php-api-auth icon indicating copy to clipboard operation
php-api-auth copied to clipboard
verified publisher icon mevdschee

How to do the authentication regarding user table in DB?

Open mjza opened this issue 5 years ago • 8 comments

It seems the login is done by hard coding!

'validate' => function ($username, $password) {
      return $username == 'admin' && $password == 'admin';
},

While I expect it does the validation with a user table in the DB!

Also I activated this config in the api.php:

    'middlewares' => 'dbAuth,authorization',
   'authorization.tableHandler' => function ($operation, $tableName) {
         return $tableName != 'users';
   },

But then it will show the following error in the vanila.html after login by admin:admin:

{ "code": 1012, "message": "Authentication failed'" }

So it seems I need to connect the auth.php and api.php somehow to have the same session data and also do the authentication regarding a DB table!

mjza avatar Apr 07 '20 08:04 mjza

Maybe a better question is, Is there any example for DB authentication?

mjza avatar Apr 07 '20 09:04 mjza

It seems the login is done by hard coding!

You should replace that with your own implementation

Is there any example for DB authentication?

Not yet, but I fully understand your need for one.

mevdschee avatar Apr 07 '20 09:04 mevdschee

Hi, Maurits.

Any news about this example?

As I don't have great knowledge in php, this example would help me a lot...

My use case:

  • Application using Vue 2, SPA
  • A table in my DB with user's details, including login, passsword and profile (common user, manager, admin, etc...)
  • Using php-crud-api to access my tables from Vue completelly functional...

TIA.

nilopaim avatar Oct 27 '20 22:10 nilopaim

Any news about this example?

Did you see this? https://github.com/mevdschee/vue-crud-ui

It does not use "dbAuth" or "jwtAuth" or "basicAuth" middleware, but that is relatively easy to add.

Is that what you are looking for?

mevdschee avatar Oct 28 '20 07:10 mevdschee

@nilopaim Maybe you can add the front-end for the login on that repo (via a PR) and then I'll add the back-end config?

I'm not that familiar with Vue.

mevdschee avatar Oct 28 '20 07:10 mevdschee

If you want to implement the 'jwtAuth' flow, then you may want to read: https://github.com/mevdschee/php-api-auth

mevdschee avatar Oct 28 '20 07:10 mevdschee

@mevdschee I'm not a security guy, and due to this I think I'm lost on the flow...

I have the frontend for the login, asking username and password, that I can validate using php-crud-api.

Should I ask for php-api-auth generates me a JWT token ou could I only store this data on my frontend and use it to allow/disallow things on my application?

I'll be grateful for any hints...

nilopaim avatar Oct 28 '20 12:10 nilopaim

Hello @mevdschee Thank you for helping us. I upload api.php and auth.php in the same folder and I config api.php for database MySQL, after that I call URL direct without auth data from the browser and I saw the result :(

How can I use auth.php ):

I mean I don't want to access URL directly without auth.

Thank's

FadelSultan avatar Jul 08 '21 16:07 FadelSultan