Authentication

Introduction

All the classes of the Auth system live in the namespace Auth and is implemented as a reference structure for User Authentication in the \App\ namespace.

To note that additional Route Filters are also added to support this reference implementation, and the proper configuration of a valid ENCRYPT_KEY is required.

Being a Users Management, a Database is required and in scripts/nova_users.sql you will find the associated MySQL dump for a users table.

The App\Controllers\Users also implements a small private area for the authenticated User. The private area is a simple Dashboard and a Profile page, where the users have the ability to change their password.

Important: Nova's Authentication uses the new Database API and not the Helpers\Database. If you choose to use the Nova Authentication, you would need to use the new Database API in the whole application and to not touch the Helpers\Database instances.

Configuration

Nova aims to make implementing authentication very simple. In fact, almost everything is configured for you out of the box. The authentication configuration file is located at app/Config/Auth.php, which contains several well documented options for tweaking the behavior of the authentication facilities.

By default, Nova includes a User model in your app/Models directory which may be used with the default extended authentication driver, which uses Database\ORM.

If your application is not using ORM, you may use the database authentication driver which uses the Nova query builder.

Storing Passwords

The Nova Hash class provides secure Bcrypt hashing:

Hashing A Password Using Bcrypt

$password = Hash::make('secret');

Verifying A Password Against A Hash

if (Hash::check('secret', $hashedPassword))
{
// The passwords match...
}

Checking If A Password Needs To Be Rehashed

if (Hash::needsRehash($hashed))
{
$hashed = Hash::make('secret');
}

Authenticating Users

To log a user into your application, you may use the Auth::attempt method.

if (Auth::attempt(array('email' => $email, 'password' => $password)))
{
// User is authenticated there.
}

Take note that email is not a required option, it is merely used for an example. You should use whatever column name corresponds to a "username" in your database. The Redirect::intended function will redirect the user to the URL they were trying to access before being caught by the authentication filter. A fallback URI may be given to this method in case the intended destination is not available.

When the attempt method is called, the auth.attempt event will be fired. If the authentication attempt is successful and the user is logged in, the auth.login event will be fired as well.

Determining If A User Is Authenticated

To determine if the user is already logged into your application, you may use the check method:

if (Auth::check())
{
// The user is logged in...
}

Authenticating A User And "Remembering" Them

If you would like to provide "remember me" functionality in your application, you may pass true as the second argument to the attempt method, which will keep the user authenticated indefinitely (or until they manually logout). Of course, your users table must include the string remember_token column, which will be used to store the "remember me" token.

if (Auth::attempt(array('email' => $email, 'password' => $password), true))
{
// The user is being remembered...
}

Note: If the attempt method returns true, the user is considered logged into the application.

Determining If User Authed Via Remember

If you are "remembering" user logins, you may use the viaRemember method to determine if the user was authenticated using the "remember me" cookie:

if (Auth::viaRemember())
{
//
}

Authenticating A User With Conditions

You also may add extra conditions to the authenticating query:

if (Auth::attempt(array('email' => $email, 'password' => $password, 'active' => 1)))
{
// The user is active, not suspended, and exists.
}

Note: For added protection against session fixation, the user's session ID will automatically be regenerated after authenticating.

Accessing The Logged In User

Once a user is authenticated, you may access the User model / record:

$email = Auth::user()->email;

To retrieve the authenticated user's ID, you may use the id method:

$id = Auth::id();

To simply log a user into the application by their ID, use the loginUsingId method:

Auth::loginUsingId(1);

Validating User Credentials Without Login

The validate method allows you to validate a user's credentials without actually logging them into the application:

if (Auth::validate($credentials))
{
//
}

Logging A User In For A Single Request

You may also use the once method to log a user into the application for a single request. No sessions or cookies will be utilized.

if (Auth::once($credentials))
{
//
}

Logging A User Out Of The Application

Auth::logout();

Basic Usage

    public function postLogin()
{
// Retrieve the Authentication credentials.
$credentials = Input::only('username', 'password'); // Prepare the 'remember' parameter.
$remember = (Input::get('remember') == 'on'); // Make an attempt to login the Guest with the given credentials.
if(! Auth::attempt($credentials, $remember)) {
// An error has happened on authentication.
$status = __d('users', 'Wrong username or password.'); return Redirect::back()->withStatus($status, 'danger');
} // The User is authenticated now; retrieve his Model instance.
$user = Auth::user(); if (Hash::needsRehash($user->password)) {
$password = $credentials['password']; $user->password = Hash::make($password); // Save the User Model instance - used with the Extended Auth Driver.
$user->save(); // Save the User Model instance - used with the Database Auth Driver.
//$this->model->updateGenericUser($user);
} if($user->active == 0) {
Auth::logout(); // User not activated; logout and redirect him back.
$status = __d('users', 'There is a problem. Have you activated your Account?'); return Redirect::back()->withStatus($status, 'warning');
} // Prepare the flash message.
$status = __d('users', '<b>{0}</b>, you have successfully logged in.', $user->username); // Redirect to the User's Dashboard.
return Redirect::to('admin/dashboard')->withStatus($status);
}

Authentication的更多相关文章

  1. WCF : 修复 Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service 问题

    摘要 : 最近遇到了一个奇怪的 WCF 安全配置问题, WCF Service 上面配置了Windows Authentication. IIS上也启用了 Windows Authentication ...

