falco442/cakephp-3-token-auth

TokenAuth plugin for CakePHP

Cakephp-TokenAuth Plugin

This is the plugin for make an authentication done with Tokens., _(*1)

Requirements

• CakePHP 3.x

Installation

Getting plugin

You can install the plugin by manually download, or by composer, _(*2)

composer require falco442/cakephp-3-token-auth

Preparing tables

Put into the table you use for authentication model ('users') the fields 'token' (varchar(255)) and 'token_created' (datetime)., _(*3)

Loading plugin

Load the plugin by calling, _(*4)

Plugin::loadAll();

or, _(*5)

Plugin::load('TokenAuth');

and put the Authentication object in your AppController.php:, _(*6)

public function initialize(){

    parent::initialize();

    // ...

    $this->loadComponent('Auth',[
        'authenticate'=>[
            'TokenAuth.Token'
        ],
        'unauthorizedRedirect'=>false,
        'storage'=>'Memory'
    ]);

    // ...
}

Keep in mind that you can customize the Authentication object with the same parameters you would have used with FormAuthenticate, like userModel and fields, _(*7)

Use

In Controller

You can set up the login action for your controller; for example, the action login() in UsersController.php:, _(*8)

public function login(){
    $user = $this->Auth->identify($this->request,$this->response);
    $this->set(compact('user'));
    $this->set('_serialize',['user']);
}

Since the token authentication is done mainly for API applications, all you need is to retrieve the $user object that contains the new token that TokenAuth automatically generates. This token will be used to do all the calls to the actions that you don't want to be publicly accessible., _(*9)

If you want an action to be public, simply use, _(*10)

$this->Auth->allow(['action-name']);

in the initialize() method in respective controller., _(*11)

The non-public routes that a client will call shall be of the form, _(*12)

GET /uri.json?token=token-received

Reset token

You can reset token by calling the shell, _(*13)

cd cake-root ./bin/cake TokenAuth.token refresh

Note: * the reset token task will take '-15 days' as base token life, but you can customize the shell * the shell take the model User as base, but you can set any model you like, _(*14)

Type in console, _(*15)

cd cake-root ./bin/cake TokenAuth.token refresh --help

to get some help, _(*16)

Useful info

Since we use (mainly) token authentication for api web applications, it is useful to set REST in CakePHP (see this page)., _(*17)

This is done with simple steps:, _(*18)

• modify the cake-root/app/Config/routes.php by adding Router::parseExtensions('json','xml'); (or with the extensions you desires)
• in cake-root/app/Controller/AppController.php add the RequestHandler component; it will parse the extension of the format (json, xml, ...)
• if you want REST you can map the resources (as this page says) with the method Router::mapResources(), to be put in cake-root/app/Config/routes.php