Skip to content

fetchandadd/guardian

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
phpunit/tests
phpunit/tests
 
 
src
src
 
 
.coveralls.yml
.coveralls.yml
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 
phpunit.xml
phpunit.xml
 
 

Repository files navigation

Guardian

Build Status Coverage Status GitHub license

Guardian provides an adapter between an authentication backend and your PSR-15 middleware stack

  • Compatible to the PSR-15 middleware interface
  • Adaptable to your authentication backend with a simple interface
<?php

// create a new authentication backend which implements the AuthenticationInterface
$authenticationBackend = new AuthenticationBackend();

// using e.g. mindplay-dk/middleman as a dispatcher for the middleware stack
$response = (new Dispatcher(
    [   
        // inject Guardian with the authentication backend instance
        new Guardian($authenticationBackend),
        // ... more middlwares e.g. a router
        new Router()
    ]
))->dispatch($request);

Authentication Backend

The focus of Guardian is on the adaptation of an authentication backend with a PSR-15 middleware stack.

This means that Guardian itself is not capable of providing authentication e.g. Basic access authentication. But Guardian ships with a simple interface that can be implemented by the authentication backend. The interface consists of two methods.

<?php

interface AuthenticationInterface
{

    /**
     * @param ServerRequestInterface $request
     * @return bool
     */
    public function authenticate(ServerRequestInterface $request);
    
    /**
    * @return ResponseInterface
    */
    public function getAuthenticationFailedResponse();

}

authenticate

The authenticate method receives the current request as a parameter and must return a boolean (which stands for access approved respectively access denied) .

getAuthenticationFailedResponse

The getAuthenticationFailedResponse method must return a ResponseInterface instance. It's called by Guardian in case of access denied to return a ResponseInterface instance to the middleware pipeline. The fact that the authentication backend is in charge to provide a proper ResponseInterface instance is due to the need of custom properties.

E.g. an authentication backend, which supports the Basic access authentication, "should return a response whose header contains a HTTP 401 Unauthorized status and a WWW-Authenticate field. The WWW-Authenticate field for basic authentication (used most often) is constructed as following: WWW-Authenticate: Basic realm="User Visible Realm"" [WIKI]

About

Authentication middleware for PSR-15

Topics

php middleware authentication psr-15

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages