<em>Mac</em>Book项目 2009年学校开始实施<em>Mac</em>Book项目,所有师生配备一本<em>Mac</em>Book,并同步更新了校园无线网络。学校每周进行电脑技术更新,每月发送技术支持资料,极大改变了教学及学习方式。因此2011
2021-06-01 09:32:01
做專案的時候,使用者認證幾乎是必不可少的,如果我們的專案由於一些原因不得不使用 users 之外的使用者表進行認證,那麼就需要多做一點工作來完成這個功能。
現在假設我們只需要修改登入使用者的表,表名和表結構都與框架預設的表users不同,檔案沒有教我們如何去做,但是別慌,稍微看下框架實現使用者認證的原始碼就能輕鬆實現。
首先,自定義一張表用來登入,表結構和模擬資料如下:
表 admins
id | login_name | login_pass |
---|---|---|
1 | admin | 10$2MUhp7b6ghVOngb/.b/x6uuEW/yL3FqPKJztawrM0U577Clf07xda |
使用者認證相關的設定都儲存在config/auth.php檔案中,先來看看組態檔的內容:
<?php return [ /* |-------------------------------------------------------------------------- | Authentication Defaults |-------------------------------------------------------------------------- | | This option controls the default authentication "guard" and password | reset options for your application. You may change these defaults | as required, but they're a perfect start for most applications. | */ 'defaults' => [ 'guard' => 'web', 'passwords' => 'users', ], /* |-------------------------------------------------------------------------- | Authentication Guards |-------------------------------------------------------------------------- | | Next, you may define every authentication guard for your application. | Of course, a great default configuration has been defined for you | here which uses session storage and the Eloquent user provider. | | All authentication drivers have a user provider. This defines how the | users are actually retrieved out of your database or other storage | mechanisms used by this application to persist your user's data. | | Supported: "session", "token" | */ 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'passport', 'provider' => 'users', ], ], /* |-------------------------------------------------------------------------- | User Providers |-------------------------------------------------------------------------- | | All authentication drivers have a user provider. This defines how the | users are actually retrieved out of your database or other storage | mechanisms used by this application to persist your user's data. | | If you have multiple user tables or models you may configure multiple | sources which represent each model / table. These sources may then | be assigned to any extra authentication guards you have defined. | | Supported: "database", "eloquent" | */ 'providers' => [ 'users' => [ 'driver' => 'eloquent', 'model' => AppUser::class, ], // 'users' => [ // 'driver' => 'database', // 'table' => 'users', // ], ], /* |-------------------------------------------------------------------------- | Resetting Passwords |-------------------------------------------------------------------------- | | You may specify multiple password reset configurations if you have more | than one user table or model in the application and you want to have | separate password reset settings based on the specific user types. | | The expire time is the number of minutes that the reset token should be | considered valid. This security feature keeps tokens short-lived so | they have less time to be guessed. You may change this as needed. | */ 'passwords' => [ 'users' => [ 'provider' => 'users', 'table' => 'password_resets', 'expire' => 60, ], ], ];
預設使用的守衛是web,而web守衛使用的認證驅動是session,使用者提供器是users。假設我們的需求只是將使用者的提供器由users改為admins,那麼我們需要做兩步操作:
修改預設的使用者提供器,將provider=>'users'改為provider=>'admins'
'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], ],
設定admins提供器,假設依舊使用eloquent作為驅動,並建立好了admins表的模型
'providers' => [ 'admins' => [ 'driver' => 'eloquent', 'model' => AppAdmin::class ] ],
SessionGuard 中的attempt方法:
//IlluminateAuthSessionGuard public function attempt(array $credentials = [], $remember = false) { $this->fireAttemptEvent($credentials, $remember); $this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials); // If an implementation of UserInterface was returned, we'll ask the provider // to validate the user against the given credentials, and if they are in // fact valid we'll log the users into the application and return true. if ($this->hasValidCredentials($user, $credentials)) { $this->login($user, $remember); return true; } // If the authentication attempt fails we will fire an event so that the user // may be notified of any suspicious attempts to access their account from // an unrecognized user. A developer may listen to this event as needed. $this->fireFailedEvent($user, $credentials); return false; }
該方法中呼叫 UserProvider 介面的retrieveByCredentials方法檢索使用者,根據我們的設定,UserProvider介面的具體實現應該是EloquentUserProvider,因此,我們定位到EloquentUserProvider的retrieveByCredentials方法:
