Download the PHP package tobento/app-user-web without Composer
On this page you can find all versions of the php package tobento/app-user-web. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Informations about the package app-user-web
App User Web
The User Web provides authentication features such as:
- login/logout
- two factor login
- remember me
- forgot password
- channel verification (email and smartphone)
- simple profile page where the user may update their profile data
- user notifications page
- multi-language support
Table of Contents
- Getting Started
- Requirements
- Documentation
- App
- User Web Boot
- User Web Config
- Features
- Home Feature
- Login Feature
- Supporting Remember Me
- Two-Factor Authentication Code Feature
- Determine When Two Factor Auth Is Required
- User Permissions Strategies For Two Factor Auth
- Logout Feature
- Forgot Password Feature
- Customize Reset Password Notification
- Register Feature
- Customize Registration Fields
- Customize The Role For Registered Users
- Auto Login After Registration
- Account Verification
- Account Verification For Specific User Roles Only
- Terms and Conditions Agreement
- Spam Protection For Registering
- Notifications Feature
- Creating And Sending Notifications
- Customize Unread Notifications Count
- Clear Read Notifications
- Profile Feature
- Customize Information Fields
- Customize Available Verification Channels To Display
- Profile Settings Feature
- Customize Available Notification Channels
- Customize Settings Fields
- Verification Feature
- Protect Routes From Unverified User
- Customize Available Channels To Verify
- Deleting Expired Tokens
- View
- Events
- Learn More
- List Available Routes
- Newsletter Subscription
- Customize Verification Code Notification
- Localization
- Translations
- Credits
Getting Started
Add the latest version of the app user web project running this command.
Requirements
- PHP 8.0 or greater
Documentation
App
Check out the App Skeleton if you are using the skeleton.
You may also check out the App to learn more about the app in general.
User Web Boot
The user web boot does the following:
- installs and loads user_web config
- installs view and translation files
User Web Config
The configuration for the user web is located in the file at the default App Skeleton config location.
Features
Simply, configure any features you want to support in the feature section.
Home Feature
The Home Feature provides a simple home page. In case, you are not using this feature you need to adjust the "home" route in other features or add another route with the name .
Config
In the config file you can configure the home feature:
Login Feature
The Login Feature provides a simple login page where a user can login by his email, smartphone or username and the password.
Config
In the config file you can configure the login feature:
Supporting Remember Me
You may support remember me functionality by the following steps:
1. Enable remember me
In the config, specify a value for the parameter:
The auth token will expire after 6 months unless the user logs out!
2. Use Suitable Token Storage
As remember me tokens are often long-lived, make sure you use the Repository Storage to store tokens, which is configured as default.
3. Add RememeredToken Middleware (optional)
In the add the middleware after the middleware and specify the period of time from the present after which the token is considered as remembered.
After the token is considered as remembered, a new token will be created setting the parameter as . In addition, on every request it will verify the token with the token verifiers defined in the middleware such as checking the password hash.
Once the middleware is added, you may force users to re-authenticate before accessing certain resources if the token is considered as remembered by using the Authenticated Middleware:
Two-Factor Authentication Code Feature
The Two-Factor Authentication Code Feature provides a simple way for two-factor authentication using verification codes.
Config
In the config file you can configure the feature:
Determine When Two Factor Auth Is Required
To enable two-factor authentication you will need to determine when two-factor authentication is required by extending the and customizing the method:
In the replace the default login feature with your customized:
Once this is set up, on successful login, any user with the role business will be redirected to the two-factor authentication page where he can confirm the sent code.
However, the user is not obliged to confirm the code, he could just leave the two-factor authentication page and will be logged in as normal. It is up to you how to handle this. You can use any of the User Permissions Strategies or you may create a middleware to force him to confirm the code before he can access any other routes for instance.
User Permissions Strategies For Two Factor Auth
Using The Authenticated Middleware
The simplest way is just to protect routes from users which are not authenticated via two-factor authentification by using the middleware and defining the parameter with :
You may check out the Authenticated Middleware section for more detail.
Using A Custom Token Authenticator To Change The Users Role
You may change the users role when he has just logged in and is (required) to perform two-factor authentification.
First, create a custom token authenticator and use the token method to check for the value which is set by the Login feature when two-factor authentication is required. Once the user has confirmed the code the value of the token method will be set to and the users original role will be used again:
Next, in the file implement your created custom token authenticator:
Finally, just use the Verify Permission Middleware or the Verify Role Middleware to protect any routes from unauthorized users.
