Authentication

This software includes a dedicated module for authentication called Auth, which is responsible for handling user sign-in/login, password resets, user sign-up/registration, and more.

User signin/login

To access the user sign-in/login page for this software, open any web browser and go to: http://[base_url]/[lang]/auth. After a successful login, the user will be redirected to their dashboard.

In web browser address bar: http://[base_url]/[lang]/auth

If someone attempts to access a protected area of this software, they will automatically be redirected to the sign-in/login page. An informational type alert will notify them that they must be signed in to access that area. Once the user successfully signs in, they will be redirected to the URL they were originally trying to access, rather than the default sign-in/login route. This feature improves usability and enhances the overall user experience.

In web browser address bar: http://[base_url]/[lang]/auth?next=http://[base_url]/[lang]/admin-nUdAsOFt/users

User password reset

If a user forgets their password, they can reset it using the password reset option in the authentication module. This feature is accessible through few different methods.

1. By accessing the password reset feature through a direct URL.

   http://[base_url]/[lang]/auth/reset

2. By accessing through the link on the user sign-in/login page.

   

3. By accessing through the link on the password gate page (You can find more information about password gates below on this page.).

   

Either way, when you access the password reset option, it should display pages like the ones shown in the images below.

If the user is not signed in/logged in

If the user is signed in/logged in

If users are not signed in/logged in, they can enter their email or username to request a password reset email. If they are already signed in/logged in, they can simply request the password reset email by clicking the continue button. The password reset email will contain a 6-digit number. This number will only be valid for a predefined period of time, which can be configured in the corresponding config file or on the corresponding system module settings page.

What the password reset email looks like (In this image, it is zoomed out)

This is what the password reset code entry view looks like

After entering that number users will be able to set their new password

There are a few user password reset-related configurations available. You can configure them in the corresponding auth module configuration file or on the system auth module settings page. You can find more information about these configurations below on this page.

User signup/registration

The user signup/registration option is only available if that option is enabled in the corresponding auth module configuration file or on the system auth module settings page. If that option is enabled, users will be able to access it via the URL: http://[base_url]/[lang]/auth/signup.

There are a few user signup/registration-related configurations available. You can configure them in the auth module configuration files or on the system auth module settings page. More information about these configurations can be found below this page.

Auth gates

Auth gates refer to various methods used to verify that the currently signed-in user is indeed the person actively using the system. This is crucial for security because a signed-in user might leave their computer without logging out, allowing someone else to perform sensitive or critical actions on their behalf.

Each gate type has two variations:

1. Pre

   Pre-gates are used before an action takes place, such as displaying a view.

2. Post

   Post-gates are used after an action, such as submitting a form.

There is a common library called Gates within the Auth module. This library provides a way to implement various types of gates for controllers. Each gate type has its own dedicated controller and route.

Additionally, authentication gates are configurable ([app_root]/Nudasoft/Auth/Config/Gates.php). For instance, password gates include a configuration option that determines how long the verified password state remains active (i.e., in minutes). During this period, password gates are bypassed. Once the duration expires, the password gates are reactivated.

This behavior can also be customized. For example, if you need to enforce gates every time a user attempts a specific action, you can configure them accordingly. Moreover, the verified state starts every time a user signs in, ensuring that users are not prompted by password gates unnecessarily during that session. This improves the user experience by reducing repetitive prompts, which might otherwise frustrate users.

Password gates

As the name suggests, password gates verify the currently signed-in user's current password.

To understand how to integrate password gates into controllers, review the controller files in the Users module related to user settings, such as Profile, Account, Security, and Email. These files provide clear insights into adding pre/post gate variations, redirecting to gate controllers, invalidating gates, and more.

Auth module default configurations

The authentication module offers several configuration options. These options come with default values but can be customized in the configuration file located at [app_root]/Nudasoft/Auth/Config/Main.php. There is no need to detail each option here, as every configuration setting is thoroughly commented within the file, providing all the information you need. Be sure to review these helpful comments for guidance when making adjustments.

Overriding auth module default configurations

You can easily override certain authentication module configurations on the system auth module settings page. This eliminates the need to modify the default values directly in the configuration file. However, some configuration options are only available for adjustment within the configuration file itself.

The 'User' library usage

This software comes with a custom library called User under the Auth module. It has few methods that can be used to do things that related to user authentication. For example, make a user signed-in, signed-out and etc.

This library is located at [app_root]/Nudasoft/Auth/Libraries/User.php. It is an autoloaded library, so you don’t need to load it manually each time you use it; it’s available globally throughout the application. In this chapter, we will discuss only a few methods related to user authentication. Other methods, such as those for user permissions, will be covered in the User permissions chapter.

1. signin(int $userID): void

   Make user authenticate/signin. Must provide a user id.

                                   
                                       // Example usage
                                       $this->auth_userLibrary->signin($userID);
                                   
                               

2. signout(bool $sessionDestroy = false): void

   Make user unauthenticate/signout. By default this method only remove session data not the session itself. But if you want to remove current session completely, then pass boolean true as the first parameter.

                                   
                                       // Example usage
                                       $this->auth_userLibrary->signout();
                                   
                               

3. isSignin(): bool

                                   
                                       // Example usage
                                       if ($this->auth_userLibrary->isSignin()) {
                                           // User is signed in.
                                       } else {
                                           // User is not signed in.
                                       }
                                   
                               

There are many other methods available in the User library. Please take a look to gain a thorough understanding of how they work.