Download the PHP package rsthn/rose-ext-sentinel without Composer
On this page you can find all versions of the php package rsthn/rose-ext-sentinel. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download rsthn/rose-ext-sentinel
More information about rsthn/rose-ext-sentinel
Files in rsthn/rose-ext-sentinel
Package rose-ext-sentinel
Short Description Sentinel Authentication Extension
License Apache-2.0
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package rose-ext-sentinel
Sentinel Authentication Extension
This extension adds user authentication features to Rose.
Database Structure
The following tables are required by Sentinel. Note that any of the tables below can be extended if desired, the columns shown are the required minimum.
Token Authorization
Whenever authorization via access tokens is desired (by setting auth_bearer to true in the Sentinel configuration section), then add the following tables to your database as well:
Identifier Banning
Sentinel include support to blacklist identifiers that are trying to brute force the system. To use this feature check the sentinel:access-required,sentinel:access-denied and sentinel:access-granted functions.
The following table is required for this feature:
Configuration Section: "Sentinel"
| Field | Type | Description | Default |
|---|---|---|---|
| hash | string | Name of the hash algorithm to use (passed directly to PHP's hash function). | sha384 |
| prefix | string | Password prefix (salt). | - |
| suffix | string | Password suffix (salt). | - |
| master | bool | Indicates if permission master should be added to all permissions checks. |
false |
| auth_bearer | bool | When set to true, allows authentication via "Authorization: Bearer" header and enables the sentinel:authorize function. |
false |
| auth_basic | bool | When set to true, allows authentication via "Authorization: Basic" header and automatically sends WWW-Authenticate header along with HTTP status 401 when authentication has not been completed. |
false |
| token_permissions | bool | When set to true, permissions will be loaded from the token_permissions table instead of user_permissions when the user authenticates using a token. |
false |
Functions
(sentinel:password \)
Calculates the hash of the given password and returns it. The plain password gets the suffix and prefix configuration fields
appended and prepended respectively before calculating its hash. The hash algorithm is set by the hash configuration field.
(sentinel:status)
Returns the authentication status (boolean) of the active session.
(sentinel:auth-required)
Fails with error code 401 if the active session is not authenticated.
(sentinel:permission-required \)
Verifies if the active session has the specified permissions. Fails with 401 if the session has not been authenticated, or with
403 if the permission requirements are not met. The permissions string contains the permission names OR-sets separated by pipe (|),
and the AND-sets separated by ampersand (&).
(sentinel:has-permission \)
Verifies if the active session has the specified permissions. Returns boolean. The permissions string contains the permission
name sets (see sentinel:permission-required).
(sentinel:case \ \ ... [default \])
Checks the permissions of the active user against one of the case values. Returns the respective result or the default result if
none matches. If no default result is specified an empty string will be returned. Note that each case result should be a value
not a block. Each case string is a permission name set (see sentinel:permission-required).
(sentinel:level-required \)
Verifies if the active user meets the specified minimum permission level. The level is the permission_id divided by 100. Fails with 401
if the user has not been authenticated, or with 403 if the permission level requirements are not met.
(sentinel:has-level \)
Verifies if the active user meets the specified minimum permission level. The level is the permission_id divided by 100. Returns boolean.
(sentinel:get-level [username])
Returns the permission level of the active session user, or of the given user if username is provided.
(sentinel:validate \ \)
Verifies if the given credentials are valid, returns boolean.
(sentinel:login \ \)
Verifies if the given credentials are valid, fails with 422 and sets the error field accordingly. When successful, opens a session
and loads the user field with the data of the user that has been authenticated.
Note that Sentinel will automatically run the login process (without creating a session) if the Authorization: BASIC data header is detected
and the auth_basic flag is enabled in the configuration.
When using Apache, the HTTP_AUTHORIZATION header is not sent to the application, however by setting the following in your .htaccess it
will be available for Sentinel to use it.
(sentinel:authorize \ [persistent=false])
Checks if the auth_bearer flag is set to true in the Sentinel configuration and then verifies the validity of the token
and authorizes access. On errors return status code 422 and sets the error field accordingly.
When successful, opens a session only if the persistent flag is set to true, and loads the user field of the session
with the data of the user related to the token that was just authorized.
Note that Sentinel will automatically run the authorization process (without creating a session) if the Authorization: BEARER token
header is detected while auth_bearer is enabled in the configuration.
(sentinel:token-id)
Returns the token_id of the active session or null if the user is either not authenticated yet or the user
authenticated by other means without a token (i.e. regular login).
(sentinel:login-manual \)
Starts a session and loads the specified data object into the user session field, effectively creating (manually) an
authenticated session. If the data being placed in the session does not actually exist in the database, ensure to use only
the sentinel:auth-required and sentinel:logout functions in your API, all others that query the database will fail.
(sentinel:login-user \)
Verifies if the user exist and forces a login without any password. Fails with 422 and sets the error field
accordingly. When successful, opens a session and loads the user field of the session with the data of the user
that was just authenticated.
(sentinel:logout)
Removes authentication status from the active session. Note that this function does not remove the session itself, only
the authentication data related to the user. Use session:destroy afterwards to fully remove the session completely.
(sentinel:reload)
Reloads the active user's session data and permissions from the database.
(sentinel:access-required \ [message])
Ensures the provided identifier is not either banned or blocked. Fails with status code 409 and with the default
error message if the message parameter is not provided.
(sentinel:access-denied \ [action='auto'] [wait-timeout=2] [block-timeout=30])
Registers an access-denied attempt for the specified identifier. Returns a string indicating the action taken for
the identifier, valid values are auto, wait, block, or ban.
(sentinel:access-granted \ [unban=false])
Grants access to an identifier, calling this will reset the failed and blocked counters. A ban will continue
to be in effect unless the unban parameter is set to true.
