CakePHP TinyAuth plugin for an easy and fast user authentication and authorization. Single or multi role. DB or config file based.
PHP
Latest commit c4d121c Feb 25, 2017 @dereuromark committed on GitHub Update .travis.yml

README.md

CakePHP TinyAuth Plugin

Build Status Latest Stable Version Coverage Status Minimum PHP Version License Total Downloads Coding Standards

A CakePHP 3.x plugin to handle authentication and user authorization the easy way.

Features

Authentication

What are public actions, which ones need login?

Authorization

Once you are logged in, what actions can you see with your role(s)?

  • Single-role: 1 user has 1 role (users and roles table for example)
  • Multi-role: 1 user can have 1...n roles (users, roles and a "roles_users" pivat table for example)

Useful helpers

AuthUser Component and Helper for stateful and stateless "auth data" access.

What's the idea?

Default CakePHP authentication and authorization depends on code changes in at least each controller, maybe more classes. This plugin hooks in with a single line of change and manages all that using config files and there is no need to touch all those controllers, including plugin controllers.

It is also possible to manage the config files without the need of coding skills. And it could with some effort also be moved completely to the DB and managed by CRUD backend.

Ask yourself: Do you need the overhead and complexity involved with the core CakePHP ACL? See also my post acl-access-control-lists-revised/. If not, then this plugin could very well be your answer and a super quick solution to your auth problem :)

But even if you don't leverage the authentication or authorization, the available AuthUserComponent and AuthUserHelper can be very useful when dealing with role based decisions in your controller or view level. They also work stand-alone.

Demo

See http://sandbox.dereuromark.de/auth-sandbox

auth_allow.ini

Define the public actions (accessable by anyone) per controller:

Users = index,view
admin/Maintenance = pingcheck
PluginName.SomeController = *

acl.ini

Define what actions may be accessed by what logged-in user role:

[Users]
index = *
add,edit = user,mod

[admin/Users]
* = admin

AuthUser component and helper

$currentId = $this->AuthUser->id();

$isMe = $this->AuthUser->isMe($userEntity->id);

if ($this->AuthUser->hasRole('mod') {
} 

if ($this->AuthUser->hasAccess(['action' => 'secretArea'])) {
}

// Helper only
echo $this->AuthUser->link('Admin Backend', ['prefix' => 'admin', 'action' => 'index']);
echo $this->AuthUser->postLink('Delete', ['action' => 'delete', $id], ['confirm' => 'Sure?']);

Installation

Including the plugin is pretty much as with every other CakePHP plugin:

composer require dereuromark/cakephp-tinyauth

Then, to load the plugin either run the following command:

bin/cake plugin load TinyAuth

or manually add the following line to your app's config/bootstrap.php file:

Plugin::load('TinyAuth');

That's it. It should be up and running.

Docs

For setup and usage see Docs.

Also note the original blog post and how it all started.

Branching strategy

The master branch is the currently active and maintained one and works with the current 3.x stable version. Please see the original Tools plugin if you need TinyAuth for CakePHP 2.x versions.