Home Documentation Kohana Authentication Auth (A1) and ACL (A2, ACL): Pt 1, Introduction

Auth (A1) and ACL (A2, ACL): Pt 1, Introduction

JohnPosted on Posted in Authentication, Authorization, Kohana, Moto-trials project

Whatever you do will be insignificant, but it is very important that you do it. – Mahatma Gandhi

Part 1: Introduction
Part 2: The Data Model
Part 3: The Controller
Part 4: It becomes a module
Part 5: Adding ACL

Using http://dev.kohanaframework.org/projects/acl/wiki

Other Resources:
Using Mixu’s tech blog: Kohana 3 Auth
Using Nano Documet: Kohana 3: AUTH, A2 & ACL

Download

  • https://github.com/Wouterrr/A1/archive/3.3/develop.zip
  • https://github.com/Wouterrr/A2/archive/3.3/develop.zip
  • https://github.com/Wouterrr/ACL/archive/3.3/develop.zip

and copy into modules directory, renaming to A1, A2, ACL

As of 10th June 2013 I had to modify /modules/A1/classes/A1/Core.php to work with K3.3

Index: Core.php @@ -117,8 +117,8 @@
  if ( is_object($this->_user) && $this->_config['prevent_browser_cache'] === TRUE)
  {
      // prevent browser caching of all responses when a user is logged in
-     Request::$initial->response()->headers('Cache-Control', 'no-store,
                                     no-cache, must-revalidate, post-check=0, pre-check=0');
-     Request::$initial->response()->headers('Pragma', 'no-cache');
+     Response::factory()->headers('Cache-Control', 'no-store,
                                     no-cache, must-revalidate, post-check=0, pre-check=0');
+     Response::factory()->headers('Pragma', 'no-cache');
  }

  return $this->_user;

(See Release(s): A1 – Authentication, ACL – ACL for Kohana, A2 – Object-Level Authorization)

Copy

  • modules/A1/config/a1.php to application/config/a1.php
  • modules/A1/config/a2.php to application/config/a2.php

In config/a1.php set all optional fields, just because we want to. These fields MUST now all exist in the users table.

	'columns'   => array(
		'username'    => 'username',
		'password'    => 'password',
		'token'       => 'token',
		'last_login'      => 'last_login',    // (optional)
		'logins'          => 'logins',        // (optional),
		'last_attempt'    => 'last_failure',  // (optional),
		'failed_attempts' => 'failed_logins', // (optional)
	),

In config/a2.php add an admin role. This must have AT LEAST the same privileges as the guest role (.e. login, logout)

	'roles' => array
	(
	   // BASE ROLES
	   'admin' => 'guest',
         ),

In config/a2.php add a rule for the (default) guest role. Allow access to user/login and user/initialise

	'rules' => array
	(
	   'allow' => array
	   (
	      'guest' => array(
		 'role' => 'guest',
		 'resource' => 'user',
		 'privilege' => array('login','logout','initialise')
            ),
         ),

BOOTSTRAP.PHP
Add a salt (https://api.wordpress.org/secret-key/1.1/salt/)

/**
 * Cookie
 */
// Set the magic salt to add to a cookie
Cookie::$salt = 'BRFV4+/@#QR%~X>Q+oDBY]IU.MSHp2R';
// Set the number of seconds before a cookie expires
Cookie::$expiration = Date::WEEK; // by default until the browser close

Enable the modules

/**
 * Enable modules. Modules are referenced by a relative or absolute path.
 */
Kohana::modules(array(
	   'a1'  => MODPATH.'A1',  // Basic Authentication
	   'acl' => MODPATH.'ACL', // Access Control
	   'a2'  => MODPATH.'A2',  // Object-Level Authorization

Add a route to admin functions

/*
 * Authentication shortcuts
 */

Route::set('auth', '<action>',
	   array(
	      'action' => '(?i)(login|logout)'
	      ))
->defaults(array(
	      'directory' => '',
	      'controller' => 'User'

Route::set('admin', 'admin/(<controller>(/<action>(/<club_id>(/<event_id>))))',
	   array('controller' => '(?i)results'))