Download the PHP package tfleet/tf-auth-token without Composer

On this page you can find all versions of the php package tfleet/tf-auth-token. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package tf-auth-token

Laravel 4 Auth token

Hooks into the laravel auth module and provides an auth token upon success. This token is really only secure in https environment. This main purpose for this module was to provide an auth token to javascript web app which could be used to identify users on api calls.

Upgrading to Laravel 4.1?, see the breaking changes

Based on https://github.com/tappleby/laravel-auth-token.

Getting Started

Setup

Add the package to your composer.json

"require": {
    ...
    "tfleet/tf-auth-token": "dev-master"
}

Add the service provider to app/config/app.php

'tfleet\AuthToken\AuthTokenServiceProvider',

Setup the optional aliases in app/config/app.php

'AuthToken' => 'TFleet\Support\Facades\AuthToken',
'AuthTokenNotAuthorizedException' => 'TFleet\AuthToken\Exceptions\NotAuthorizedException'

Currently the auth tokens are stored in the database, you will need to run the migrations:

php artisan migrate --package=tfleet/tf-auth-token
Optional configuration

This package defaults to using email as the username field to validate against, this can be changed via the package configuration.

  1. Publish the configuration php artisan config:publish tfleet/laravel-auth-token
  2. Edit the format_credentials closure in app/config/packages/tfleet/laravel-auth-token/config.php

Example - Only validate active users and check the username column instead of email:

'format_credentials' => function ($username, $password) {
    return array(
        'username' => $username,
        'password' => $password,
        'active' => true
    );
}

You can read more about the laravel Auth module here: Authenticating Users

The controller

A default controller is provided to grant, check and revoke tokens. Add the following to app/routes.php

Route::get('auth', 'Tfleet\AuthToken\AuthTokenController@index');
Route::post('auth', 'Tfleet\AuthToken\AuthTokenController@store');
Route::delete('auth', 'Tfleet\AuthToken\AuthTokenController@destroy');

CORS Support

CORS support is not built into this library by default, it can be enabled by using the following package: barryvdh/laravel-cors.

The configuration will be specific to how your routing is setup. If you are using the X-Auth-Token header, it is important to add this to the allowedHeaders configuration. See the package documentation for further configuration details.

Heres an example using the default auth route:

'paths' => array(
    'auth' => array(
        'allowedOrigins' => array('*'),
        'allowedHeaders' => array('Content-Type', 'X-Auth-Token'),
        'allowedMethods' => array('POST', 'PUT', 'GET', 'DELETE'),
        'maxAge' => 3600,
    )
),

Note: If you know the list of allowedOrigins it might be best to define them explicitly instead of using the wildcard *

Request parameters

All request must include one of:

  1. X-Auth-Token header.
  2. auth_token field.
GET Index action

Returns current user as json. Requires auth token parameter to be present. On Fail throws NotAuthorizedException.

POST Store action

Required input username and password. On success returns json object containing token and user. On Fail throws NotAuthorizedException.

DELETE Destroy action

Purges the users tokens. Requires auth token parameter to be present. On Fail throws NotAuthorizedException.

NotAuthorizedException has a 401 error code by default.

Route Filter

An auth.token route filter gets registered by the service provider. To protect a resource just register a before filter. Filter will throw an NotAuthorizedException if a valid auth token is invalid or missing.

Route::group(array('prefix' => 'api', 'before' => 'auth.token'), function() {
  Route::get('/', function() {
    return "Protected resource";
  });
});  

Events

The route filter will trigger auth.token.valid with the authorized user when a valid auth token is provided.

Event::listen('auth.token.valid', function($user)
{
  //Token is valid, set the user on auth system.
  Auth::setUser($user);
});

AuthTokenController::store will trigger auth.token.created before returning the response.

Event::listen('auth.token.created', function($user, $token)
{
    $user->load('relation1', 'relation2');
});

AuthTokenController::destroy will trigger auth.token.deleted before returning the response.

Handling the NotAuthorizedException

Optionally register the NotAuthorizedException as alias eg. AuthTokenNotAuthorizedException

App::error(function(AuthTokenNotAuthorizedException $exception) {
  if(Request::ajax()) {
    return Response::json(array('error' => $exception->getMessage()), $exception->getCode());
  }

  …Handle non ajax response…
});

Combining Laravel Auth with AuthToken

Some apps might already be using the traditional laravel based auth. The following can be used to manually generate a token.

if(Auth::check()) {
  $authToken = AuthToken::create(Auth::user());
  $publicToken = AuthToken::publicToken($authToken);
}

The AuthToken::publicToken method prepares the auth token to be sent to the browser.

Changes

dev-master

0.3.0

0.2.0

Pro tip: Using with jQuery

Using the jQuery ajaxPrefilter method the X-Auth-Token can be set automatically on ajax request.

// Register ajax prefilter. If app config contains auth_token will automatically set header,
$.ajaxPrefilter(function (options, originalOptions, jqXHR) {
  if (config.auth_token) {
    jqXHR.setRequestHeader('X-Auth-Token', config.auth_token);
  }
});

If a 401 response code is recieved it can also handled automatically. In the following example I opted to redirect to logout page to ensure user session was destroyed.

// If a 401 http error is recieved, automatically redirect to logout page.
$(document).ajaxError(function (event, jqxhr) {
  if (jqxhr && jqxhr.status === 401) {
    window.location = '/logout';
  }
});

Pro tip: Automatically binding token data to view.

View composer can be used to automatically bind data to views. This keeps logic all in one spot. I use the following to setup config variables for javascript.

View::composer('layouts.default', function($view)
{
  $rootUrl = rtrim(URL::route('home'), '/');

  $jsConfig = isset($view->jsConfig) ? $view->jsConfig : array();

  $jsConfig = array_merge(array(
    'rootUrl' =>  $rootUrl
  ), $jsConfig);

  if(Auth::check()) {

    $authToken = AuthToken::create(Auth::user());
    $publicToken = AuthToken::publicToken($authToken);

    $userData = array_merge(
      Auth::user()->toArray(),
      array('auth_token' => $publicToken)
    );

    $jsConfig['userData'] = $userData;
  }

  $view->with('jsConfig', $jsConfig);
});

All versions of tf-auth-token with dependencies

PHP Build Version
Package Version
Requires php Version >=5.3.0
illuminate/support Version ~4.1
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package tfleet/tf-auth-token contains the following files

Loading the files please wait ....