Logout Feature
The Logout Feature provides a simple logout functionality.
Config
In the config file you can configure the logout feature:
Forgot Password Feature
The Forgot Password Feature provides a simple way for users to reset their forgotten passwords.
Config
In the config file you can configure the forgot password feature:
Customize Reset Password Notification
You may customize the reset password notification in two ways:
By adding a custom notification
By customizing the feature
Extend the and customize the method. Within this method, you may send the notification using any notification class of your own creation:
Finally, in the config replace the default Forgot Password feature with your customized:
Register Feature
The Register Feature provides a simple way for users to register.
Config
In the config file you can configure the register feature:
Customize Registration Fields
You may customize the registration fields by the following steps:
1.A Customize the view
In the directory create a new file where you write your custom view code.
1.B Or customize the view using a theme (recommended way)
In your theme create a new file where you write your custom view code.
Check out the App View - Themes section to learn more about it.
2. Customize the validation rules
Customize the registration rules corresponding to the customized view (step 1) by extending the and customizing the method:
Finally, in the config replace the default register feature with your customized:
Customize The Role For Registered Users
You may customize the role for registered users by extending the and customizing the method:
In the config replace the default register feature with your customized:
Make sure you have added the roles, otherwise the role key would be used as the fallback.
Auto Login After Registration
By default, after successful registration users get not authenticated (logged in).
If you want them to get auto logged in just add the listener in the file:
In the file you may redirect users to the profile edit page or any other page you desire:
Account Verification
After users have successfully registered, you may require them to verify at least one channel such as their email address before using the application or individual routes. You can achieve this by the following steps:
1. Auto login users after successful registration
In the file add the listener:
Because only authenticated users are allowed to verify its account!
2. Redirect users to the verification page after successful registration
In the file:
3. Protect routes from unverified users
Use the Verified Middleware to protect any routes from unverified users.
4. Protect the profile feature from unverified users
Extend the and customize the method:
In the config replace the default profile feature with your customized:
5. Protect the profile settings feature from unverified users
Same as step 4. just with the .
Account Verification For Specific User Roles Only
Instead of Account Verification for all users, you may do it only for specific user roles. You can achieve this by the following steps:
1. Customize The Register Feature
Extend the and customize the method:
2. Customize The Role For Registered Users (optional)
Check out the Customize The Role For Registered Users section.
3. Auto Login Users After Registration
You will need to auto login the users which need to verify its account, as only authenticated users are allowed to verify its account:
In the file add the listener:
4. Protect the profile and profile settings feature from unverified users as well as any other routes
See Account Verification step 3, 4 and 5.
Terms and Conditions Agreement
You may users to agree your terms and conditions before they can register:
In the file:
Make sure you have registered your terms route somewhere in your application.
Spam Protection For Registering
The registration form is protected against spam by default using the App Spam bundle. It uses the spam detector as the defined named detector does not exist. In order to use a custom detector, you will just need to define it on the file:
Notifications Feature
The Notifications Feature provides a simple way for users to view their notifications.
Config
In the config file you can configure the notifications feature:
Creating And Sending Notifications
To send notifications to be display on the notifications page you will need to send to the storage channel configured:
Format Notifications
Check out the Storage Notification Formatters section to learn more about formatting the displayed notifications.
Customize Unread Notifications Count
You may customize the unread notifications count logic for the menu badge by extending the and customizing the method.
Example caching the count
Install the App Cache bundle to support caching.
In the config replace the default notifications feature with your customized:
Clear Read Notifications
If you have installed the App Console you may easily delete read notifications running the following command:
You may check out the App Notifier - Clear Notifications Command section for more information about the command.
If you would like to automate this process, consider installing the App Schedule bundle and using a command task:
Profile Feature
The Profile Feature provides a simple way for users to update their profile data, delete their account and to verify their channels.
Config
In the config file you can configure the profile feature:
Customize Information Fields
You may customize the information fields by the following steps:
1.A Customize the view
In the directory create a new file where you write your custom view code.
1.B Or customize the view using a theme (recommended way)
In your theme create a new file where you write your custom view code.
Check out the App View - Themes section to learn more about it.
