{"id":18782410,"url":"https://github.com/atk4/login","last_synced_at":"2025-04-05T08:08:42.551Z","repository":{"id":27997528,"uuid":"96762330","full_name":"atk4/login","owner":"atk4","description":"Add-on implementing User Login, Registration, Management and Password","archived":false,"fork":false,"pushed_at":"2025-01-16T09:04:12.000Z","size":727,"stargazers_count":26,"open_issues_count":5,"forks_count":22,"subscribers_count":10,"default_branch":"develop","last_synced_at":"2025-03-29T07:09:10.354Z","etag":null,"topics":["agile","atk4","authentication","login","php"],"latest_commit_sha":null,"homepage":"https://agiletoolkit.org","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/atk4.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-07-10T09:55:16.000Z","updated_at":"2025-01-16T09:04:12.000Z","dependencies_parsed_at":"2024-04-16T15:35:40.832Z","dependency_job_id":"797fbb25-4bbc-4337-a26f-e1c3ba1b00e5","html_url":"https://github.com/atk4/login","commit_stats":{"total_commits":152,"total_committers":15,"mean_commits":"10.133333333333333","dds":0.756578947368421,"last_synced_commit":"b5e6a4ad5b96975ab1e31408ee636132e2155482"},"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atk4%2Flogin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atk4%2Flogin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atk4%2Flogin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atk4%2Flogin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/atk4","download_url":"https://codeload.github.com/atk4/login/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247305935,"owners_count":20917208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agile","atk4","authentication","login","php"],"created_at":"2024-11-07T20:35:54.849Z","updated_at":"2025-04-05T08:08:42.520Z","avatar_url":"https://github.com/atk4.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"[ATK UI](https://github.com/atk4/ui) implements a high-level User Interface for Web App - such as **Admin System**. One of the most common things for the Admin system is a log-in screen.\n\nAlthough you can implement log-in form easily, this add-on does everything for you:\n\n## Installation\n\nInstall through composer `composer require atk4/login`\n\nThen add `Auth` into your app and set appropriate user controller:\n\n```php\n$app = new \\Atk4\\Ui\\App();\n$app-\u003einitLayout([\\Atk4\\Ui\\Layout\\Admin::class]);\n$app-\u003edb = new \\Atk4\\Data\\Persistence($dsn);\n\n// ADD THIS CODE:\n$app-\u003eauth = new \\Atk4\\Login\\Auth($app);\n$app-\u003eauth-\u003esetModel(new \\Atk4\\Login\\Model\\User($app-\u003edb));\n\n// The rest of YOUR UI code will now be protected\n\\Atk4\\Ui\\Crud::addTo($app)-\u003esetModel(new Client($app-\u003edb));\n```\n\n(If you do not have User model yet, you can extend or use \\Atk4\\Login\\Model\\User).\n\n![Login](./docs/login-form.png)\n\n## Features\n\nHere are all the classes implemented:\n\n-   Full transparent authentication\n    -   Populates user menu with name of current user\n    -   Adds log-out link\n    -   Adds Preferences page\n-   Flexible ACL support\n-   Model\\User - basic user entity that can be extended\n-   LoginForm - username/password login form\n-   RegisterForm - registration form\n-   Auth - authentication controller, verify and record logged state\n-   UserAdmin - UI for user administration\n-   Layout\\Narrow - Fomantic-UI based narrow responsive layout login/registration forms\n-   Templates for forms an messages\n-   Demos for all of the above\n\nWhen used default installation, it will relay on various other components (such as LoginForm), however you can also use those components individually.\n\n## Advanced Usage\n\nThere are two modes of operation - Automated and Manual. Automated handles display of forms based on currently logged state automatically. It was already presented in the \"Installation\" section above.\n\nFor a more advanced usage, you can either tweak Automated mode or use individual components manually.\n\n### Tweaking Automated Mode\n\nWhen you initialize 'Auth' class you may inject property values:\n\n```php\n$app-\u003eauth = new \\Atk4\\Login\\Auth($app, [\n    'hasPreferences' =\u003e false, // do not show Preferences page/form\n    'pageDashboard' =\u003e 'dashboard', // name of the page, where user arrives after login\n    'pageExit' =\u003e 'goodbye', // where to send user after logout\n\n    // Oter options:\n    // 'hasUserMenu' =\u003e false, // will disable interaction with Admin Layout user menu\n]);\n$app-\u003eauth-\u003esetModel(new User($app-\u003edb));\n```\n\n### Using Manual Mode\n\nIn the manual mode, no checks will be performed, and you are responsible for authenticating user yourself. This works best if you have a more complex auth logic.\n\n``` php\n$app-\u003eauth = new \\Atk4\\Login\\Auth($app, [\n    'check' =\u003e false,\n]);\n$app-\u003eauth-\u003esetModel(new User($app-\u003edb));\n\n\n// Now manually use login logic\nif (!