Home

Awesome

Usr module

Usr provides basic user actions like:

Advanced features:

See the demo.

Installation

  1. Install Yii2 using your preferred method
  2. Install package via composer
  1. Update config file config/web.php as shown below. Note the from key in messageConfig property of the mail component. Check out the Module for more available options.
  2. Use provided example User model or implement required interfaces in existing User model. These are described in next chapter.

Example config (see Module.php file for full options reference):

$config = [
    // .........
	'aliases' => [
		'@nineinchnick/usr' => '@vendor/nineinchnick/yii2-usr',
	],
	'modules' => [
		'usr' => [
			'class' => 'nineinchnick\usr\Module',
		],
	],
	'components' => [
		'user' => [
			'identityClass' => 'app\models\User',
			'loginUrl' => ['usr/login'],
		],
		'mail' => [
			'class' => 'yii\swiftmailer\Mailer',
			'useFileTransport' => YII_DEBUG,
			'messageConfig' => [
				'from' => 'noreply@yoursite.com',
			],
		],
		// ..........
	],
]

Requirements for the identity (User) class are described in next chapter.

User interfaces

To be able to use all features of the Usr module, the identity (User) class must implement some or all of the following interfaces.

Editable

This interface allows to create new identities (register) and update existing ones.

Active/disabled and email verification

This interface allows:

Remember to invalidate the email if it changes in the save() method from the Editable interface.

Password history

This interface allows password reset with optional tracking of used passwords. This allows to detect expired passwords and avoid reusing old passwords by users.

See the ExpiredPasswordBehavior description below.

OAuth

This interface allows finding local identity associated with a remote one (from an external social site) and creating such associations.

One Time Password

This interface allow saving and retrieving a secret used to generate one time passwords. Also, last used password and counter used to generate last password are saved and retrieve to protect against reply attacks.

See the OneTimePasswordFormBehavior description below.

Profile Pictures

Allows users to upload a profile picture. The example identity uses Gravatar to provide a default picture.

Managable

Allows to manage users:

Custom login behaviors

The login action can be extended by attaching custom behaviors to the LoginForm. This is done by configuring the UsrModule.loginFormBehaviors property.

There are two such behaviors provided by yii-usr module:

ExpiredPasswordBehavior

Validates if current password has expired and forces the users to change it before logging in.

Options:

OneTimePasswordFormBehavior

Two step authentication using one time passwords.

Options:

Example usage

'loginFormBehaviors' => array(
    'expiredPasswordBehavior' => array(
        'class' => 'ExpiredPasswordBehavior',
        'passwordTimeout' => 10,
    ),
    'oneTimePasswordBehavior' => array(
        'class' => 'OneTimePasswordFormBehavior',
        'mode' => OneTimePasswordFormBehavior::OTP_TIME,
        'required' => true,
        'timeout' => 123,
    ),
    // ... other behaviors
),

User model example

A sample ExampleUser and ExampleUserUsedPassword models along with database migrations are provided respectively in the 'models' and 'migrations' folders.

They could be used as-is by extending from or copying to be modified to better suit a project.

To use the provided migrations it's best to copy them to your migrations directory and adjust the filenames and classnames to current date and time. Also, they could be modified to remove not needed features.

Diceware aka password generator

A simple implementation of a Diceware Passphrase generator is provided to aid users when they need to create a good, long but also easy to remember passphrase.

Install the nineinchnick/diceware composer package to use it.

Read more at the Diceware Passphrase homepage.

Usage scenarios

Varios scenarios can be created by enabling or disabling following features:

Implementing those scenarios require some logic outside the scope of this module.

Public site

Users can register by themselves. Their accounts are activated instantly or after verifying email.

Moderated site

Users can register, but to allow them to log in an administrator must activate their accounts manually, optionally assigning an authorization profile. Email verification is optional and activation could trigger an email notification.

License

MIT or BSD