Annajwaszahro
/
MIF_E31222691
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

simplified hashing. re-worked the auth class for a little more flexibility.

This commit is contained in:
Taylor Otwell 2011-09-11 22:44:01 -05:00
parent 7f2e1e9ca0
commit 9db8e1bb6c
4 changed files with 67 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
application/config/auth.php
View File

@ -4,41 +4,61 @@
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Retrieve Users By ID | Retrieve The Current User
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| This method is called by the Auth::user() method when attempting to | This closure is called by the Auth::user() method when attempting to
| retrieve a user by their user ID, such as when retrieving a user by the | retrieve a user by their ID stored in the session.
| user ID stored in the session.
| |
| You are free to change this method for your application however you wish. | Simply return an object representing the user with the given ID. Or, if
| no user with the given ID is registered to use your application, you do
| not need to return anything.
|
| Of course, a simple, elegant authentication solution is already provided
| for you using Eloquent and the default Laravel hashing engine.
| |
*/ */
'by_id' => function($id) 'user' => function($id)
{ {
return User::find($id); if ( ! is_null($id)) return User::find($id);
}, },
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Retrieve Users By Username | Authenticate User Credentials
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| This method is called by the Auth::check() method when attempting to | This closure is called by the Auth::attempt() method when attempting to
| retrieve a user by their username, such as when checking credentials | authenticate a user that is logging into your application.
| received from a login form.
| |
| You are free to change this method for your application however you wish. | If the provided credentials are correct, simply return an object that
| represents the user being authenticated. If the credentials are not
| valid, don't return anything.
| |
| Note: This method must return an object that has "id" and "password" | Note: If a user object is returned, it must have an "id" property.
| properties. The type of object returned does not matter.
| |
*/ */
'by_username' => function($username) 'attempt' => function($username, $password)
{ {
return User::where_email($username)->first(); if ( ! is_null($user = User::where('email', '=', $username)->first()))
{
if (Hasher::check($password, $user->password)) return $user;
}
}, },
/*
|--------------------------------------------------------------------------
| Logout
|--------------------------------------------------------------------------
|
| Here you may do anything that needs to be done when a user logs out of
| your application, such as call the logout method on a third-party API
| you are using for authentication, or anything else you desire.
|
*/
'logout' => function($id) {}
); );

4
laravel/config/container.php
View File

@ -14,9 +14,9 @@
}), }),
'laravel.auth' => array('resolver' => function($container) 'laravel.auth' => array('singleton' => true, 'resolver' => function($container)
{ {
return new Security\Authenticator($container->resolve('laravel.session'), $container->resolve('laravel.hasher')); return new Security\Authenticator($container->resolve('laravel.config'), $container->resolve('laravel.session'));
}), }),