  2. Atitit HTTP 认证机制基本验证 (Basic Authentication) 和摘要验证 (Digest Authentication)attilax总结

    Atitit HTTP认证机制基本验证 (Basic Authentication) 和摘要验证 (Digest Authentication)attilax总结 1.1. 最广泛使用的是基本验证 ( ...

  3. [转]Web APi之认证(Authentication)及授权(Authorization)【一】(十二)

    本文转自:http://www.cnblogs.com/CreateMyself/p/4856133.html 前言 无论是ASP.NET MVC还是Web API框架,在从请求到响应这一过程中对于请 ...

  4. smtplib.SMTPAuthenticationError: (535, b'Error: authentication failed')解决办法

    raise SMTPAuthenticationError(code, resp) smtplib.SMTPAuthenticationError: (535, b'Error: authentica ...

  5. SharePoint Claim base authentication EnsureUser 不带claim(i:0#.w|)user Failed

    环境信息: 带有Form base authentication(FBA).Active Directory Federation Services(ADFS).以及windows Authentic ...

  6. 执行ssh-add时出现Could not open a connection to your authentication agent

    若执行ssh-add /path/to/xxx.pem是出现这个错误:Could not open a connection to your authentication agent,则先执行如下命令 ...

  7. Google Authentication的实现 - Odoo 安全登录

    在前边的一篇文章中,我们提到了利用二次验证增强Odoo登录的可靠性:http://www.cnblogs.com/kfx2007/p/6023991.html 今天我们来具体实现这一步: 后端的实现 ...

  8. Form authentication(表单认证)问题

    前言 最近在做ASP.NET MVC中表单认证时出了一些问题,特此记录. 问题 进行表单认证时,在 PostAuthenticateRequest 事件中从Cookie值中解密票据.如下: prote ...

  9. Web APi之认证(Authentication)及授权(Authorization)【一】(十二)

    前言 无论是ASP.NET MVC还是Web API框架,在从请求到响应这一过程中对于请求信息的认证以及认证成功过后对于访问页面的授权是极其重要的,用两节来重点来讲述这二者,这一节首先讲述一下关于这二 ...

  10. 【记录】ASP.NET MVC 4/5 Authentication 身份验证无效

    在 ASP.NET MVC 4/5 应用程序发布的时候,遇到一个问题,在本应用程序中进行身份验证是可以,但不能和其他"二级域名"共享,在其他应用程序身份验证,不能和本应用程序共享, ...

随机推荐

  1. 访问WEB-INF目录中的JSP文件

    方法1:本来WEB-INF中的jsp就是无法通过地址栏访问的.所以安全.如果说你要访问这个文件夹中的jsp文件需要在项目的web.xml文件中去配置servlet格式差不多的配置就ok了.如下: 访问 ...

  2. e2e 自动化集成测试 架构 实例 WebStorm Node.js Mocha WebDriverIO Selenium Step by step (四) Q 反回调

    上一篇文章“e2e 自动化集成测试 架构 京东 商品搜索 实例 WebStorm Node.js Mocha WebDriverIO Selenium Step by step (三) SqlServ ...

  3. uvalive 4728 Squares

    题意:求所有正方形中两点距离最大值的平方值. 思路:旋转卡壳法. 分别用数组和vector存凸包时,旋转卡壳代码有所不同. #include<cstdio> #include<cma ...

  4. C#调用C++ DLL类方法(转)

    http://hi.baidu.com/game_dev/item/ba29ecf67bd5f6cf521c26fc

  5. openstack api

    1,Identity service generates authentication tokens that permit access to the openstack service REST ...

  6. 【现代程序设计】【Homework-01】

    1维的最大子数组之和 对于1维的最大子数组之和 假设f[i]表示:对于1..i这个序列中,包含i这个元素的最大序列的值 则对于f[i],0<i<=n; 应该有 f[i]=max(a[i], ...

  7. nyoj 811 变态最大值

    变态最大值 时间限制:1000 ms  |  内存限制:65535 KB 难度:1   描述 Yougth讲课的时候考察了一下求三个数最大值这个问题,没想到大家掌握的这么烂,幸好在他的帮助下大家算是解 ...

  8. mssql存储过程demo

    ALTER PROCEDURE [dbo].[sp_get_saleData]ASBEGIN set nocount on -- 获取最近上传数据的时间戳 declare @dd datetime s ...

  9. vs2015中升级Nuget后,找不到Umbraco安装包问题

    打开VS2015, Tools=>Extensions and Updates=> Updates => Visual Studio Gallery   在这里check一下是否有N ...

  10. KEEPALIVED 检测RS原理

    keepalived管理的的ipvs功能支持对后端节点真实服务器的健康检查 一般常用的方式包括tcp_check 和http_get(更准确) tcp_check 原理就是对真实服务器进行ip+端口的 ...