flosch/proxy-bundle

Authenticated symfony3 bundle: Authentication layer on top of a PHP proxy.

Symfony FloschProxyBundle

Authenticated symfony bundle: provides an authentication layer on top of a PHP proxy., _(*1)

This bundle provides a User model and a YamlUserProvider, to authenticate users based on a yml file. It also provides a Symfony command to add users with encrypted passwords., _(*2)

Once the user is connected, it provides a PHP proxy thanks to Guzzle PHP library, currently v6., _(*3)

Why?

This bundle is usefull if you want to proxy an HTTP application, with an authentication layer a bit stronger than http standards such as HTTP_BASIC., _(*4)

Security

Please note that this bundle will be security-wise usefull if, and only if, you can provide an HTTPS certificate for your domain., _(*5)

Requirements

• Symfony 3.0 or above

Installation

To install this bundle, run the command below and you will get the latest version from Packagist., _(*6)

``` bash composer require flosch/proxy-bundle, <sub>(*7)</sub>

### Usage
Load required bundles in AppKernel.php:
``` php
// app/AppKernel.php
public function registerBundles()
{
    $bundles = [
        // [...]
        new Flosch\Bundle\ProxyBundle\FloschProxyBundle()
    ];
}

Set up configuration, <sub>(*8)</sub>

``` yaml, <sub>(*9)</sub>

app/config/config.yml

twig: # [...] globals: proxy_title: Your Proxy title, <sub>(*10)</sub>

FloschProxyBundle uses assetic (for the login page)

However, you can override the templates and manage it yourself in any other way if you prefer.

assetic: # [...] bundles: [ FloschProxyBundle ], <sub>(*11)</sub>

flosch_proxy: base_url: http://127.0.0.1:8888/ # The URL you will actually proxy users_provider_file_path: "%kernel.root_dir%/../var/users.yml", <sub>(*12)</sub>

###### Style

For the login page, FloschProxyBundle uses an icons font called [Font Awesome][3].
If you wish to keep the icons of the login page, you will need to copy the fonts sources to the `web/fonts` folder of your project.
If you prefer not to use it, feel free to surcharge the login page template, by extending this bundle, as explained later in this doc.

Set up routing
# app/config/routing.yml or any other routing file
``` yaml
flosch_proxy:
    resource: "@FloschProxyBundle/Resources/config/routing.yml"
    prefix:   /

Set up security ``` yaml, <sub>(*13)</sub>

app/config/security.yml

security: encoders: # The FloschProxyBundle User model class, you can choose your favorite encoder Flosch\Bundle\ProxyBundle\Model\User: algorithm: bcrypt cost: 17, <sub>(*14)</sub>

providers:
    # [...]
    proxy_users:
        id: flosch_proxy.provider.yaml_user_provider

firewalls:
    # [...]
    flosch_proxy_app_login:
        pattern:  ^/login$
        security: false

    flosch_proxy_app:
        pattern:  ^/
        provider: proxy_users
        form_login:
            check_path: flosch_proxy_login_check_page
            login_path: flosch_proxy_login_page
            always_use_default_target_path: true
            default_target_path: /
        logout:
            path:   flosch_proxy_logout_page
            target: /

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_USER }

### Authentication and users management
Here we are!

This bundle comes with a service called YamlUserProvider, providing users from a yaml file.
To add an access, add a new yaml array of this user's informations :

``` yml
# /path/of/your/users.yml
username:
    salt: # the salt used to encrypt the password, depending of the encoder you chosse, this might be optional (ex: bcrypt).
    password: # the encrypted password

You also have two commands to manage users from the console :, <sub>(*15)</sub>

To create a new user :, <sub>(*16)</sub>

``` bash php bin/console flosch-proxy:users:create [username] [password] [--all], <sub>(*17)</sub>

Both username and password arguments are optionnal, the command will ask for it if you do not provide it.
The ````--override```` (or ````-o`````) option allow to replace an existing user's password (if the user does not exists, he will be created).

To remove an existing user :

``` bash
php bin/console flosch-proxy:users:remove [username] [--all]

Username argument is optionnal, the command will ask for it if you do not provide it. The --all option allow to remove every existing users from the file., <sub>(*18)</sub>

Extend the bundle

The Bundle itself provides the security layer, with login and logout routes ; And a default login page, before "proxying" routes through the Guzzle client., <sub>(*19)</sub>

As a symfony bundle, you can extend it, to benefits of Symfony inheritance, Then override resources and / or controllers:, <sub>(*20)</sub>

Controller/
    ProxyController.php --> Manage PHP proxy once authenticated
    Security/
        AuthenticationController.php --> Manage authentication
Resources/
    views/
        layout.html.twig --> Base template with HTML doctype
        Security/
            login.html.twig --> Login page template

All you need to do is setting up your own bundle as child of FloschProxyBundle:, <sub>(*21)</sub>

``` php // src/YourBundleName/YourBundleName.php namespace YourBundleName;, <sub>(*22)</sub>

use Symfony\Component\HttpKernel\Bundle\Bundle;, <sub>(*23)</sub>

class YourBundleName extends Bundle { public function getParent() { return 'FloschProxyBundle'; } } ```, <sub>(*24)</sub>

Authors

• Florent Schildknecht ([Portfolio][5])

License

This bundle is released under the MIT license, <sub>(*25)</sub>