RESTful 服务 - 使用 Phil Sturgeon Rest Server:使用用户名和密码验证用户的逻辑/功能? [英] RESTful service - using Phil Sturgeon Rest Server : Logic / function for validating the users with their username and password?
问题描述
我正在使用 Phil Sturgeon Rest Server 编写一个简单的 RESTful 服务.任何人都可以为我提供使用用户名和密码登录的解决方案.我无需登录即可获得所有 json 响应.
问题 1 : $config['rest_auth'] = 'basic';
遇到错误
配置文件ldap.php不存在.
同样的情况发生在 $config['rest_auth'] = 'digest';
我之前没有使用过ldap",除了一些基本信息之外,不知道它是如何工作的.那么你能告诉我这个错误的原因是什么吗?
<块引用>尝试过的解决方案
我将 $config['auth_source'] = 'ldap'; 的值改为 $config['auth_source'] = ''; ,现在 REST 登录用户名适用于 basic 和 digest ,即;
$config['rest_auth'] = 'basic'; 或 $config['rest_auth'] = 'digest';.
$config['rest_valid_logins'] = ['admin' =>'1234','sudheesh'='test'];<块引用>
主要问题:无法使用会话进行身份验证
尝试了 Phil Sturgeon 评论的笔记,即;
<块引用>注意:如果rest_auth"设置为session",则将auth_source"更改为会话变量的名称
会话是如何在 MODEL 中创建的,在这里:
if ($query->num_rows() == 1) {//如果有用户,则创建会话数据$row = $query->row();$数据=数组('id' =>$row->id,'名称' =>$row->full_name,'电子邮件' =>$row->电子邮件,'电话' =>$row->phone,'acc_status' =>$row->rec_status,'验证' =>真的);$this->session->set_userdata($data);//$this->session->set_authkey('1e957ebc35631ab22d5bd6526bd14ea2');//print_r($data);返回 $data;问题是:如何将auth_source"更改为会话变量的名称,
<块引用>现在是 $config['auth_source'] = ''
我是否必须将其更改为:$config['validated'] ,如果我这样做无法获得访问权限,我已阅读 此处:
如果您将此库绑定到客户端的 AJAX 端点使用 PHP 会话进行身份验证,那么您可能不喜欢其中任何一个摘要也不是基本的身份验证方法.在这种情况下,你可以告诉REST 库要检查的 PHP 会话变量.如果变量存在,则用户被授权.这将取决于你应用程序来设置该变量.您可以在中定义变量$config['auth_source'].然后告诉库使用 php 会话通过将 $config['rest_auth'] 设置为 session 来改变变量.
有什么建议吗?
问题 2:如何向具有有效用户名和密码的用户授予 API 访问权限?
<块引用>谁能向我提供有关如何实现此功能的功能或详细信息?
其他疑问:
<块引用>$config['rest_valid_logins'] = ['admin' =>'1234'];
此REST 登录用户名"的说明表明,如果配置了 ldap,则将忽略此项.
问题:如何在不配置 LDAP 的情况下使用此用户名和密码数组进行登录.
<块引用>REST 登录类和函数
这表示,如果使用库身份验证,请定义类和函数名称.该函数应该接受两个参数:class->function($username, $password).在其他情况下,覆盖控制器中的函数 _perform_library_auth.
对于摘要身份验证,库函数应该返回已经存储的该用户名的 md5(username:restrealm:password).
例如:md5('admin:REST API:1234') = '1e957ebc35631ab22d5bd6526bd14ea2'
$config['auth_library_class'] = '';$config['auth_library_function'] = '';问题:我可以使用它来允许具有有效用户名和密码的用户访问 API 吗?如果是,您是否已经编写了任何函数来帮助解决这种情况,我们将不胜感激.非常感谢你 .如果您知道我的任何问题的答案,请帮助.再次感谢.
与其试图解决 Sudheesh 提出的每个问题,我想提出一个替代解决方案.
免责声明:这是一个商业 Joomla 插件,所以在继续之前请记住这一点...
经历了和你一样的挑战,我最终为 Joomla 构建了一个 RESTful API 框架,由 Slim PHP 微框架提供支持.这让我能够利用 Slim 的所有功能,包括它符合标准的路由架构、请求类型处理等等.这也解决了处理认证、访问控制、内容管理、数据库访问等问题,因为它运行在Joomla CMS &平台框架.
该解决方案提供了您正在寻找的内容,可通过插件轻松扩展,并且建立在已经流行且支持良好的 RESTful API 框架 (Slim) 之上.
有关我使用的微框架的更多信息:
有关 Joomla RESTful API 包的更多信息:
它提供什么?
- 用于管理访问令牌、API 速率限制和其他 Slim 参数的控制面板
- 可插拔框架允许轻松合并新的 Web 服务路由(包括即将发布的新路由,用于 MySQL、MSSQL、LDAP 等)
- 基于 Joomla.这意味着您不必担心编写身份验证、访问控制、内容管理或其他框架.已经搞定了!
如何通过 URL 请求传递用户名和密码以创建登录会话的示例:
获取用户/登录名/:用户名/:密码
使用用户名和密码通过 Joomla 身份验证插件进行用户登录身份验证.请注意,由于凭据已传递到 URL,请注意它们可以存储在服务器日志中.API 流量必须通过安全 (HTTPS) 连接."
