PHP download

Download the PHP package teresko/palladium without Composer

On this page you can find all versions of the php package teresko/palladium. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download teresko/palladium
More information about teresko/palladium
Files in teresko/palladium

Vendor teresko
Package palladium
Short Description User authentication and registration component
License BSD-3-Clause
Homepage https://github.com/teresko/palladium

Keywords Authentication registration login auth account

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of teresko/palladium

Informations about the package palladium

Palladium

(work-in-progress: docs for 2.0)

Library for handling the user identification.

The purpose of this library is to locate user's account (to be precise - its unique id) for a given proof of identity and to manage various types of identities. It consists of 4 different services: Identification, Registration, Search and Recovery.

Installation

You can add the library to your project using composer with following command:

To use this package, it require PHP version 7.0+ and PDO.

You will also need to create a table, where to store the identities. The example schema is available here. It currently contains only table definition for MySQL/MariaDB, but the library can be used with any RDBMS, that has a PDO driver.

Initialization

Palladium contains 4 services: Registration, Identification, Search and Recovery. Each of these services has two mandatory dependencies:

repository (that implements Palladium\Contract\CanPersistIdenity)
logger (that implements Psr\Log\LoggerInterface)

This gives you an option to replace the default repository, if you want to alter or replace parts of persistence abstraction layer. As for logger - the recommended approach is to use Monolog, but it would work with any compatible logging system.

The default repository also comes with functionality for adding custom identity types and data mappers, that are used for either your or the built-in identity types. For usage details see %TODO% section.

Optional parameters

In the constructor of Identification service there is an optional third and fourth parameter:

lifespan of the cookie (in seconds), which defaults to 4 hours.
hash cost (for BCrypt), which defaults to 12

In the constructor of Registration service there is an optional third parameter:

hash cost (for BCrypt), which defaults to 12

Setting up the repository

As noted above, all 4 of the services expect a repository as a constructor dependency. If you are not replacing the bundled repository with your custome version, then you will need to initialize Palladium\Repository\Identity and pass it to the services.

The bundled repository itself has a single dependency: instance, that implements Palladium\Contract\CanCreateMapper. This contract (interface) is implemented by Palladium\Component\MapperFactory. And this factory has two dependencies: PDO instance and the name of table, where the identities will be stored.

In every other code example, where you see $repository variable used, you can assume, that it has been initialized using this code sample.

Use with DI containers

For users of Symfony's DependencyInjection Component (version: 3.4+), there is a sample configuration file: %TODO%

Usage

Registration of new identity

If operation is completed successfully, the $identity variable will contain an instance of unverified StandardIdentity. To complete verification, you will have to use the token, that the identity contains. In the give example, this token can be assessed using $instance->getToken().

The createStandardIdentity() method can throw IdentityConflict exception, if email has already used for a another identity.

The createStandardIdentity() method has an optional third parameter, that defines the lifespan on the email verification token in seconds. When applied, the previous example looks as following:

This will make the verification token usable for 1 hour after this user's identity has been registered. After that given time passes, you won't be able to find this identity using the findStandardIdentityByToken() in the Search service.

IMPORTANT: the createStandardIdentity() methods does not validate users email or any other type of identifier. It only checks its uniqueness. Validation of emails, phone numbers, nicknames and other identifiers is beyond the scope of this library.

Verification of an identity

The $token value is used to locate the matching EmailIdentity, which then gets verified. If the identity is not found, the findStandardIdentityByToken() will throw IdentityNotFound exception.

Login with email and password

If there is no matching identity with given idenitifier (like, email address) found, the findStandardIdentityByIdentifier() method will throw IdentityNotFound exception.

In case, if password does not match, the loginWithPassword() method will throw PasswordMismatch exception.

Creation of new single-use login

This will create a new instance of NonceIdentity. To use it for login, you will need values in NonceIdentity::getIdentifier() and NonceIdentity::getKey(), where the identifier will be used to locate the nonce identity and key will be used to verify.

The createNonceIdentity() method was an optional second parameter, that defines the lifespan this single-use identity in seconds. When applied, the previous example looks as following:

This will make the single-use identity usable for 10 minutes after its creation. After the allowed time has passed, passing this identity in useNonceIdentity() method of Identification will result in IdentityExpired exception being thrown.

Login with nonce

If there is no matching identity with given identitifier (email address, nickname, ect.) found, the findNonceIdentityByIdentifier() method will throw IdentityNotFound exception.

In case, if password does not match, the useNonceIdentity() method will throw KeyMismatch exception.

Login using cookie

If cookie is not found using findCookieIdentity() a standard IdentityNotFound exception will be thrown. The possible caused for it would be either cookie not being active anymore (e.g. user logged out) or cookie not existing at all.

In case, if cookie is too old, loginWithCookie() will produce IdentityExpired exception.

But the loginWithCookie() method can also produce CompromisedCookie exception. Seeing an exception for this could indicate, that cookie has been stolen or that user never received a new cookie value.

Blocking a compromised cookie

This is the recommended way for dealing with suspicious cookies, that might or might not be stolen. This is not intended for logging out users.

Logout

This operation marks the cookie as "discarded". The list of exception, that can be produced, match the ones described in login using cookie section.

Initiating password reset process

If there is no matching identity with given email address found, the findStandardIdentityByIdentifier() method will throw IdentityNotFound exception.

When markForReset() is called, it must be provided with an instance of StandardIdentity, that has already been verified (otherwise, it has a potential to leak user's private information from your application). If that is not the case, the method will throw IdentityNotVerified exception.

The markForReset() method was an optional second parameter, that defines the lifespan on the password reset token in seconds. When applied, the previous example looks as following:

This will make the password reset token usable for two hours after this user's identity has been marked for reset. When the allowed time has expired, you won't be able to find this identity using the findEmailIdentityByToken() in the Search service.

Completion of password reset

If there is no matching identity with given token found, the findEmailIdentityByToken() method will throw IdentityNotFound exception.

Changing password of email identity

If there is no matching identity with given email address (or any other type of identifier) found, the findStandardIdentityByIdentifier() method will throw IdentityNotFound exception.

In case, if the password does not match, the changePassword() method will throw PasswordMismatch exception.

Logging out identities in bulk

The return value of findIdentitiesByParentId() will return IdentityCollection, which can be empty.

Logging of user activity

As previously mentioned, the services in this library expect a PSR-3 compatible logger as a dependency. It will be utilized to log three levels of events:

`LogLevel::INFO`

This log-level is used for tracking ordinary operations, that user would perform, when using your application in the intended manner:

successful registration
successful password recover
successful login (with email/username or cookie) or logout
successful email verification
use of expired cookie or nonce

`LogLevel::NOTICE`

Logs with this level will be recorded, if user attempted an unsuccessful operation, that should not happed in correct usage scenarios:

all cases, when identity was not found
incorrect password was entered
identifier already used for different identity
attempt to recover password using unverified email

`LogLevel::WARNING`

Only used for logging cases, when user attempted to use a compromised cookie.

Additional notes

This library focuses on one specific task. It does not include any of the following functionality:

account creation and management
authorization system
validation of user input (including emails and passwords)
logging framework

If you think, that authentication library requires one of the above listed parts, then this is not the library that you are looking for.

All versions of palladium with dependencies

PHP Build Version

Package Version

Version v1.4.2 Release 14. Nov 2017
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of palladium from vendor teresko

Requires php Version >=7.0
ext-pdo Version *
psr/log Version 1.*

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package teresko/palladium contains the following files

Loading the files please wait ....