Welcome Guest, Not a member yet? Register   Sign In
Myth:Auth
#1

(This post was last modified: 12-11-2019, 10:50 PM by kilishan.)

I came here to announce that beta-2 of Myth:Auth was just released and is a recommended update for anyone using it. Then I realized that I don't believe I ever officially announced it here. A few people have let others know about it for me (which I appreciate!) but that's not the same.

Consider this your formal announcement Smile

What is Myth:Auth?

Myth:Auth handles your basic password-based authentication in the most secure manner that I know of. Some of the features are:

- Password-based authentication with secure remember-me functionality
- A flat role-based authorization system based on groups and permissions. Users can be in multiple groups. Permissions can be found from any of the groups the user is part of or specific to a single user.
- Easily extendable password validation for when a user is registering. Currently does basic length-only checks (as NIST doesn't recommend composition-based rules anymore), as well as checking variations of the user's personal info, and can check against known pwned passwords, either locally with a file of about 600,000 bad/hacked passwords, or through Have I Been Pwned.
- Simple, easily replaceable, views for login, registration, and forgotten password flow.
- Supports email verification.
- Group and Permission filters for routing or controller filters to restrict routes by. Also an auth trait for use within controllers themselves.
- Debug toolbar integration

At some point in the future I would like to extend it to support other forms of authentication, like HTTP Basic/Digest, JWT, or social logins. No promises when that might happen, but that is planned to happen at some point.
Reply
#2

Thanks Lonnie! I’ve been using Myth:Auth for many months and it’s a great module - easy to use, versatile, extensible. I’ve just completed my first extension (Firebase Auth) and had to the chance to dig in. 

Anyone new to Myth:Auth should definitely check it out. Not only is it a sound Auth solution but it’s a great example of how to build a CodeIgniter 4 module.
Reply
#3

(This post was last modified: 12-12-2019, 05:47 AM by InsiteFX.)

Thank you Lonnie, II have also been using it for several months and find it
a great learning module for CodeIgniter 4.

I also recommend what @MGatner states at the bottom of his post.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#4

Thank you! I think it would be nice to automatically activate the account when the user changing the password.

Basic App, an open source simple CMS based on CodeIgniter 4
Reply
#5

@Basic App there are a few different ways to activate so it isn't assumed that validating email is the same as activating. I think the general idea is good though - maybe open a Feature Request on GitHub, and those interested can chime in with ideas?
Reply
#6

(12-17-2019, 07:36 AM)MGatner Wrote: @Basic App there are a few different ways to activate so it isn't assumed that validating email is the same as activating. I think the general idea is good though - maybe open a Feature Request on GitHub, and those interested can chime in with ideas?

If the first registration message was not received, I could not find a way to activate my account.
If the confirmation of the email and its activation are two different things, then you need to be able to resend the activation code.

Basic App, an open source simple CMS based on CodeIgniter 4
Reply
#7

(12-17-2019, 08:52 AM)Basic App Wrote: If the first registration message was not received, I could not find a way to activate my account.
If the confirmation of the email and its activation are two different things, then you need to be able to resend the activation code.

Good catch. Please make an issue over at Github. Bugs will only get lost here. Smile
Reply
#8
Thumbs Up 

Really thanks for this contribution man.We appreciate it. Time for me to taste the functionality ..  Big Grin
Reply
#9

I'm not sure if this is the right space to talk about support, but I'm not finding another venue.... so feel free to point me in the right direction if available. Just started using CI4, and I'm a little lost in some of the changes still, namespacing is something I haven't gotten into, for example.

So, trying to understand how Myth works is a bit over my head.  I've gone through the Github readme, and I have it installed via Composer, and successfully ran through these steps:

Quote:
  1. Edit app/Config/Email.php and verify that a fromName and fromEmail are set as that is used when sending emails for password reset, etc.

  2. Edit app/Config/Validation.php and add the following value to the ruleSets array: 
    \Myth\Auth\Authentication\Passwords\ValidationRules::class
  3. Ensure your database is setup correctly, then run the Auth migrations:

    php spark migrate -all

Now what? I see the generated views under '/app/Views/Auth', and the 'AuthController.php'.
Do I create a new controller extending AuthController, and then copy/paste/override the AuthController methods in my controller?
Reply
#10

Just call login or register in the browsers window and it should bring up those views.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply




Theme © iAndrew 2016 - Forum software by © MyBB