README

Introduction

A Mezzio 3 Skeleton Application with Authentication and Authorization Example.

Features

Authentication secured with csrf
Authentication using prg for usability
Authentication with remember me functionality
Authentication notification with Session Flash
Authorization with ACL
isGranted check in the Layout
getRole check in the Layout

Install

$ composer create-project samsonasik/mezzio-authentication-with-authorization -sdev
$ cd mezzio-authentication-with-authorization
$ cp config/autoload/local.php.dist config/autoload/local.php

Configuration

Configure your config/autoload/local.php with your local DB config with username and password field. There are examples of dsn for both PostgreSQL and MySQL that you can modify.

For PostgreSQL

The following commands are example if you are using PostgreSQL (assumption using user "postgres" and create db named "mezzio"), you can create users table with insert username and bcrypt hashed password with pgcrypto extension into users table:

$ createdb -Upostgres mezzio
Password:

$ psql -Upostgres mezzio
Password for user postgres:

psql (12.1)
Type "help" for help.

mezzio=# CREATE TABLE users(username character varying(255) PRIMARY KEY NOT NULL, password text NOT NULL, role character varying(255) NOT NULL DEFAULT 'user');
CREATE TABLE

mezzio=# CREATE EXTENSION pgcrypto;
CREATE EXTENSION

mezzio=# INSERT INTO users(username, password, role) VALUES('samsonasik', crypt('123456', gen_salt('bf')), 'user');
INSERT 0 1

mezzio=# INSERT INTO users(username, password, role) VALUES('admin', crypt('123456', gen_salt('bf')), 'admin');
INSERT 0 1

and you will get the following data:

For MySQL

The following commands are example if you are using MySQL (assumption using user "root" and create db named "mezzio"), you can create users table with insert username and bcrypt hashed password:

$ mysql -u root -p -e 'create database mezzio'
Enter password:

$ mysql -u root
Enter password:

mysql> use mezzio
Database changed

mysql> CREATE TABLE users(username varchar(255) PRIMARY KEY NOT NULL, password text NOT NULL, role varchar(255) NOT NULL DEFAULT 'user');
Query OK, 0 rows affected (0.01 sec)

mezzio=# INSERT INTO users(username, password, role) VALUES('samsonasik','$2a$06$Nt2zePoCfApfBGrfZbHZIudIwZpCNqorTjbKNZtPoLCVic8goZDsi', 'user');
Query OK, 1 row affected (0.01 sec)

mezzio=# INSERT INTO users(username, password, role) VALUES('admin', '$2a$06$Y2TtankzyiK/OF1yZA4GsOJBhuoP7o99XbfufEeJ0OOJwjUcPB9LO', 'admin');
Query OK, 1 row affected (0.01 sec)

and you will get the following data:

The Authorization Config

The authorization configuration saved at config/autoload/global.php as ACL:

<?php

// config/autoload/global.php

declare(strict_types=1);

return [
    // ...
    'mezzio-authorization-acl' => [
        'roles'     => [
            'guest' => [],
            'user'  => ['guest'],
            'admin' => ['user'],
        ],
        'resources' => [
            'api.ping.view',
            'home.view',
            'admin.view',
            'login.form',
            'logout.access',
        ],
        'allow'     => [
            'guest' => [
                'login.form',
                'api.ping.view',
            ],
            'user'  => [
                'logout.access',
                'home.view',
            ],
            'admin' => [
                'admin.view',
            ],
        ],
    ],
    // ...
];

Running

Clear browser cache
Run the php -S command:

$ php -S localhost:8080 -t public

Open browser: http://localhost:8080
Login with username : samsonasik, password: 123456 OR username : admin, password : 123456. If you're a logged in user with "user" role, and open /admin page, it will show like the following (403 Forbidden), eg: see in Firefox developer tools under "Network" monitor:

Test

Tests are located under test directory, you can run test with composer command:

$ composer test

samsonasik / mezzio-authentication-with-authorization

Maintainers

Details