Download the PHP package rsthn/rose-ext-sentinel without Composer

On this page you can find all versions of the php package rsthn/rose-ext-sentinel. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package rose-ext-sentinel

Sentinel Authentication Extension

This extension adds user authentication features to Rose.


Database Structure

The following tables are required by Sentinel. Note that any of the tables below can be extended if desired, the columns shown are the required minimum.

Token Authorization

Whenever authorization via access tokens is desired (by setting auth_bearer to true in the Sentinel configuration section), then add the following tables to your database as well:

Identifier Banning

Sentinel include support to blacklist identifiers that are trying to brute force the system. To use this feature check the sentinel:access-required,sentinel:access-denied and sentinel:access-granted functions.

The following table is required for this feature:



Configuration Section: "Sentinel"

Field Type Description Default
hash string Name of the hash algorithm to use (passed directly to PHP's hash function). sha384
prefix string Password prefix (salt). -
suffix string Password suffix (salt). -
master bool Indicates if permission master should be added to all permissions checks. false
auth_bearer bool When set to true, allows authentication via "Authorization: Bearer" header and enables the sentinel:authorize function. false
auth_basic bool When set to true, allows authentication via "Authorization: Basic" header and automatically sends WWW-Authenticate header along with HTTP status 401 when authentication has not been completed. false
token_permissions bool When set to true, permissions will be loaded from the token_permissions table instead of user_permissions when the user authenticates using a token. false



Functions

(sentinel:password \)

Calculates the hash of the given password and returns it. The plain password gets the suffix and prefix configuration fields appended and prepended respectively before calculating its hash. The hash algorithm is set by the hash configuration field.

(sentinel:status)

Returns the authentication status (boolean) of the active session.

(sentinel:auth-required)

Fails with error code 401 if the active session is not authenticated.

(sentinel:permission-required \)

Verifies if the active session has the specified permissions. Fails with 401 if the session has not been authenticated, or with 403 if the permission requirements are not met. The permissions string contains the permission names OR-sets separated by pipe (|), and the AND-sets separated by ampersand (&).

(sentinel:has-permission \)

Verifies if the active session has the specified permissions. Returns boolean. The permissions string contains the permission name sets (see sentinel:permission-required).

(sentinel:case \ \ ... [default \])

Checks the permissions of the active user against one of the case values. Returns the respective result or the default result if none matches. If no default result is specified an empty string will be returned. Note that each case result should be a value not a block. Each case string is a permission name set (see sentinel:permission-required).

(sentinel:level-required \)

Verifies if the active user meets the specified minimum permission level. The level is the permission_id divided by 100. Fails with 401 if the user has not been authenticated, or with 403 if the permission level requirements are not met.

(sentinel:has-level \)

Verifies if the active user meets the specified minimum permission level. The level is the permission_id divided by 100. Returns boolean.

(sentinel:get-level [username])

Returns the permission level of the active session user, or of the given user if username is provided.

(sentinel:validate \ \)

Verifies if the given credentials are valid, returns boolean.

(sentinel:login \ \)

Verifies if the given credentials are valid, fails with 422 and sets the error field accordingly. When successful, opens a session and loads the user field with the data of the user that has been authenticated.

Note that Sentinel will automatically run the login process (without creating a session) if the Authorization: BASIC data header is detected
and the auth_basic flag is enabled in the configuration.

When using Apache, the HTTP_AUTHORIZATION header is not sent to the application, however by setting the following in your .htaccess it
will be available for Sentinel to use it.

(sentinel:authorize \ [persistent=false])

Checks if the auth_bearer flag is set to true in the Sentinel configuration and then verifies the validity of the token and authorizes access. On errors return status code 422 and sets the error field accordingly.

When successful, opens a session only if the persistent flag is set to true, and loads the user field of the session
with the data of the user related to the token that was just authorized.

Note that Sentinel will automatically run the authorization process (without creating a session) if the Authorization: BEARER token
header is detected while auth_bearer is enabled in the configuration.

(sentinel:token-id)

Returns the token_id of the active session or null if the user is either not authenticated yet or the user authenticated by other means without a token (i.e. regular login).

(sentinel:login-manual \)

Starts a session and loads the specified data object into the user session field, effectively creating (manually) an authenticated session. If the data being placed in the session does not actually exist in the database, ensure to use only the sentinel:auth-required and sentinel:logout functions in your API, all others that query the database will fail.

(sentinel:login-user \)

Verifies if the user exist and forces a login without any password. Fails with 422 and sets the error field accordingly. When successful, opens a session and loads the user field of the session with the data of the user that was just authenticated.

(sentinel:logout)

Removes authentication status from the active session. Note that this function does not remove the session itself, only the authentication data related to the user. Use session:destroy afterwards to fully remove the session completely.

(sentinel:reload)

Reloads the active user's session data and permissions from the database.

(sentinel:access-required \ [message])

Ensures the provided identifier is not either banned or blocked. Fails with status code 409 and with the default error message if the message parameter is not provided.

(sentinel:access-denied \ [action='auto'] [wait-timeout=2] [block-timeout=30])

Registers an access-denied attempt for the specified identifier. Returns a string indicating the action taken for the identifier, valid values are auto, wait, block, or ban.

(sentinel:access-granted \ [unban=false])

Grants access to an identifier, calling this will reset the failed and blocked counters. A ban will continue to be in effect unless the unban parameter is set to true.


All versions of rose-ext-sentinel with dependencies

PHP Build Version
Package Version
Requires rsthn/rose-core Version ^5.0.5
rsthn/rose-extension-installer Version *
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package rsthn/rose-ext-sentinel contains the following files

Loading the files please wait ....