79
laravel/security/authenticator.php
View File

@ -1,6 +1,5 @@
<?php namespace Laravel\Security; <?php namespace Laravel\Security;
use Laravel\IoC;
use Laravel\Session\Driver; use Laravel\Session\Driver;
class Authenticator { class Authenticator {
@ -8,14 +7,9 @@ class Authenticator {
/** /**
* The current user of the application. * The current user of the application.
* *
* If no user is logged in, this will be NULL. Otherwise, it will contain the result
* of the "by_id" closure in the authentication configuration file.
*
* Typically, the user should be accessed via the "user" method.
*
* @var object * @var object
*/ */
public $user; protected $user;
/** /**
* The session driver being used by the Auth instance. * The session driver being used by the Auth instance.
@ -25,30 +19,23 @@ class Authenticator {
protected $session; protected $session;
/** /**
* The hashing engine that should be used to perform hashing. * The configuration manager instance.
* *
* @var Hashing\Engine * @var Config
*/ */
protected $hasher; protected $engine;
/** /**
* The key used to store the user ID in the session. * Create a new authenticator instance.
* *
* @var string * @param Config $config
*/ * @param Session\Driver $session
protected static $key = 'laravel_user_id';
/**
* Create a new Auth class instance.
*
* @param Session\Driver $driver
* @param Hashing\Engine $hasher
* @return void * @return void
*/ */
public function __construct(Driver $driver, Hashing\Engine $hasher) public function __construct(Config $config, Driver $session)
{ {
$this->hasher = $hasher; $this->config = $config;
$this->session = $driver; $this->session = $session;
} }
/** /**
@ -64,58 +51,43 @@ public function check()
/** /**
* Get the current user of the application. * Get the current user of the application.
* *
* To retrieve the user, the user ID stored in the session will be passed to * If the current user is not authenticated, NULL will be returned.
* the "by_id" closure in the authentication configuration file. The result
* of the closure will be cached and returned.
* *
* @return object * @return object
*/ */
public function user() public function user()
{ {
if (is_null($this->user) and $this->session->has(static::$key)) if ( ! is_null($this->user)) return $this->user;
{
$this->user = call_user_func(Config::get('auth.by_id'), $this->session->get(static::$key));
}
return $this->user; return $this->user = call_user_func($this->config->get('auth.user'), $this->session->get('laravel_user_id'));
} }
/** /**
* Attempt to log a user into your application. * Attempt to log a user into the application.
* *
* If the user credentials are valid. The user's ID will be stored in the session and the * If the given credentials are valid, the user will be considered logged into the
* user will be considered "logged in" on subsequent requests to the application. * application and their user ID will be stored in the session data.
*
* The password passed to the method should be plain text, as it will be hashed
* by the Hash class when authenticating.
* *
* @param string $username * @param string $username
* @param string $password * @param string $password
* @return bool * @return bool
*/ */
public function login($username, $password) public function attempt($username, $password = null)
{ {
if ( ! is_null($user = call_user_func(Config::get('auth.by_username'), $username))) if ( ! is_null($user = call_user_func($this->config->get('auth.attempt'), $username, $password)))
{
if ($this->hasher->check($password, $user->password))
{ {
$this->remember($user); $this->remember($user);
return true; return true;
} }
}
return false; return false;
} }
/** /**
* Log a user into your application. * Log a user into the application.
* *
* The user's ID will be stored in the session and the user will be considered * The user ID will be stored in the session so it is available on subsequent requests.
* "logged in" on subsequent requests to your application. This method is called
* by the login method after determining a user's credentials are valid.
*
* Note: The user given to this method should be an object having an "id" property.
* *
* @param object $user * @param object $user
* @return void * @return void
@ -124,22 +96,21 @@ public function remember($user)
{ {
$this->user = $user; $this->user = $user;
$this->session->put(static::$key, $user->id); $this->session->put('laravel_user_id', $user->id);
} }
/** /**
* Log the user out of your application. * Log the current user out of the application.
*
* The user ID will be removed from the session and the user will no longer
* be considered logged in on subsequent requests to your application.
* *
* @return void * @return void
*/ */
public function logout() public function logout()
{ {
call_user_func($this->config->get('auth.logout'), $this->user()->id);
$this->user = null; $this->user = null;
$this->session->forget(static::$key); $this->session->forget('laravel_user_id');
} }
} }

39
laravel/security/hashing/hasher.php
View File

@ -1,39 +0,0 @@
<?php namespace Laravel\Security\Hashing;
class Hasher {
/**
* The hashing engine being used to perform the hashing.
*
* @var Hash\Engine
*/
protected $engine;
/**
* Create a new Hasher instance.
*
* @param Engine $engine
* @return void
*/
public function __construct(Engine $engine)
{
$this->engine = $engine
}
/**
* Magic Method for delegating method calls to the hashing engine.
*/
public function __call($method, $parameters)
{
return call_user_func_array(array($this->engine, $method), $parameters);
}
/**
* Magic Method for performing methods on the default hashing engine.
*/
public static function __callStatic($method, $parameters)
{
return call_user_func_array(array(static::make()->engine, $method), $parameters);
}
}