albertotain/cakephp-recover-password

Easily issue tokens that can be used for mail authentication.

Maintainers

Details

github.com/albertotain/cakephp-recover-password

Homepage

Source

Issues

Installs: 37

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

Type:cakephp-plugin

1.0 2020-10-15 08:51 UTC

Requires

Requires (Dev)

MIT b1a11d1e993fd714831a5b0631c09b9bcb3dc355

plugincakephptokenjwt

This package is auto-updated.

Last update: 2024-07-06 09:30:59 UTC

README

Token Verify plugin for CakePHP4

MIT License

JWT for mail authentication.

Easily issue tokens(JWT) that can be used for mail authentication.
No need for token field in table.
one-time/url-safe/safety 👍

Requirements

  • PHP 8.1+
  • CakePHP 4.4+

Example

reset password

CREATE TABLE users (
    id INT AUTO_INCREMENT PRIMARY KEY, # Required
    name VARCHAR(255) NOT NULL,
    email VARCHAR(255) NOT NULL,
    password VARCHAR(255) NOT NULL,
    created DATETIME,
    modified DATETIME # Required
);
// app/src/Model/Entity/User.php

use Token\Model\Entity\TokenTrait;

class User extends Entity
{
    use TokenTrait;
}
// app/src/Controller/UsersController.php

use Cake\Routing\Router;
use Token\Util\Token;

class UsersController extends AppController
{

    public function forgotPassword()
    {
        if ($this->request->is('post')) {
            $email = $this->request->getData('email');
            $user = $this->Users->findByEmail($email)->first();
            if ($user) {
                $token = $user->tokenGenerate();
                $url = Router::url(['controller' => 'User', 'action' => 'resetPassword', $token], true);
                // send email
            }
        }
    }

    public function resetPassword($token)
    {
        $user = $this->Users->get(Token::getId($token));
        if (!$user->tokenVerify($token)) {
            throw new \Cake\Network\Exception\NotFoundException();
        }

        if ($this->request->is('post')) {
            $user = $this->Users->patchEntity($user, $this->request->getData());
            if ($this->Users->save($user)) {
                // success
            } else {
                // error
            }
        }
    }
}

Usage

Required database field

  • id field
  • modified field

By using modified field, JWT can be used as one-time tokens.
JWT should be discarded when the table is updated.

Token\Model\Entity\TokenTrait

Used in entity.

tokenGenerate($minits = 10)

// token generate(default token expiration in 10 minits)
$token = $entity->tokenGenerate();

// token generate(token expiration in 60 minits)
$token = $entity->tokenGenerate(60);

tokenVerify($token)

$user->tokenVerify($token) // true or false

setTokenData($name, $value)

※ It does not encrypt the set data

$user->setTokenData('test', 'testdata')

Token\Util\Token

Token::getId($token)

Token::getId($token) // id or false

Token::getData($token, $name)

Token::getData($token, 'test') // data or false