## Authentication## This is a small app to demonstrate user-managed authenticat

1. ## Authentication
2. ## This is a small app to demonstrate user-managed authentication using a hash to encode passwords.
3. ## Users are stored in a SQL database with passwords along with roles.
4. ## Once a user is logged in the shiny app responds to the user's role.
5. ## In order to use in a real setting, additional code for password management,
6. ## changing and resetting would need to be implemented.
7.  
8. library(shiny)
9. library(RSQLite)
10. library(sodium)
11.  
12. ## create the initial password database
13. ## This code should be run once to create the initial database of users, passwords and roles
14. ##
15. # db.pw <- data.frame(user = c('Augustin', 'Matt', 'Harvey'), role = c('Manager', 'User', 'User'), password = c('ABC', 'DEF', 'GHI'))
16. # db.pw$encrypt <- apply(db.pw, 1, function(x) password_store(x['password']))
17. # db = dbConnect(SQLite(), dbname = 'auth_hash.sqlite')
18. # dbSendQuery(db, 'CREATE TABLE pw (user TEXT, password TEXT, role TEXT)')
19. # apply(db.pw, 1, function(x) dbSendQuery(db, paste0('INSERT INTO pw VALUES("', x['user'], '", "', x['encrypt'], '", "', x['role'], '")')))
20. # dbDisconnect(db)
21.  
22. ## Connect to the database (may be a remote connection)
23. db = dbConnect(SQLite(), dbname = 'auth_hash.sqlite')
24.  
25. server <- function(input, output, session) {
26.  
27. ## Initialize - user is not logged in
28. user <- reactiveValues(login = FALSE, name = NULL, role = NULL, header = NULL)
29.  
30. ## Display login modal
31. observe({
32. showModal(modalDialog(
33. title = "Enter Login Details",
34. textInput('userInp', 'Login'),
35. passwordInput('pwInp', 'Password'),
36. actionButton('butLogin', 'Login', class = 'btn action-button btn-success', icon = icon('sign-in')),
37. size = 's',
38. easyClose = FALSE,
39. footer = NULL
40. ))
41. })
42.  
43. ## Check for user in database
44. observeEvent(input$butLogin, { ## login button pressed
45. req(input$userInp, input$pwInp) ## ensure we have inputs
46. removeModal() ## remove the modal
47. pw_out <- dbGetQuery(db, paste0('SELECT password FROM pw WHERE user = \"', input$userInp, '\"')) ## query database
48. if (nrow(pw_out) == 0) { ## user does not exist
49. user$login <- FALSE
50. user$header <- 'ERROR - UNKNOWN USER'
51. } else {
52. pw <- as.character(pw_out$password)[[1]] ## grab password from database
53. passwordVerified <- password_verify(pw, input$pwInp) ## check that it matches user input
54. if (passwordVerified) { ## match
55. user$login <- TRUE
56. user$name <- input$userInp
57. user$role <- db.pw[db.pw$user == input$userInp, 'role']
58. user$header <- paste0(user$name, ' (', user$role, ')')
59. } else { ## no match
60. user$login <- FALSE
61. user$header <- 'ERROR - INCORRECT PASSWORD'
62. }
63. }
64. })
65.  
66. ## close database on exit
67. session$onSessionEnded(function(){
68. dbDisconnect(db)
69. })
70.  
71. output$data <- renderUI({
72. h4(user$header)
73. })
74.  
75. output$myPlot <- renderPlot({
76. req(user$login)
77. if (user$role == 'Manager') { ## If manager role, display iris plot
78. plot(iris$Sepal.Length, iris$Sepal.Width)
79. } else { ## If user role, display mtcars plot
80. plot(mtcars$mpg, mtcars$cyl)
81. }
82. })
83.  
84. }
85.  
86. ui <- fluidPage(
87. uiOutput('data'),
88. plotOutput('myPlot')
89. )
90.  
91. shinyApp(ui = ui, server = server)