响应:JSON
示例请求:
GET https://yourdomain.com/api/v1/用户/登录/dynus.borvalds/3jf9LfjNdiw
示例响应:
{"msg": "Authenticated","jresponse": true,"session":"1a36eab5e2b102a979918ee049f15e27","error": false,"status": 200}然后可以使用会话 ID 强制注销该会话,方法如下:
GET user/logout/:user/:session
希望这能让您指明正确的方向.如果您有任何问题,请告诉我.
I'm writing a simple RESTful service, using Phil Sturgeon Rest Server. Can anyone provide me a solution for login using username and password. I am able to get all the json reponse without login.
Porblem 1 : $config['rest_auth'] = 'basic';
An Error Was Encountered
The configuration file ldap.php does not exist.
The same happens with
$config['rest_auth'] = 'digest';
I haven't used "ldap" earlier and don't know how it works apart from a few basic information. So could you please tell me what could be the reason for this error ?
Tried out Solutions
I changed the value of
$config['auth_source'] = 'ldap';to$config['auth_source'] = '';, Now REST Login Usernames are working for both basic and digest , ie;
$config['rest_auth'] = 'basic'; or $config['rest_auth'] = 'digest';.
$config['rest_valid_logins'] = ['admin' => '1234','sudheesh'=>'test'];
Prevailing issue : unable to use session for authentication
Tried the commented notes from Phil Sturgeon ie;
Note: If 'rest_auth' is set to 'session' then change 'auth_source' to the name of the session variable
How the session is created in MODEL, it is here :
if ($query->num_rows() == 1) {
// If there is a user, then create session data
$row = $query->row();
$data = array(
'id' => $row->id,
'name' => $row->full_name,
'email' => $row->email,
'phone' => $row->phone,
'acc_status' => $row->rec_status,
'validated' => true
);
$this->session->set_userdata($data);
//$this->session->set_authkey('1e957ebc35631ab22d5bd6526bd14ea2');
//print_r($data);
return $data;
Question is : How can I change the 'auth_source' to the name of the session variable ,
Right now it is
$config['auth_source'] = ''Do i have to change it to :
$config['validated'], if I do this am not getting the access , I have read here that:If you're tying this library into an AJAX endpoint where clients authenticate using PHP sessions then you may not like either of the digest nor basic authentication methods. In that case, you can tell the REST Library what PHP session variable to check for. If the variable exists, then the user is authorized. It will be up to your application to set that variable. You can define the variable in
$config['auth_source']. Then tell the library to use a php session variable by setting$config['rest_auth']tosession.
Is there any suggestions ?
Problem 2 : How can I grant API access to users with a valid username and password ?
Can anyone provide me with a function or detailed information on how to implement this ?
Other Doubts :
$config['rest_valid_logins'] = ['admin' => '1234'];
The description for this 'REST Login Usernames' says if ldap is configured this is ignored.
Question : How can I use this Array of usernames and passwords for login, without configuring LDAP.
REST Login Class and Function
This says, If library authentication is used define the class and function name.
The function should accept two parameters: class->function($username, $password).
In other cases override the function _perform_library_auth in your controller.
For digest authentication the library function should return already a stored md5(username:restrealm:password) for that username.
e.g: md5('admin:REST API:1234') = '1e957ebc35631ab22d5bd6526bd14ea2'
$config['auth_library_class'] = '';
$config['auth_library_function'] = '';
Question: Can I use this to allow users with a valid username and password to access the API ? If Yes , Do you have any functions already written to help in this scenario , any help would be highly appreciated. Thank you very much . If you know answers for any of my issues, please help. Thanks again.
Rather than attempt to address every single question posted by Sudheesh, I would like to propose an alternate solution.
Disclaimer: This is a commercial Joomla plugin, so please keep that in mind before proceeding...
Having experienced the same challenge as yourself, I ended up building a RESTful API framework for Joomla, powered by the Slim PHP micro-framework. This allowed me to leverage all the power of Slim, including it's standards-compliant routing architecture, request-type handling and much, much more. This also solved the problem of deal with authentication, access control, content management, database access, etc. because it runs on the Joomla CMS & Platform framework.
This solution provides exactly what you are looking for, easily extensible through plugins and is built on an already popular and well support RESTful API framework (Slim).
For more information on the micro-framework I used:
For more information on the Joomla RESTful API package:
What does it provide?
- Control Panel for managing access tokens, API rate limitation and other Slim parameters
- Pluggable framework allowing for easy incorporation of new web service routes (include new ones to be released soon, for MySQL, MSSQL, LDAP, etc.)
- Based on Joomla. This means you don't have to worry about writing the authentication, access control, content management or other framework. It's already done!
Examples of how username and password can be passed through to create a logged in session via a URL request:
GET user/login/:username/:password
"User login authentication via Joomla authentication plugins with username and password. Note that since credentials are passed into the URL, be aware that they can be stored in server logs. API traffic must traverse a secure (HTTPS) connection."
Response: JSON
Example request:
GET https://yourdomain.com/api/v1/user/login/dynus.borvalds/3jf9LfjNdiw
Example response:
{"msg": "Authenticated","jresponse": true,"session":"1a36eab5e2b102a979918ee049f15e27","error": false,"status": 200}
The session ID can then be used to force log-out for that session using the method:
GET user/logout/:user/:session
Hope this gets you pointed in the right direction. Let me know if you have any questions.
这篇关于RESTful 服务 - 使用 Phil Sturgeon Rest Server:使用用户名和密码验证用户的逻辑/功能?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
