Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to do the authentication regarding user table in DB? #44

Open
mjza opened this issue Apr 7, 2020 · 8 comments
Open

How to do the authentication regarding user table in DB? #44

mjza opened this issue Apr 7, 2020 · 8 comments
Assignees
@mevdschee
Labels
help wanted

Comments

@mjza
Copy link

mjza commented Apr 7, 2020
edited
Loading

It seems the login is done by hard coding!

'validate' => function ($username, $password) {
      return $username == 'admin' && $password == 'admin';
},

While I expect it does the validation with a user table in the DB!

Also I activated this config in the api.php:

    'middlewares' => 'dbAuth,authorization',
   'authorization.tableHandler' => function ($operation, $tableName) {
         return $tableName != 'users';
   },

But then it will show the following error in the vanila.html after login by admin:admin:

{ "code": 1012, "message": "Authentication failed'" }

So it seems I need to connect the auth.php and api.php somehow to have the same session data and also do the authentication regarding a DB table!
@mjza
Copy link
Author

mjza commented Apr 7, 2020

Maybe a better question is, Is there any example for DB authentication?

@mevdschee
Copy link
Owner

It seems the login is done by hard coding!

You should replace that with your own implementation

Is there any example for DB authentication?

Not yet, but I fully understand your need for one.

@mevdschee mevdschee self-assigned this Apr 7, 2020
@nilopaim
Copy link

nilopaim commented Oct 27, 2020
edited
Loading

Hi, Maurits.

Any news about this example?

As I don't have great knowledge in php, this example would help me a lot...

My use case:

  • Application using Vue 2, SPA
  • A table in my DB with user's details, including login, passsword and profile (common user, manager, admin, etc...)
  • Using php-crud-api to access my tables from Vue completelly functional...

TIA.

@mevdschee
Copy link
Owner

Any news about this example?

Did you see this? https://github.com/mevdschee/vue-crud-ui

It does not use "dbAuth" or "jwtAuth" or "basicAuth" middleware, but that is relatively easy to add.

Is that what you are looking for?

@mevdschee
Copy link
Owner

@nilopaim Maybe you can add the front-end for the login on that repo (via a PR) and then I'll add the back-end config?

I'm not that familiar with Vue.

@mevdschee
Copy link
Owner

If you want to implement the 'jwtAuth' flow, then you may want to read: https://github.com/mevdschee/php-api-auth

@nilopaim
Copy link

@mevdschee I'm not a security guy, and due to this I think I'm lost on the flow...

I have the frontend for the login, asking username and password, that I can validate using php-crud-api.

Should I ask for php-api-auth generates me a JWT token ou could I only store this data on my frontend and use it to allow/disallow things on my application?

I'll be grateful for any hints...

@FadelSultan
Copy link

Hello @mevdschee
Thank you for helping us.
I upload api.php and auth.php in the same folder and I config api.php for database MySQL, after that I call URL direct without auth data from the browser and I saw the result :(

How can I use auth.php ):

I mean I don't want to access URL directly without auth.

Thank's

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mevdschee mevdschee

Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mevdschee @nilopaim @mjza @FadelSultan