R: Secure a Shiny application and manage authentication

secure-app {shinymanager}

R Documentation

Secure a Shiny application and manage authentication

Description

Secure a Shiny application and manage authentication

Usage

secure_app(
  ui,
  ...,
  enable_admin = FALSE,
  head_auth = NULL,
  theme = NULL,
  language = "en",
  fab_position = "bottom-right"
)

secure_server(
  check_credentials,
  timeout = 15,
  inputs_list = NULL,
  max_users = NULL,
  fileEncoding = "",
  keep_token = FALSE,
  validate_pwd = NULL,
  session = shiny::getDefaultReactiveDomain()
)

Arguments

`ui`	UI of the application.
`...`	Arguments passed to `auth_ui`.
`enable_admin`	Enable or not access to admin mode, note that admin mode is only available when using SQLite backend for credentials.
`head_auth`	Tag or list of tags to use in the `<head>` of the authentication page (for custom CSS for example).
`theme`	Alternative Bootstrap stylesheet, default is to use `readable`, you can use themes provided by `shinythemes`. It will affect the authentication panel and the admin page.
`language`	Language to use for labels, supported values are : "en", "fr", "pt-BR", "es", "de", "pl".
`fab_position`	Position for the FAB button, see `fab_button` for options.
`check_credentials`	Function passed to `auth_server`.
`timeout`	Timeout session (minutes) before logout if sleeping. Defaut to 15. 0 to disable.
`inputs_list`	`list`. If database credentials, you can configure inputs for editing users information. See Details.
`max_users`	`integer`. If not NULL, maximum of users in sql credentials.
`fileEncoding`	character string: Encoding of logs downloaded file. See `write.table`
`keep_token`	Logical, keep the token used to authenticate in the URL, it allow to refresh the application in the browser, but careful the token can be shared between users ! Default to `FALSE`.
`validate_pwd`	A `function` to validate the password enter by the user. Default is to check for the password to have at least one number, one lowercase, one uppercase and be of length 6 at least.
`session`	Shiny session.

Details

If database credentials, you can configure inputs with inputs_list for editing users information from the admin console. start, expire, admin and password are not configurable. The others columns are rendering by defaut using a textInput. You can modify this using inputs_list. inputs_list must be a named list. Each name must be a column name, and then we must have the function shiny to call fun and the arguments args like this : list(group = list( fun = "selectInput", args = list( choices = c("all", "restricted"), multiple = TRUE, selected = c("all", "restricted") ) ) )

You can specify if you want to allow downloading users file, sqlite database and logs from within the admin panel by invoking options("shinymanager.download"). It defaults to c("db", "logs", "users"), that allows downloading all. You can specify options("shinymanager.download" = "db" if you want allow admin to download only sqlite database, options("shinymanager.download" = "logs") to allow logs download or options("shinymanager.download" = "") to disable all.

Using options("shinymanager.pwd_validity"), you can set password validity period. It defaults to Inf. You can specify for example options("shinymanager.pwd_validity" = 90) if you want to force user changing password each 90 days.

Using options("shinymanager.pwd_failure_limit"), you can set password failure limit. It defaults to Inf. You can specify for example options("shinymanager.pwd_failure_limit" = 5) if you want to lock user account after 5 wrong password.

Value

A reactiveValues containing informations about the user connected.

Note

A special input value will be accessible server-side with input$shinymanager_where to know in which step user is : authentication, application, admin or password.

Examples

if (interactive()) {

  # define some credentials
  credentials <- data.frame(
    user = c("shiny", "shinymanager"),
    password = c("azerty", "12345"),
    stringsAsFactors = FALSE
  )

  library(shiny)
  library(shinymanager)

  ui <- fluidPage(
    tags$h2("My secure application"),
    verbatimTextOutput("auth_output")
  )

  # Wrap your UI with secure_app
  ui <- secure_app(ui, choose_language = TRUE)

  # change auth ui background ?
  # ui <- secure_app(ui,
  #                  background  = "linear-gradient(rgba(0, 0, 255, 0.5), 
  #                  rgba(255, 255, 0, 0.5)),
  #                  url('https://www.r-project.org/logo/Rlogo.png')  no-repeat center fixed;")

  server <- function(input, output, session) {

    # call the server part
    # check_credentials returns a function to authenticate users
    res_auth <- secure_server(
      check_credentials = check_credentials(credentials)
    )

    output$auth_output <- renderPrint({
      reactiveValuesToList(res_auth)
    })

    observe({
      print(input$shinymanager_where)
      print(input$shinymanager_language)
    })
    
    # your classic server logic

  }

  shinyApp(ui, server)

}

[Package shinymanager version 1.0.410 Index]