Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/UseMuffin/Tokenize

Security tokens for CakePHP
https://github.com/UseMuffin/Tokenize

Last synced: 3 months ago
JSON representation

Security tokens for CakePHP

Host: GitHub
URL: https://github.com/UseMuffin/Tokenize
Owner: UseMuffin
License: mit
Created: 2016-01-23T19:47:51.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2020-12-16T06:20:19.000Z (over 3 years ago)
Last Synced: 2024-03-22T09:09:54.779Z (3 months ago)
Language: PHP
Homepage:
Size: 73.2 KB
Stars: 12
Watchers: 2
Forks: 11
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Lists

awesome-cakephp - Muffin/Tokenize plugin - Event driven behavior for easily generating single-use security tokens. (Authentication and Authorization)

README

        # Tokenize

[![Build Status](https://img.shields.io/travis/UseMuffin/Tokenize/master.svg?style=flat-square)](https://travis-ci.org/UseMuffin/Tokenize)

[![Coverage Status](https://img.shields.io/codecov/c/github/UseMuffin/Tokenize.svg?style=flat-square)](https://codecov.io/github/UseMuffin/Tokenize)

[![Total Downloads](https://img.shields.io/packagist/dt/muffin/tokenize.svg?style=flat-square)](https://packagist.org/packages/muffin/tokenize)

[![License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](LICENSE)

Security tokens for CakePHP 3.

## Why?

Ever wanted to force users to activate their account upon registration?

Or maybe just a confirmation link when updating their credentials?

Ok, ok - maybe before cancelling a subscription or better, before sending funds out.

Well, now you can. Attach listeners to your models for sending out emails (or any other

notification method of your choice), and you're good to go!

## Install

Using [Composer][composer]:

```

composer require muffin/tokenize

```

You then need to load the plugin. You can use the shell command:

```

bin/cake plugin load Muffin/Tokenize --routes

```

or by manually adding statement shown below to `bootstrap.php`:

```php

Plugin::load('Muffin/Tokenize', ['routes' => true]);

```

This will ensure that the route for `/verify/:token` style URL is configured.

You can also customize the token's length, lifetime and table through `Configure` as

shown below:

```php

Configure::write('Muffin/Tokenize', [

    'lifetime' => '3 days', // Default value

    'length' => 32, // Default value

    'table' => 'tokenize_tokens', // Default value

]);

```

You will also need to create the required table. A migration file was

added to help you with that:

```sh

bin/cake migrations migrate --plugin Muffin/Tokenize

```

## How it works

When creating or updating a record, and if the data contains any *tokenized* field(s), a token

will automatically be created along with the value of the field(s) in question.

When this happens the `Model.afterTokenize` event is fired and passed the operation's related

entity and the associated token that was created for it.

The initial (save or update) operation resumes but without the *tokenized* fields.

The *tokenized* fields will only be updated upon submission of their associated token.

## Usage

To tokenize the `password` column on updates, add this to your `UsersTable`:

```php

$this->addBehavior('Muffin/Tokenize.Tokenize', [

    'fields' => ['password'],

]);

```

If instead you wanted to have it create a token both on account creation and credentials update:

```php

$this->addBehavior('Muffin/Tokenize.Tokenize', [

    'fields' => ['password'],

    'implementedEvents' => [

        'Model.beforeSave' => 'beforeSave',

        'Model.afterSave' => 'afterSave',

    ],

]);

```

Finally, if you just wish to create a token on the fly for other custom scenarios (i.e. password-less

login), you can manually create a token:

```php

$this->Users->tokenize($user['id']);

```

The above operation, will return a `Muffin\Tokenize\Model\Entity\Token` instance.

To verify a token from  a controller's action:

```php

$result = $this->Users->Tokens->verify($token);

```

## Patches & Features

* Fork

* Mod, fix

* Test - this is important, so it's not unintentionally broken

* Commit - do not mess with license, todo, version, etc. (if you do change any, bump them into commits of

their own that I can ignore when I pull)

* Pull request - bonus point for topic branches

To ensure your PRs are considered for upstream, you MUST follow the [CakePHP coding standards][standards].

## Bugs & Feedback

http://github.com/usemuffin/tokenize/issues

## License

Copyright (c) 2015, [Use Muffin][muffin] and licensed under [The MIT License][mit].

[cakephp]:http://cakephp.org

[composer]:http://getcomposer.org

[mit]:http://www.opensource.org/licenses/mit-license.php

[muffin]:http://usemuffin.com

[standards]:http://book.cakephp.org/3.0/en/contributing/cakephp-coding-conventions.html