awallef/cakephp-cognito-auth

此包的最新版本(3.4.0.2)没有提供许可证信息。

CakePHP AWS cognito 身份验证

维护者

详细信息

github.com/awallef/cakephp-cognito-auth

源代码

问题

安装: 78

依赖: 0

建议者: 0

安全: 0

星标: 0

关注者: 2

分支: 0

开放问题: 0

类型:cakephp 插件

3.4.0.2 2017-07-31 11:50 UTC

Requires

Requires (Dev)

Suggests

Unknown License f50363207994c642b5880a337a1d44131793a557

This package is auto-updated.

Last update: 2024-09-16 20:31:15 UTC

README

此插件允许您认证 cognito 用户

安装

您可以使用 composer 将此插件安装到您的 CakePHP 应用程序中。

安装 composer 包的推荐方法是

composer require awallef/cakephp-cognito-auth

配置

使用您的 aws 凭证和相关信息配置 auth 组件

'loginAction' => false, // as u want
'unauthorizedRedirect' => false, // as u want
'checkAuthIn' => 'Controller.initialize', // depends where u want it
'storage' => 'Session', // as u want

// Authenticate
'authenticate' => [
	'Awallef/CognitoAuth.Form' => [

		// AWS - REQUIRED
		'region'  => 'eu-central-1',
		'credentials' => [
			'key' => 'XX',
			'secret'  => 'XX',
		],
		'userPoolId' => 'eu-central-1_XX',
		'clientId' => 'XX',
		'clientSecret' => 'XX',

		// traditional stuff - OPTIONAL ( here default values )
	    'fields' => [
	        'username' => 'username',
	        'password' => 'password'
	    ],
	    'userModel' => 'Users',
	    'scope' => [],
	    'finder' => 'all',
	    'contain' => null,
	    'passwordHasher' => 'Default',

	    // create users - OPTIONAL ( here default values ) see User model below
	    'create' => false,

	    // Groups management - OPTIONAL ( here default values ) whether you want to keep an array or not
	    'groupImplode' => true,
	    'groupImplodeGlue' => ',',

		// renaming - OPTIONAL ( here default values + sepcial is_superuser )
	    'fieldsMapping' => [
	      'Username' => 'username',
	      'Enabled' => 'is_active',
	      'UserStatus' => 'status',
	      'sub' => 'id',
	      'Groups' => 'role',
	      'new key' => 'is_superuser', // in order to use cakeDC/Auth
	    ]

	    // values functions - OPTIONAL ( default value is [] ) triggered after fieldsMapping (renaming)
	    'valuesPostOperations' => [
			'role' => function($user, $value){
				return empty($user['role'])? 'no role': $user['role'];
			},
			'is_superuser' => function($user, $value){
				return (is_string($user['role']) && $user['role'] == 'superuser');
			},
		],
	],
]

基本

使用您的 aws 凭证和相关信息配置 auth 组件

'loginAction' => false,
'unauthorizedRedirect' => false,
'checkAuthIn' => 'Controller.initialize',
'storage' => 'Memory', // means you ask aws for each query... so I suggest you to use my plugin cakephp-redis

/* so once Basic grant access, you'll find X-Token header with your token
* then add this X-Token hader with value Bearer XXX ( the previous token )
* so storage keep you session in redis instead of asking for new grant access
'storage' => [
	'className' => 'Awallef/Redis.Redis',
	'redis' => [
		'prefix' => 'your_app_id:token:',
	]
],
*/

// Authenticate
'authenticate' => [
	'Awallef/CognitoAuth.Basic' => [

		// AWS - REQUIRED
		'region'  => 'eu-central-1',
		'credentials' => [
			'key' => 'XX',
			'secret'  => 'XX',
		],
		'userPoolId' => 'eu-central-1_XX',
		'clientId' => 'XX',
		'clientSecret' => 'XX',

		// traditional stuff - OPTIONAL ( here default values )
	    'fields' => [
	        'username' => 'username',
	        'password' => 'password'
	    ],
	    'userModel' => 'Users',
	    'scope' => [],
	    'finder' => 'all',
	    'contain' => null,
	    'passwordHasher' => 'Default',

	    // create users - OPTIONAL ( here default values ) see User model below
	    'create' => false,

	    // Groups management - OPTIONAL ( here default values ) whether you want to keep an array or not
	    'groupImplode' => true,
	    'groupImplodeGlue' => ',',

		// renaming - OPTIONAL ( here default values + sepcial is_superuser )
	    'fieldsMapping' => [
	      'Username' => 'username',
	      'Enabled' => 'is_active',
	      'UserStatus' => 'status',
	      'sub' => 'id',
	      'Groups' => 'role',
	      'new key' => 'is_superuser', // in order to use cakeDC/Auth
	    ]

	    // values functions - OPTIONAL ( default value is [] ) triggered after fieldsMapping (renaming)
	    'valuesPostOperations' => [
			'role' => function($user, $value){
				return empty($user['role'])? 'no role': $user['role'];
			},
			'is_superuser' => function($user, $value){
				return (is_string($user['role']) && $user['role'] == 'superuser');
			},
		],
	],
]

用户模型

您可以通过将创建配置参数设置为 true 来创建系统中的用户副本

// auth settings
...
// create users - OPTIONAL
'create' => true,
...

因此,您需要一个与 aws 字段匹配的用户模型,或者如果您将 AWS 'sub' 字段重命名为 id,则需要通过 fieldsMapping 参数,cognito-auth 需要具有对 id 的写入权限

// auth settings
...
'fieldsMapping' => [
	'Username' => 'username',
	'Enabled' => 'is_active',
	'UserStatus' => 'status',
	'sub' => 'id',
	'Groups' => 'role'
],
...

模型实体

protected $_accessible = [
	'*' => true,
	'id' => true
];

挑战

如果您收到如下挑战错误

SMS_MFA
PASSWORD_VERIFIER
ADMIN_NO_SRP_AUTH
NEW_PASSWORD_REQUIRED

重定向,或要求用户在请求数据对象中提供响应

// + username + password => required 
// 'USERNAME' and 'SECRET_HASH' => will be filled for you
$request->data['Challenge']['responses'] // must be filled

请参阅: aws php SDK #adminrespondtoauthchallenge