Merge pull request #906 from apps-caraga/apps-caraga-patch-1

Update DbAuthMiddleware.php
mevdschee · Sep 8, 2022 · aa18cfb · aa18cfb
2 parents 3051700 + 12b5890
commit aa18cfb
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -698,6 +698,7 @@ You can tune the middleware behavior using middleware specific configuration par
 - "apiKeyDbAuth.apiKeyColumn": The users table column that holds the API key ("api_key")
 - "dbAuth.mode": Set to "optional" if you want to allow anonymous access ("required")
 - "dbAuth.usersTable": The table that is used to store the users in ("users")
+- "dbAuth.loginTable": The table or view that is used to retrieve the users info for login 
 - "dbAuth.usernameColumn": The users table column that holds usernames ("username")
 - "dbAuth.passwordColumn": The users table column that holds passwords ("password")
 - "dbAuth.returnedColumns": The columns returned on successful login, empty means 'all' ("")
@@ -826,6 +827,13 @@ users can freely add, modify or delete any account! The minimal configuration is
 
 Note that this middleware uses session cookies and stores the logged in state on the server.
 
+**Login using views with joined table**
+
+For login operations, it is possible to use a view as the usersTable. Such view can return a filtered result from the users table, e.g., *where active = true* or it may also return a result multiple tables thru a table join. At a minimum, the view should include the ***username*** and ***password***.
+
+However, views with joined tables are not insertable ([see issue 907](https://github.com/mevdschee/php-crud-api/issues/907) ). As a workaround, use the property ***loginTable*** to set a different reference table for login. The **usersTable** will still be set to the normal, insertable users table. 
+
+
 #### Basic authentication
 
 The Basic type supports a file (by default '.htpasswd') that holds the users and their (hashed) passwords separated by a colon (':'). 

diff --git a/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php
@@ -51,7 +51,10 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
             $username = isset($body->$usernameFormFieldName) ? $body->$usernameFormFieldName : '';
             $password = isset($body->$passwordFormFieldName) ? $body->$passwordFormFieldName : '';
             $newPassword = isset($body->$newPasswordFormFieldName) ? $body->$newPasswordFormFieldName : '';
-            $tableName = $this->getProperty('usersTable', 'users');
+            if($path ==='login')
+                $tableName = $this->getProperty('loginTable', 'users');    //add separate property for login as this could be a view joining users table to other table such as roles, details etc. At a minimum, the view output should include the $usernameColumn and $passwordColumn
+            else
+                $tableName = $this->getProperty('usersTable', 'users');
             $table = $this->reflection->getTable($tableName);
             $usernameColumnName = $this->getProperty('usernameColumn', 'username');
             $usernameColumn = $table->getColumn($usernameColumnName);