$app-\u003eauth-\u003euser-\u003eisLoaded()) {\n    \\Atk4\\Login\\LoginForm::addTo($app, ['auth' =\u003e $app-\u003eauth]);\n}\n```\n\n#### Adding sign-up form\n\n``` php\n\\Atk4\\Login\\RegisterForm::addTo($app)\n    -\u003esetEntity(new \\Atk4\\Login\\Model\\User($app-\u003edb));\n```\n\nDisplays email and 2 password fields (for confirmation). If filled successfully will create new record for `\\Atk4\\Login\\Model\\User`. Will cast email to lowercase before adding. Things to try:\n\n-   Extend or use your own User class\n-   Add more fields to registration form\n-   Decorate registration form with message and links\n-   Use multi-column form layout\n\n#### Log-in form\n\n![Login](./docs/login-form.png)\n\n``` php\n\\Atk4\\Login\\LoginForm::addTo($app, [\n    'auth' =\u003e $app-\u003eauth,\n    // 'successLink' =\u003e ['dashboard'],\n    // 'forgotLink' =\u003e ['forgot'],\n]);\n```\n\nDisplays log-in form and associate it with $auth. When form is filled, will attempt to authenticate using $auth's model. If password is typed correctly, will redirect to \"successLink\" (which will be passed to $app-\u003eurl()). Things to try:\n\n-   Redirect to login page if not authenticated\n-   Add 3rd party authentication (authenticate using 3rd party lib, look up connected account, store into auth persistence)\n-   Implement two factor authentication (store flag in auth persistence indicating if 2nd factor is carried out, if not display it)\n-   Implement password verification delay after several unsuccessful attempts\n-   Ask user to change password if it is about to expire\n\n#### Dashboard\n\nTo check if user is currently logged in:\n\n``` php\nif ($app-\u003eauth-\u003euser-\u003eisLoaded()) {\n    // logged-in\n}\n```\n\nAuth model stores user model data in session, so if you delete user from database, he will not be automatically logged out. To log-out user explicitly, call `$app-\u003eauth-\u003elogout()`.\n\nYou may also access user data like this: `$app-\u003eauth-\u003emodel['name']`; Things to try:\n\n-   Explicitly load user record from database instead of cache only\n-   Store last login / last access time in database\n-   Move auth cache to MemCache\n\n#### Profile Form\n\nThis form would allow user to change user data (including password) but only if user is authenticated. To implement profile form use:\n\n``` php\nForm::addTo($app)-\u003esetEntity($app-\u003eauth-\u003euser);\n```\n\nDemos open profile form in a pop-up window, if you wish to do it, you can use this code:\n\n``` php\nButton::addTo($app, ['Profile', 'class.primary' =\u003e true])\n    -\u003eon('click', Modal::addTo($app)-\u003eset(function (View $p) {\n        Form::addTo($p)-\u003esetEntity($p-\u003egetApp()-\u003eauth-\u003euser);\n    })-\u003ejsShow());\n```\n\nThings to try:\n\n-   Ask user to verify old password before changing settings\n-   Send SMS notification / email if any user setting has bees changed\n-   Store user settings in multiple tables (join)\n\n#### Password\n\nField 'password' is using a custom field class `Password`. Stored value is always a hash,\nuse `Password::hashPassword()` + `Password::set()` methods to set the value or use\n`Password::setPassword()` method to set the password directly. You can use this field in any model like this:\n\n``` php\n$model-\u003eaddField('password', [\\Atk4\\Data\\Field\\PasswordField::class]);\n```\n\nAlso the password will not be stored in session cache and will not be accessible directly.\n\nThings to try:\n\n-   Add complexity validation\n-   Add password recovery form\n-   use CAPCHA when recovering password\n\n#### Custom User Model\n\nAlthough a basic User model is supplied, you can either extend it or use your own user model.\n\n#### User Admin\n\nWe include a slightly extended \"Admin\" interface which includes page to see user details and change their password. To create admin page use:\n\n``` php\n\\Atk4\\Login\\UserAdmin::addTo($app)\n    -\u003esetModel(new \\Atk4\\Login\\Model\\User($app-\u003edb));\n```\n\n![Login](./docs/admin-demo.png)\n\nThis uses a standard CRUD interface, enhancing it with additional actions:\n\n-   key button allows to change user password and offers random password generator. Uses \"input\" field for a visible password. You can also use regular \"edit\" button which will contain asterisk-protected field for the password.\n-   eye button is designed to show user details, such as which group he belongs to. Currently this panel and groups are not implemented.\n\n![Login](./docs/change-password.png)\n\nThings to try:\n\n-   Add additional information on details modal.\n-   Add audit log for user actions (login, change password etc)\n\n#### Migrations\n\nUse of migration is optional, but can help by populating initial structure of your user model. Look inside file `demos/wizard.php`. It simply adds a console component, which will execute migration of 'User' model.\n\nWhen migration is executed it simply checks to make sure that table for 'user' exists and has all required fields. It will not delete or change existing fields or tables.\n\n## Roadmap\n\nGenerally we wish to keep this add-on clean, but very extensible, with various tutorials on how to implement various scenarios (noted above under \"Things to try\").\n\nFor some of those features we would like to add a better support in next releases:\n\n-   [1.0] - add \"$auth-\u003echeck()\" - for Automated authentication checks\n-   [1.1] - add Password Reminder form and tutorial on integration with Email / SMS sending\n-   [1.2] - add Password strength verification (and indicator)\n\nIf you would like to propose other features, please suggest them by opening ticket here:\n\n-   https://github.com/atk4/login/issues\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatk4%2Flogin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fatk4%2Flogin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatk4%2Flogin/lists"}