From 1b057c2854f81e61f729fec7e5b51ab7dc8bb016 Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Sun, 9 Oct 2011 23:41:58 -0500 Subject: [PATCH] continuing to refactor auth remembrance. --- application/config/auth.php | 21 ++++++++++++++++++-- laravel/security/auth.php | 38 +++++++++++++++++++++++++++++-------- 2 files changed, 49 insertions(+), 10 deletions(-) diff --git a/application/config/auth.php b/application/config/auth.php index b7214551..67aaf41a 100644 --- a/application/config/auth.php +++ b/application/config/auth.php @@ -2,6 +2,23 @@ return array( + /* + |-------------------------------------------------------------------------- + | Authentication Username + |-------------------------------------------------------------------------- + | + } This option should be set to the "username" property of your users. + | Typically, this will be set to "email" or "username". + | + | The value of this property will be used by the "attempt" closure when + | searching for users by their username. It will also be used when the + | user is set to be "remembered", as the username is embedded into the + | encrypted cookie and is used to verify the user's identity. + | + */ + + 'username' => 'email', + /* |-------------------------------------------------------------------------- | Retrieve The Current User @@ -43,9 +60,9 @@ | */ - 'attempt' => function($username, $password) + 'attempt' => function($username, $password, $config) { - if ( ! is_null($user = User::where('email', '=', $username)->first())) + if ( ! is_null($user = User::where($config['username'], '=', $username)->first())) { if (Hasher::check($password, $user->password)) return $user; } diff --git a/laravel/security/auth.php b/laravel/security/auth.php index 6b114041..abeb5c72 100644 --- a/laravel/security/auth.php +++ b/laravel/security/auth.php @@ -65,18 +65,38 @@ public static function user() // cookie value by the "remember" method. if (is_null(static::$user) and ! is_null($cookie = Cookie::get(Auth::remember_key))) { - // The decrypted value of the remember cookie should look like {id}|{random}. - // We will extract out the ID and pass it to the "user" closure to attempt - // to login the user. If a user is returned, their ID will be stored in - // the session like normal and they will be considered logged in. - $id = substr(Crypter::decrypt($cookie), 0, strpos($cookie, '|')); - - if ( ! is_null($user = call_user_func(Config::get('auth.user'), $id))) static::login($user); + static::$user = static::recall($cookie); } return static::$user; } + /** + * Attempt to login a user based on a long-lived "remember me" cookie. + * + * @param string $cookie + * @return mixed + */ + protected static function recall($cookie) + { + // The decrypted value of the remember cookie contains the ID and username. + // We will extract them out and pass the ID to the "user" closure to attempt + // to login the user. If a user is returned, their ID will be stored in + // the session like normal and the user will be considered logged in. + $cookie = explode('|', $cookie); + + if (count($cookie) < 2) return; + + list($id, $username) = array($cookie[0], $cookie[1]); + + if ( ! is_null($user = call_user_func(Config::get('auth.user'), $id)) and $user->{Config::get('auth.username')} === $username) + { + static::login($user); + } + + return $user; + } + /** * Attempt to log a user into the application. * @@ -95,7 +115,9 @@ public static function user() */ public static function attempt($username, $password = null, $remember = false) { - if ( ! is_null($user = call_user_func(Config::get('auth.attempt'), $username, $password))) + $config = Config::get('auth'); + + if ( ! is_null($user = call_user_func($config['attempt'], $username, $password, $config))) { static::login($user, $remember);