Auth

Quantum ships with powerful Auth library which includes complete Authentication and Authorization features for Web and API.

The philosophy behind the Auth library is to not rely only to the database but instead consider that user repository can be anything from regular file, database or even some online service working with its API and SDK etc.
This means also that you are not forced to use some kind of predefined table structure for users.

The key role here plays the service AuthService which becomes the bridge between the controller and user repository where you can defined all the keys and field names to correspond to your repository.

The AuthService should implement interface AuthServiceInterface and complete several methods.


class AuthService extends Qt_Service implements AuthServiceInterface
{

...

}

The method getVisibleFields() meant to return the fields that will be available in user object


public function getVisibleFields()
{
    return [
        'username',
        'firstname',
        'lastname',
        'role'
    ];
}

The method getDefinedKeys() meant to return the repository key fields to map to AuthService.


public function getDefinedKeys()
{
    return [
        'usernameKey' => 'username',
        'passwordKey' => 'password',
        'activationTokenKey' => 'activation_token',
        'rememberTokenKey' => 'remember_token',
        'resetTokenKey' => 'reset_token',
        'accessTokenKey' => 'access_token',
        'refreshTokenKey' => 'refresh_token',
    ];
}

The method get($field, $value) is the place where need to be implemented the logic of getting the user.


public function get($field, $value) : array
{
    if ($value) {
        foreach (self::$users as $user) {
            if (in_array($value, $user)) {
                return $user;
            }
        }
    }
    return [];
}

The method add($user) is the place where need to be implemented the logic of saving the user.


public function add($data)
{
    $user = [];
    
    $allFields = array_values($this->getDefinedKeys());

    foreach ($allFields as $field) {
        $user[$field] = $data[$field] ?? '';
    }

    if (count(self::$users) > 0) {
        array_push(self::$users, $user);
    } else {
        self::$users[1] = $user;
    }

    $this->persist();
    
    return $user;
}

The method update($field, $value, $data) is the place where need to be implemented the logic of updating the user.


public function update($field, $value, $data)
{
    $allFields = array_values($this->getDefinedKeys());

    if ($value) {
        foreach (self::$users as &$user) {
            if (in_array($value, $user)) {
                foreach ($data as $key => $val) {
                    if (in_array($key, $allFields)) {
                        $user[$key] = $data[$key] ?? '';
                    }
                }
            }
        }
    }
    
    $this->persist();
}

The persist() is just a helper function to store the data and not a part of Auth library

In the config file you need to specify the auth type and the auth service. The auth type can be web and api, the service should point to the AuthService that were created.


return [
    'type' => 'web',
    'service' => Base\Services\AuthService::class
];

The library Auth provides several methods to use in your controller to have complete Authentication and Authorization system ready.

signup() - The method will sign up the user and will send email with activation link.

signin($username, $password, $remember = false) - The method attempts to sign in a user.
If the 3rd $remember argument is true then a cookie will be set in browser, which will auto sign in the user.

*Note that the ApiAuth does not have 3rd $remember argument.

signout() - The method will sign out a user and will delete all related cookies if applicable.

*Note that in case of ApiAuth you need to pass refresh_token via header to successfully signout

user() - The method will return user object with all defined visible fields.

check() - The method returns true of the user is signed in and false if not

activate($token) - The method will activate the user account

forget(Mailer $mailer, $email) - The method will generate and send a token the user email.

reset($token, $password) - The method will reset the user password via forget token.

getUpdatedTokens(array $user) - The method returns new access and refresh tokens.

*Note that the getUpdatedTokens() method available only for ApiAuth.

Quantum provides auth() helper function, which is a facade to all Auth features.

For example to check if the user is signed in:


if (!auth()->check()) {
    redirect(base_url() . '/signin');
}

Or to get current signed in user data (which will output all the visible fileds):


    out(auth()->user());

<< Prev Next >>