Alexander Makarov
11 years ago
1 changed files with 72 additions and 0 deletions
@ -0,0 +1,72 @@
|
||||
Authentication |
||||
============== |
||||
|
||||
Authentication is basically what happens when one is trying to sign in. Typically login and passwords are read from |
||||
the form and then application checks if there's such user with such password. |
||||
|
||||
In Yii all this is done semi-automatically and what's left to developer is to implement [[\yii\web\IdentityInterface]]. |
||||
Typically it is being implemented in `User` model. You can find a full featured example in |
||||
[advanced application template](installation.md). Below only interface methods are listed: |
||||
|
||||
```php |
||||
class User extends ActiveRecord implements IdentityInterface |
||||
{ |
||||
// ... |
||||
|
||||
/** |
||||
* Finds an identity by the given ID. |
||||
* |
||||
* @param string|integer $id the ID to be looked for |
||||
* @return IdentityInterface|null the identity object that matches the given ID. |
||||
*/ |
||||
public static function findIdentity($id) |
||||
{ |
||||
return static::find($id); |
||||
} |
||||
|
||||
/** |
||||
* @return int|string current user ID |
||||
*/ |
||||
public function getId() |
||||
{ |
||||
return $this->id; |
||||
} |
||||
|
||||
/** |
||||
* @return string current user auth key |
||||
*/ |
||||
public function getAuthKey() |
||||
{ |
||||
return $this->auth_key; |
||||
} |
||||
|
||||
/** |
||||
* @param string $authKey |
||||
* @return boolean if auth key is valid for current user |
||||
*/ |
||||
public function validateAuthKey($authKey) |
||||
{ |
||||
return $this->getAuthKey() === $authKey; |
||||
} |
||||
} |
||||
``` |
||||
|
||||
First two methods are simple. `findIdentity` given ID returns model instance while `getId` returns ID itself. |
||||
`getAuthKey` and `validateAuthKey` are used to provide extra security to the "remember me" cookie. |
||||
`getAuthKey` should return a string that is unique for each user. A good idea is to save this value when user is |
||||
created using `Security::generateRandomKey()`: |
||||
|
||||
```php |
||||
public function beforeSave($insert) |
||||
{ |
||||
if (parent::beforeSave($insert)) { |
||||
if ($this->isNewRecord) { |
||||
$this->auth_key = Security::generateRandomKey(); |
||||
} |
||||
return true; |
||||
} |
||||
return false; |
||||
} |
||||
``` |
||||
|
||||
`validateAuthKey` just compares `$authKey` passed as parameter (got from cookie) with the value got from database. |
||||
Loading…
Reference in new issue