samsonasik / mezzio-authentication-with-authorization
Laminas skeleton with authenticaton and authorization example, featuring crsf, flash, prg
Fund package maintenance!
samsonasik.wordpress.com/donate
Requires
- php: ^7.3 || ~8.0.0 || ~8.1.0
- laminas/laminas-component-installer: ^2.1.1
- laminas/laminas-config-aggregator: ^1.0
- laminas/laminas-dependency-plugin: ^0.2 || ^1.0 || ^2.0
- laminas/laminas-diactoros: ^2.0
- laminas/laminas-form: ^2.11
- laminas/laminas-i18n: ^2.7
- laminas/laminas-servicemanager: ^3.3
- laminas/laminas-stdlib: ^3.1
- mezzio/mezzio: ^3.0.1
- mezzio/mezzio-authentication: ^1.1.0
- mezzio/mezzio-authentication-session: ^1.0.1
- mezzio/mezzio-authorization: ^1.0
- mezzio/mezzio-authorization-acl: ^1.0.2
- mezzio/mezzio-csrf: ^1.0.0
- mezzio/mezzio-flash: ^1.0.0
- mezzio/mezzio-helpers: ^5.0
- mezzio/mezzio-laminasrouter: ^3.0
- mezzio/mezzio-laminasviewrenderer: ^2.0
- mezzio/mezzio-session: ^1.3.0
- mezzio/mezzio-session-ext: ^1.7.1
- roave/security-advisories: dev-master
Requires (Dev)
- filp/whoops: ^2.1.12
- laminas/laminas-coding-standard: ^2.0.0
- laminas/laminas-development-mode: ^3.1
- mezzio/mezzio-tooling: ^1.0
- phpspec/prophecy-phpunit: ^2.0
- phpunit/phpunit: ^9.0
- rector/rector: ^0.11.52
This package is auto-updated.
Last update: 2024-11-29 06:03:43 UTC
README
Introduction
A Mezzio 3 Skeleton Application with Authentication and Authorization Example.
Features
- Authentication secured with csrf
- Authentication using prg for usability
- Authentication with remember me functionality
- Authentication notification with Session Flash
- Authorization with ACL
- isGranted check in the Layout
- getRole check in the Layout
Install
$ composer create-project samsonasik/mezzio-authentication-with-authorization -sdev
$ cd mezzio-authentication-with-authorization
$ cp config/autoload/local.php.dist config/autoload/local.php
Configuration
Configure your config/autoload/local.php
with your local DB config with username and password field. There are examples of dsn
for both PostgreSQL
and MySQL
that you can modify.
For PostgreSQL
The following commands are example if you are using PostgreSQL (assumption using user "postgres" and create db named "mezzio"), you can create users table with insert username and bcrypt hashed password with pgcrypto extension into users table:
$ createdb -Upostgres mezzio Password: $ psql -Upostgres mezzio Password for user postgres: psql (12.1) Type "help" for help. mezzio=# CREATE TABLE users(username character varying(255) PRIMARY KEY NOT NULL, password text NOT NULL, role character varying(255) NOT NULL DEFAULT 'user'); CREATE TABLE mezzio=# CREATE EXTENSION pgcrypto; CREATE EXTENSION mezzio=# INSERT INTO users(username, password, role) VALUES('samsonasik', crypt('123456', gen_salt('bf')), 'user'); INSERT 0 1 mezzio=# INSERT INTO users(username, password, role) VALUES('admin', crypt('123456', gen_salt('bf')), 'admin'); INSERT 0 1
and you will get the following data:
For MySQL
The following commands are example if you are using MySQL (assumption using user "root" and create db named "mezzio"), you can create users table with insert username and bcrypt hashed password:
$ mysql -u root -p -e 'create database mezzio' Enter password: $ mysql -u root Enter password: mysql> use mezzio Database changed mysql> CREATE TABLE users(username varchar(255) PRIMARY KEY NOT NULL, password text NOT NULL, role varchar(255) NOT NULL DEFAULT 'user'); Query OK, 0 rows affected (0.01 sec) mezzio=# INSERT INTO users(username, password, role) VALUES('samsonasik','$2a$06$Nt2zePoCfApfBGrfZbHZIudIwZpCNqorTjbKNZtPoLCVic8goZDsi', 'user'); Query OK, 1 row affected (0.01 sec) mezzio=# INSERT INTO users(username, password, role) VALUES('admin', '$2a$06$Y2TtankzyiK/OF1yZA4GsOJBhuoP7o99XbfufEeJ0OOJwjUcPB9LO', 'admin'); Query OK, 1 row affected (0.01 sec)
and you will get the following data:
The Authorization Config
The authorization configuration saved at config/autoload/global.php
as ACL:
<?php // config/autoload/global.php declare(strict_types=1); return [ // ... 'mezzio-authorization-acl' => [ 'roles' => [ 'guest' => [], 'user' => ['guest'], 'admin' => ['user'], ], 'resources' => [ 'api.ping.view', 'home.view', 'admin.view', 'login.form', 'logout.access', ], 'allow' => [ 'guest' => [ 'login.form', 'api.ping.view', ], 'user' => [ 'logout.access', 'home.view', ], 'admin' => [ 'admin.view', ], ], ], // ... ];
Running
- Clear browser cache
- Run the php -S command:
$ php -S localhost:8080 -t public
-
Open browser: http://localhost:8080
-
Login with username : samsonasik, password: 123456 OR username : admin, password : 123456. If you're a logged in user with "user" role, and open
/admin
page, it will show like the following (403 Forbidden), eg: see in Firefox developer tools under "Network" monitor:
Test
Tests are located under test
directory, you can run test with composer command:
$ composer test