{"id":16182504,"url":"https://github.com/dereuromark/cakephp-tinyauth-backend","last_synced_at":"2026-04-26T13:04:44.417Z","repository":{"id":36033820,"uuid":"142348319","full_name":"dereuromark/cakephp-tinyauth-backend","owner":"dereuromark","description":"A database driven backend for CakePHP TinyAuth plugin","archived":false,"fork":false,"pushed_at":"2026-04-26T10:36:49.000Z","size":730,"stargazers_count":2,"open_issues_count":0,"forks_count":3,"subscribers_count":4,"default_branch":"master","last_synced_at":"2026-04-26T11:23:45.975Z","etag":null,"topics":["auth","authentication-backend","authorization","authorization-backend","policies","rbac","tinyauth"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dereuromark.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-07-25T20:05:33.000Z","updated_at":"2026-04-26T10:36:53.000Z","dependencies_parsed_at":"2023-11-27T23:26:50.053Z","dependency_job_id":"0c41adc2-0bf7-4b56-ae05-db2f2d205110","html_url":"https://github.com/dereuromark/cakephp-tinyauth-backend","commit_stats":{"total_commits":45,"total_committers":2,"mean_commits":22.5,"dds":0.4,"last_synced_commit":"b9bdfd4fb40c9e2c573dc354167756b2937416ce"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/dereuromark/cakephp-tinyauth-backend","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dereuromark%2Fcakephp-tinyauth-backend","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dereuromark%2Fcakephp-tinyauth-backend/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dereuromark%2Fcakephp-tinyauth-backend/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dereuromark%2Fcakephp-tinyauth-backend/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dereuromark","download_url":"https://codeload.github.com/dereuromark/cakephp-tinyauth-backend/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dereuromark%2Fcakephp-tinyauth-backend/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32297940,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T09:34:17.070Z","status":"ssl_error","status_checked_at":"2026-04-26T09:34:00.993Z","response_time":129,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authentication-backend","authorization","authorization-backend","policies","rbac","tinyauth"],"created_at":"2024-10-10T06:32:53.057Z","updated_at":"2026-04-26T13:04:44.407Z","avatar_url":"https://github.com/dereuromark.png","language":"PHP","readme":"# CakePHP TinyAuth backend\n[![CI](https://github.com/dereuromark/cakephp-tinyauth-backend/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/dereuromark/cakephp-tinyauth-backend/actions/workflows/ci.yml?query=branch%3Amaster)\n[![Coverage Status](https://img.shields.io/codecov/c/github/dereuromark/cakephp-tinyauth-backend/master.svg)](https://codecov.io/github/dereuromark/cakephp-tinyauth-backend/branch/master)\n[![PHPStan](https://img.shields.io/badge/PHPStan-level%208-brightgreen.svg?style=flat)](https://phpstan.org/)\n[![Minimum PHP Version](https://img.shields.io/badge/php-%3E%3D%208.2-8892BF.svg)](https://php.net/)\n[![License](https://poser.pugx.org/dereuromark/cakephp-tinyauth-backend/license.svg)](LICENSE)\n[![Latest Stable Version](https://poser.pugx.org/dereuromark/cakephp-tinyauth-backend/v/stable.svg)](https://packagist.org/packages/dereuromark/cakephp-tinyauth-backend)\n[![Total Downloads](https://poser.pugx.org/dereuromark/cakephp-tinyauth-backend/d/total)](https://packagist.org/packages/dereuromark/cakephp-tinyauth-backend)\n[![Coding Standards](https://img.shields.io/badge/cs-PSR--2--R-yellow.svg)](https://github.com/php-fig-rectified/fig-rectified-standards)\n\nA database driven backend for CakePHP [TinyAuth plugin](https://github.com/dereuromark/cakephp-tinyauth).\nThis replaces the native INI file approach.\n\nThis branch is for use with **CakePHP 5.1+**. For details see [version map](https://github.com/dereuromark/cakephp-tinyauth-backend/wiki#cakephp-version-map).\n\n## Installation\n\nInstall the plugin with composer from your CakePHP project's ROOT directory\n(where composer.json file is located)\n\n```sh\ncomposer require dereuromark/cakephp-tinyauth-backend\n```\n\nIt will auto-require `dereuromark/cakephp-tinyauth` dependency.\n\n### Admin Access Requirement\n\nThe plugin mounts its admin UI under `/admin/auth`.\n\nAs of the current `master`, admin access is **fail-closed outside debug mode**:\n\n- `debug = true`: the admin UI is accessible by default for local setup and demos\n- `debug = false`: the admin UI returns `403` unless your app explicitly configures `TinyAuthBackend.editorCheck`\n\nProduction apps should always set `TinyAuthBackend.editorCheck` to a callable that decides who may edit TinyAuth rules:\n\n```php\nuse Cake\\Core\\Configure;\nuse Psr\\Http\\Message\\ServerRequestInterface;\n\nConfigure::write(\n    'TinyAuthBackend.editorCheck',\n    function (mixed $identity, ServerRequestInterface $request): bool {\n        if ($identity === null) {\n            return false;\n        }\n\n        $roleId = is_object($identity) \u0026\u0026 method_exists($identity, 'get')\n            ? $identity-\u003eget('role_id')\n            : ($identity['role_id'] ?? null);\n\n        return (int)$roleId === 3;\n    },\n);\n```\n\n### Strict Content-Security-Policy (optional)\n\nThe plugin's admin UI is built to run under a strict Content-Security-Policy header — no `script-src 'unsafe-eval'`, no `style-src 'unsafe-inline'`. Inline `\u003cscript\u003e` blocks in the layout carry a per-request nonce read from `$this-\u003egetRequest()-\u003egetAttribute('cspNonce')`, so any host-app middleware that sets that attribute and emits a matching `Content-Security-Policy` header will Just Work.\n\nTwo host-app concerns to be aware of:\n\n1. **CSP middleware** — the plugin does not ship its own. Add a small middleware to your app that generates a per-request nonce, exposes it as the `cspNonce` request attribute, and emits a `Content-Security-Policy` header with `'nonce-…'` in `script-src`. The companion [cakephp-tinyauth-demo](https://github.com/dereuromark/cakephp-tinyauth-demo) shows a ~50-line implementation in `src/Middleware/StrictCspMiddleware.php`.\n\n2. **FormHelper `hiddenBlock` template** — out of the box, CakePHP wraps every CSRF token in `\u003cdiv style=\"display:none;\"\u003e…\u003c/div\u003e`, which violates strict `style-src`. Override the template once in your `AppView::initialize()`:\n\n   ```php\n   public function initialize(): void\n   {\n       $this-\u003eloadHelper('Form', [\n           'templates' =\u003e [\n               'hiddenBlock' =\u003e '\u003cdiv hidden\u003e{{content}}\u003c/div\u003e',\n           ],\n       ]);\n   }\n   ```\n\n   This swaps the inline style for the HTML5 `hidden` attribute, which needs no CSS. A single override eliminates one CSP violation per `Form-\u003epostLink()` / `Form-\u003epostButton()` on every page.\n\nThe included `tests/TestCase/CspComplianceTest.php` (template-source scan) and `tests/TestCase/Controller/Admin/RenderedCspComplianceTest.php` (rendered-HTML check) guard against regressions.\n\n## Usage\nSee [Docs](/docs/README.md).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdereuromark%2Fcakephp-tinyauth-backend","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdereuromark%2Fcakephp-tinyauth-backend","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdereuromark%2Fcakephp-tinyauth-backend/lists"}