the convenience implementation Member.

AuthenticationKernel is an object that can be common to your entire web applications, so you can register it as a service if your web application supports dependency injection (e.g. Symfony).

Creating the Authentication Process

The first time the user arrives on a page, say the login page, the authentication process does not exist. So you have to create it. It is advised to use the AuthenticationProcessFactory to do that:

You pass to createProcess an array of challenge class names. A challenge is a step in the authentication or registration process (e.g. a page asking for a password, or a page asking for the user to plug their U2F device in). These classes need to be implementations of IChallenge. You can define your owns of course. auth-abstractor comes with the following challenges:

You can combine these (i.e. combine several of these in the array you pass to AuthenticationProcessFactory. Sometimes, a certain order is necessary: e.g. the username of the user must be known before PasswordChallenge gets processed. One way to do that is to put a ExistingUsernameChallenge before.

Each challenge relies on a certain numbers of parameters being defined. You are pass the parameters when you create the authentication process using the authentication process factory.

AuthenticationProcessFactory supports additional, optional parameters, for example, to specify the current user's username.

Processing the Authentication Process

You now need to call processHttpRequest of the AuthenticationKernel.

You pass it: a PSR-7 representation of the HTTP request, the created or retrieved authentication process, and a callback.

The callback needs to be an implementation of IAuthenticationCallback, but you can simply instantiate a Callback.

Symfony provides tools for converting the Response and Request to and from PSR-7 objects.

You can then store the new AuthenticationProcess somehow (e.g. in session) that you will retrieve later instead of instantiating a new AuthenticationProcess object. And of course, you return an HTTP response.

You can see a complete example of the use of auth-abstractor here.

Persisting the changes

auth-abstractor never changes your application directly. It does not know whether what kind of DBMS you're using, or even if you use a database at all! However, at some point, it needs to be able to tell you of changes you should persist. For example, if you create an authentication process with the CredentialRegistrationChallenge, you need to persist somewhere the member who created their account!

The way to do that is simply to call getPersistOperation() on the AuthenticationProcess object. From the callback's handleSuccessfulProcess() method:

Assets

In order for U2F registration and authentication to work, you will need google-u2f-api.js and jquery. These files need to be in the folder which path is given by getAssetUri().

Of course, you can override the U2F views with your very own views which can use different JavaScript libraries.

TODOs

All versions of auth-abstractor with dependencies

PHP Build Version
Package Version
Requires php Version >=7.1.0
psr/http-message Version ^1.0
twig/twig Version ^2.0
symfony/asset Version ^4.0
php-di/php-di Version ^6.0
symfony/form Version ^4.0
symfony/security-csrf Version ^4.0
symfony/twig-bridge Version ^4.0
symfony/translation Version ^4.0
symfony/config Version ^4.0
symfony/http-foundation Version ^4.0
symfony/psr-http-message-bridge Version ^1.0
psr/container Version ^1.0
firehed/u2f Version dev-master
symfony/validator Version ^4.0
zendframework/zend-diactoros Version ^1.7
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package matthewslouismarie/auth-abstractor contains the following files

Loading the files please wait ....