muffin / hyperlinkauth
Password-less authentication for CakePHP 3
Installs: 23
Dependents: 0
Suggesters: 0
Security: 0
Stars: 9
Watchers: 5
Forks: 1
Type:cakephp-plugin
Requires
- cakephp/cakephp: ~3.0
Requires (Dev)
- phpunit/phpunit: ~4.1
Suggests
- muffin/tokenize: Tokens abstraction plugin for CakePHP 3
This package is auto-updated.
Last update: 2024-10-28 01:38:58 UTC
README
Password-less authentication for CakePHP 3.
Send a login hyperlink upon user's email submission on login page.
- User submits email
- System sends link after validating email
- User clicks link
- System authenticates user after validating token
Install
Using Composer:
composer require muffin/hyperlinkauth:1.0.x-dev
You then need to load the plugin. You can use the shell command:
bin/cake plugin load Muffin/HyperlinkAuth
or by manually adding statement shown below to your app's config/bootstrap.php
:
Plugin::load('Muffin/HyperlinkAuth');
Usage
// src/Controller/AppController.php public function initialize() { $this->loadComponent('Auth', ['authenticate' => ['Muffin/HyperlinkAuth.Hyperlink']]); }
And then create your login action:
// src/Controller/UsersController.php public function login() { if (!$this->request->is('post') && !$this->request->is('token')) { return; } $user = $this->Auth->identify(); if ($user === true) { $this->Flash->success(__('A one-time login URL has been emailed to you')); return; } if ($user) { $this->Auth->setUser($user); return $this->redirect($this->Auth->redirectUrl()); } $this->Flash->error(__('Email is incorrect'), [ 'key' => 'auth' ]); }
If you noticed, this is very similar to the default way of doing things, with the difference
that it checks for a token
type of request and handling $user === true
(returned when email
is sent).
For sending the email, there are different approaches you can take. The simplest one (demonstrated
here), uses the UsersController
as the object listening to the Auth.afterIdentify
event. A mailer
would be another way of handling that.
The code:
// src/Controller/UsersController.php public function implementedEvents() { return parent::implementedEvents() + [ 'Auth.afterIdentify' => 'afterIdentify', ]; } public function afterIdentify(Event $event, $result, HyperlinkAuthenticate $auth) { if (!$this->request->is('post')) { return; } $token = $auth->token($result); $url = Router::url($this->Auth->config('loginAction') + ['?' => compact('token')], true); Email::deliver($result['email'], 'Login link', $url, ['from' => 'no-reply@' . env('HTTP_HOST')]); return true; }
Patches & Features
- Fork
- Mod, fix
- Test - this is important, so it's not unintentionally broken
- Commit - do not mess with license, todo, version, etc. (if you do change any, bump them into commits of their own that I can ignore when I pull)
- Pull request - bonus point for topic branches
To ensure your PRs are considered for upstream, you MUST follow the CakePHP coding standards.
Bugs & Feedback
http://github.com/usemuffin/hyperlinkauth/issues
License
Copyright (c) 2016, Use Muffin and licensed under The MIT License.