2. Customize the validation rules
Customize the settings rules corresponding to the customized view (step 1) by extending the and customizing the method:
Finally, in the config replace the default profile settings feature with your customized:
Customize Available Verification Channels To Display
You may customize the available verification channels by extending the and customizing the method:
In the config replace the default profile feature with your customized:
If you allow other channels than and , you will need to customize the verification feature.
Profile Settings Feature
The Profile Settings Feature provides a simple way for users to update their profile settings such as his preferred locale and notification channels.
Config
In the config file you can configure the profile feature:
Customize Settings Fields
You may customize the settings fields by the following steps:
1.A Customize the view
In the directory create a new file where you write your custom view code.
1.B Or customize the view using a theme (recommended way)
In your theme create a new file where you write your custom view code.
Check out the App View - Themes section to learn more about it.
2. Customize the validation rules
Customize the settings rules corresponding to the customized view (step 1) by extending the and customizing the method:
Finally, in the config replace the default profile settings feature with your customized:
Customize Available Notification Channels
You may customize the available notification channels by extending the and customizing the method:
In the config replace the default profile settings feature with your customized:
Verification Feature
The Verification Feature provides a simple way for users to verify their email and smartphone.
Config
In the config file you can configure the verification feature:
Protect Routes From Unverified User
Use the Verified Middleware to protect any routes from unverified users.
Customize Available Channels To Verify
You may customize the available channels which can be verified by extending the and customizing the , and methods.
Do not forget to configure the notifier channels in the config file!
In the config replace the default profile feature with your customized:
Deleting Expired Tokens
Verificator Tokens
The following features use the token or pin code verificator creating tokens which will still be present within your token repository even if expired.
- Forgot Password Feature
- Two-Factor Authentication Code Feature
- Verification Feature
If you have installed the App Console you may easily delete these records running the following command:
If you would like to automate this process, consider installing the App Schedule bundle and using a command task:
Auth Tokens
Or automate this process using a command schedule task:
Visit User - Console for more detail.
View
Acl View Macro
In your view files, you may use the acl macro to check for permission for instance:
Events
Available Events
Event | Description |
---|---|
The event will dispatch after a user has deleted his account. | |
The event will dispatch after a user has logged in. | |
The event will dispatch after a user login attempt failed. | |
The event will dispatch after a user has exceeded the maximal number of login attempts. | |
The event will dispatch after a user is logged out. | |
The event will dispatch after a user has reset his password. | |
The event will dispatch after a user password reset attempt failed. | |
The event will dispatch after a user has registered. | |
The event will dispatch after a user register attempt failed. | |
The event will dispatch after a user has updated his profile. | |
The event will dispatch after a user has verified a channel. | |
The event will dispatch after a user channel verification attempt failed. | |
The event will dispatch after a user has verified two-factor authentication code successfully. | |
The event will dispatch after a user two-factor authentication code verification attempt failed. |
Learn More
Login With Smartphone
By default, login with smarthone is enabled. Make sure you have configured the sms channel in the file for sending sms to verify its account for instance.
List Available Routes
Use the Route List Command to get an overview of the available routes.
Newsletter Subscription
You may use the provided Events to subscribe/unsubscribe registered users to an newsletter provider.
Example of Listener:
In the file add the the listener:
You may check out the App Event - Add Listeners section to learn more about it.
Customize Verification Code Notification
You may customize the verification code notification in two ways:
By adding a custom notification
By customizing the pin code verificator
Extend the and customize the method. Within this method, you may send the notification using any notification class of your own creation:
Finally, in the config file replace the default implementation with your custom:
Localization
If you enable feature routes being localized, you can define the languages you support in the .
In the config file:
Check out the App Language to learn more about the languages.
Translations
By default, and translation are available. If you want to support more locales, check out the App Translation to learn more about it.
Credits
- Tobias Strub
- All Contributors
All versions of app-user-web with dependencies
tobento/app Version ^1.0.7
tobento/app-migration Version ^1.0
tobento/app-http Version ^1.0
tobento/app-message Version ^1.0
tobento/app-rate-limiter Version ^1.0
tobento/app-user Version ^1.0
tobento/app-notifier Version ^1.0
tobento/app-language Version ^1.0
tobento/app-translation Version ^1.0
tobento/app-view Version ^1.0
tobento/app-event Version ^1.0
tobento/app-spam Version ^1.0