Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nowisesys/uup-auth

Flexible authentication stack supporting multiple credential obtaining methods and account validation backends
https://github.com/nowisesys/uup-auth

authentication authorization php-library

Last synced: 1 day ago
JSON representation

Flexible authentication stack supporting multiple credential obtaining methods and account validation backends

Host: GitHub
URL: https://github.com/nowisesys/uup-auth
Owner: nowisesys
License: apache-2.0
Created: 2019-01-23T21:26:38.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2019-10-15T02:58:06.000Z (about 5 years ago)
Last Synced: 2024-07-04T23:36:45.849Z (4 months ago)
Topics: authentication, authorization, php-library
Language: PHP
Size: 340 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        ## UUP-AUTH - Authentication stack for PHP

The uup-auth package provides a library for stacking authenticators together

to support multiple authentication method in a uniform way. 

Bundled are also restrictors for performing access restriction (i.e. on 

time of day or the ip-address/hostname). All authenticators in the stack can

be set as required or sufficient to enforce logon policy (i.e. require CAS-logon

from outside of LAN while supporting Kerberos logon from inside).

The library is modular. The authenticators are the frontend (credentials

obtainers) that might use a validator as authentication source (for example

LDAP). The authenticator can be combined with a storage object to support

logon sessions. 

Authenticators can be used in a stack or standalone (single login method). If

configuring a stack, use one of the access classes for easy access to chains

and authenticators.

    +-- UUP/Authentication/

          +-- Authenticator/        : Authenticator frontend classes.

          +-- Restrictor/           : Restrictor classes.

          +-- Stack/                : Support for stacking authenticators/restrictors.

          +-- Storage/              : Persistance support.

          +-- Validator/            : Authentication support.

### Example

A typical authentication/authorization stack providing login thru PAM, CAS and 

LDAP with restriction on network and logon time might look like this:

```php

class Authentication extends AuthenticatorStack

{

    public function __construct()

    {

        $chain = array(

            // 

            // Plugin account authenticator objects in stack:

            // 

            'auth'   => array(

                'pam'  => (new SystemAuthentication())

                    ->visible(true)

                    ->control(Authenticator::SUFFICIENT)

                    ->name('System')

                    ->description('Login using local system account.'),

                'cas'  => (new CasAuthenticator('cas.example.com'))

                    ->visible(true)

                    ->control(Authenticator::SUFFICIENT)

                    ->name('CAS')

                    ->description('CAS server login'),

                'ldap' => (new LdapAuthenticator('ldaps://ldap.example.com'))

                    ->visible(true)

                    ->control(Authenticator::SUFFICIENT)

                    ->name('LDAP')

                    ->description('LDAP authentication')

            ),

            // 

            // Add some login restrictions:

            // 

            'access' => array(

                'addr' => (new AddressRestrictor(array('::1', '127.0.0.1', '192.168.0.0/16')))

                    ->visible(false)

                    ->control(Authenticator::REQUIRED),

                'time' => (new DateTimeRestrictor('08:45', '16:30'))

                    ->visible(false)

                    ->control(Authenticator::REQUIRED)

            )

        );

        parent::__construct($chain);

    }

    public function getName()

    {

        return $this->getAuthenticator()->name;

    }

}

```

Somewhere (typical dispatcher or main template) add some code to handle

login/logout request and render logon form:

```php

try {

    $authenticator = new Authentication();

    if (filter_has_var(INPUT_GET, 'login')) {

        $authenticator->activate(filter_input(INPUT_GET, 'login'));

        $authenticator->login();

    }

    if (filter_has_var(INPUT_GET, 'logout')) {

        $authenticator->logout();

    }

    if ($authenticator->accepted()) {

        printf("
Logged on to %s as %s | Logout\n", 

                $authenticator->getName(), 

                $authenticator->getSubject()

        );

    } else {

        printf("\n");

        printf("\n");

        foreach ($authenticator->authenticators(true) as $key => $obj) {

            printf("%s\n", $key, $obj->description, $obj->name);

        }

        printf("\n");

        printf("\n");

        printf("\n");

    }

} catch (Exception $exception) {

    die(sprintf("Exception: %s", $exception));

}

```

See examples directory for fully functional code. Visit the [project page](https://nowise.se/oss/uup/auth) for more information.