controleonline/users

Maintainers

Package info

github.com/ControleOnline/api-platform-users

pkg:composer/controleonline/users

Statistics

Installs: 2 005

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 6

Security

Advisories: 0

Aikido package health analysis

dev-master 2026-05-14 03:05 UTC

MIT b261532abc7fc2300eaed61264c61e4a1146b568

  • Controle Online <luiz.kim.woop@controleonline.com>

This package is auto-updated.

Last update: 2026-05-14 18:07:38 UTC

README

Scrutinizer Code Quality

users

composer require controleonline/users:dev-master

Add Service import: config\services.yaml

imports:
    - { resource: "../modules/controleonline/orders/tasks/services/tasks.yaml" }

Change your autentication file: config\packages\security.yaml

security:
    encoders:
        ControleOnline\Entity\User:
            algorithm: bcrypt
    providers:
        app_user_provider:
            entity:
                class: ControleOnline\Entity\User
    firewalls:
        dev:
            pattern : ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            stateless : true
            anonymous : lazy
            provider  : app_user_provider
            json_login:
                check_path   : /token
                username_path: username
                password_path: password
            guard:
                authenticators:
                    - App\Security\TokenAuthenticator
    role_hierarchy:
        ROLE_SUPER: ROLE_SUPER
        ROLE_OWNER: ROLE_OWNER
        ROLE_DIRECTOR: ROLE_DIRECTOR
        ROLE_MANAGER: ROLE_MANAGER
        ROLE_SALESMAN: ROLE_SALESMAN
        ROLE_AFTER_SALES: ROLE_AFTER_SALES
        ROLE_EMPLOYEE: ROLE_EMPLOYEE
        ROLE_CLIENT: ROLE_CLIENT
        ROLE_PROVIDER: ROLE_PROVIDER
        ROLE_FRANCHISEE: ROLE_FRANCHISEE
        ROLE_HUMAN: ROLE_HUMAN

    access_control:
        - { path: ^/my_contracts/signatures-finished, roles: PUBLIC_ACCESS, requires_channel: https }

And create a file: App\Security\TokenAuthenticator

<?php

namespace ControleOnline\Security;

use ControleOnline\Security\TokenAuthenticator as SecurityTokenAuthenticator;

class TokenAuthenticator extends SecurityTokenAuthenticator
{
    
}

Password recovery flow

The public password recovery request no longer changes the user password immediately.

Current behavior:

  • the initial request generates temporary recovery tokens and sends the recovery e-mail
  • recovery tokens expire after 15 minutes
  • the password only changes when the recovery flow is completed with a valid, non-expired token
  • expired or successfully used recovery tokens are cleared after completion

Validation:

  • focused PHPUnit coverage lives in tests/Service/PasswordRecoveryServiceTest.php
  • the branch workflow Pull Request Checks is the canonical automated evidence for this flow in review branches