//IlluminateAuthEloquentUserProvider public function retrieveByCredentials(array $credentials) { if (empty($credentials) || (count($credentials) === 1 && array_key_exists('password', $credentials))) { return; } // First we will add each credential element to the query as a where clause. // Then we can execute the query and, if we found a user, return it in a // Eloquent User "model" that will be utilized by the Guard instances. $query = $this->createModel()->newQuery(); foreach ($credentials as $key => $value) { if (Str::contains($key, 'password')) { continue; } if (is_array($value) || $value instanceof Arrayable) { $query->whereIn($key, $value); } else { $query->where($key, $value); } } return $query->first(); }
該方法會使用傳入的引數(不包含password)到我們設定的資料表中搜尋資料,查詢到符合條件的資料之後返回對應的使用者資訊,然後attempt方法會進行密碼校驗,校驗密碼的方法為:
//IlluminateAuthSessionGuard /** * Determine if the user matches the credentials. * * @param mixed $user * @param array $credentials * @return bool */ protected function hasValidCredentials($user, $credentials) { return ! is_null($user) && $this->provider->validateCredentials($user, $credentials); }
進一步檢視EloquentUserProvider中的validateCredentials方法
//IlluminateAuthEloquentUserProvider public function validateCredentials(UserContract $user, array $credentials) { $plain = $credentials['password']; return $this->hasher->check($plain, $user->getAuthPassword()); }
通過validateCredentials可以看出,提交的認證資料中密碼欄位名必須是password,這個無法自定義。同時可以看到,入參$user必須實現IlluminateContractsAuthAuthenticatable介面(UserContract是別名)。
Admin模型必須實現IlluminateContractsAuthAuthenticatable介面,可以借鑑一下User模型,讓Admin直接繼承IlluminateFoundationAuthUser 就可以,然後重寫getAuthPassword方法,正確獲取密碼欄位:
// AppAdmin public function getAuthPassword() { return $this->login_pass; }
不出意外的話,這個時候就能使用admins表進行登入了。
Larval 5.4的預設Auth登陸傳入郵件和使用者密碼到attempt 方法來認證,通過email 的值獲取,如果使用者被找到,經雜湊運算後儲存在資料中的password將會和傳遞過來的經雜湊運算處理的passwrod值進行比較。如果兩個經雜湊運算的密碼相匹配那麼將會為這個使用者開啟一個認證Session。
參考上面的分析,我們就需要對EloquentUserProvider中的validateCredentials方法進行重寫,步驟如下
1. 修改 AppModelsUser.php 新增如下程式碼
public function getAuthPassword() { return ['password' => $this->attributes['password'], 'salt' => $this->attributes['salt']]; }
2. 建立一個自己的UserProvider.php 的實現
<?php namespace AppFoundationAuth; use IlluminateAuthEloquentUserProvider; use IlluminateContractsAuthAuthenticatable; use IlluminateSupportStr; /** * 重寫使用者密碼校驗邏輯 * Class GfzxEloquentUserProvider * @package AppFoundationAuth */ class GfzxEloquentUserProvider extends EloquentUserProvider { /** * Validate a user against the given credentials. * * @param IlluminateContractsAuthAuthenticatable $user * @param array $credentials * @return bool */ public function validateCredentials(Authenticatable $user, array $credentials) { $plain = $credentials['password']; $authPassword = $user->getAuthPassword(); return md5($plain . $authPassword['salt']) == $authPassword['password']; } }
3. 將User Providers換成我們自己的GfzxEloquentUserProvider
修改 app/Providers/AuthServiceProvider.php
<?php namespace AppProviders; use AppFoundationAuthGfzxEloquentUserProvider; use Auth; use IlluminateSupportFacadesGate; use IlluminateFoundationSupportProvidersAuthServiceProvider as ServiceProvider; class AuthServiceProvider extends ServiceProvider { . . . /** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); Auth::provider('gfzx-eloquent', function ($app, $config) { return new GfzxEloquentUserProvider($this->app['hash'], $config['model']); }); } }
4. 修改 config/auth.php
'providers' => [ 'users' => [ 'driver' => 'gfzx-eloquent', 'model' => AppModelsUser::class, ], ],
這是就可以用過salt+passwrod的方式密碼認證了
到此這篇關於laravel修改使用者模組的密碼驗證實現的文章就介紹到這了,更多相關laravel修改使用者模組的密碼驗證內容請搜尋it145.com以前的文章或繼續瀏覽下面的相關文章希望大家以後多多支援it145.com!
相關文章
<em>Mac</em>Book项目 2009年学校开始实施<em>Mac</em>Book项目,所有师生配备一本<em>Mac</em>Book,并同步更新了校园无线网络。学校每周进行电脑技术更新,每月发送技术支持资料,极大改变了教学及学习方式。因此2011
2021-06-01 09:32:01
综合看Anker超能充系列的性价比很高,并且与不仅和iPhone12/苹果<em>Mac</em>Book很配,而且适合多设备充电需求的日常使用或差旅场景,不管是安卓还是Switch同样也能用得上它,希望这次分享能给准备购入充电器的小伙伴们有所
2021-06-01 09:31:42
除了L4WUDU与吴亦凡已经多次共事,成为了明面上的厂牌成员,吴亦凡还曾带领20XXCLUB全队参加2020年的一场音乐节,这也是20XXCLUB首次全员合照,王嗣尧Turbo、陈彦希Regi、<em>Mac</em> Ova Seas、林渝植等人全部出场。然而让
2021-06-01 09:31:34
目前应用IPFS的机构:1 谷歌<em>浏览器</em>支持IPFS分布式协议 2 万维网 (历史档案博物馆)数据库 3 火狐<em>浏览器</em>支持 IPFS分布式协议 4 EOS 等数字货币数据存储 5 美国国会图书馆,历史资料永久保存在 IPFS 6 加
2021-06-01 09:31:24
开拓者的车机是兼容苹果和<em>安卓</em>,虽然我不怎么用,但确实兼顾了我家人的很多需求:副驾的门板还配有解锁开关,有的时候老婆开车,下车的时候偶尔会忘记解锁,我在副驾驶可以自己开门:第二排设计很好,不仅配置了一个很大的
2021-06-01 09:30:48
不仅是<em>安卓</em>手机,苹果手机的降价力度也是前所未有了,iPhone12也“跳水价”了,发布价是6799元,如今已经跌至5308元,降价幅度超过1400元,最新定价确认了。iPhone12是苹果首款5G手机,同时也是全球首款5nm芯片的智能机,它
2021-06-01 09:30:45